Skip to content

fixup! [actions] upload docker image tar to artifacts #278

fixup! [actions] upload docker image tar to artifacts

fixup! [actions] upload docker image tar to artifacts #278

Workflow file for this run

#
# Copyright (c) 2023, The OpenThread Authors.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# 3. Neither the name of the copyright holder nor the
# names of its contributors may be used to endorse or promote products
# derived from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#
name: Docker
env:
BASE_IMAGE: siliconlabsinc/ot-efr32-dev:base
SHA_TAG: siliconlabsinc/ot-efr32-dev:${{ github.sha }}
LATEST_TAG: siliconlabsinc/ot-efr32-dev:latest
DOCKER_IMAGE_ARTIFACT_NAME: ot-efr32-dev-image-${{ github.sha }}-${{ github.event_name}}.tar
on:
push:
branches-ignore:
- 'dependabot/**'
# pull_request:
# branches:
# - 'main'
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || (github.repository == 'openthread/ot-efr32' && github.run_id) || github.ref }}
cancel-in-progress: true
permissions: # added using https://github.com/step-security/secure-workflows
contents: read
jobs:
build:
name: Build Docker Image
runs-on: ubuntu-22.04
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- uses: actions/checkout@v4 # v3.3.0
with:
submodules: true
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
- name: Build and export to Docker context (Base image)
uses: docker/build-push-action@v5
with:
context: .
file: docker/Dockerfile
load: true
target: base
platforms:
linux/amd64
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Build and export to Docker context (ot-efr32-dev)
uses: docker/build-push-action@v5
with:
context: .
file: docker/Dockerfile
load: true
platforms:
linux/amd64
tags: |
${{ env.SHA_TAG }}
no-cache: true
outputs: type=docker,dest=/tmp/${{ env.DOCKER_IMAGE_ARTIFACT_NAME}}
- name: Inspect Docker image
run: docker inspect ${{ env.SHA_TAG }}
- name: Container image sanity checks
run: |
# Download container-structure-test
curl -LO https://storage.googleapis.com/container-structure-test/latest/container-structure-test-linux-amd64 \
&& chmod +x container-structure-test-linux-amd64
# Run tests
./container-structure-test-linux-amd64 test --config docker/test-ot-efr32-dev.yml --image ${{ env.SHA_TAG }}
- name: Export Docker image to tarball
uses: docker/build-push-action@v5
with:
context: .
file: docker/Dockerfile
platforms:
linux/amd64
tags: |
${{ env.SHA_TAG }}
outputs: type=docker,dest=/tmp/${{ env.DOCKER_IMAGE_ARTIFACT_NAME}}
# - name: Create LFS file hash list
# run: git -C third_party/silabs/gecko_sdk lfs ls-files -l | cut -d' ' -f1 | sort > .lfs-assets-id
# - name: Restore gecko_sdk LFS cache
# uses: actions/cache@v4
# id: lfs-cache
# with:
# path: .git/modules/third_party/silabs/gecko_sdk/lfs
# key: lfs-${{ hashFiles('.lfs-assets-id') }}
# - name: Git LFS Pull
# run: git -C third_party/silabs/gecko_sdk lfs pull
# - name: Test build inside container
# run: |
# docker run -v ${{ github.workspace }}:/ot-efr32/ --user $(id -u) --rm ${{ env.SHA_TAG }} script/build --skip-silabs-apps brd4151a
- name: Upload docker image
uses: actions/[email protected]
with:
name: ${{ env.DOCKER_IMAGE_ARTIFACT_NAME }}
path: /tmp/${{ env.DOCKER_IMAGE_ARTIFACT_NAME }}
publish:
name: Publish to DockerHub
runs-on: ubuntu-22.04
needs: [build]
if: |
github.repository == 'SiliconLabs/ot-efr32' &&
github.event_name != 'pull_request'
steps:
- name: Login to DockerHub
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Download Docker image
id: download
uses: actions/[email protected]
with:
name: ${{ env.DOCKER_IMAGE_ARTIFACT_NAME }}
path: /tmp
- name: Load Docker image
run: |
docker load --input ${{ steps.download.outputs.download-path }}/${{ env.DOCKER_IMAGE_ARTIFACT_NAME }}
docker image ls -a
- name: Build and push
uses: docker/build-push-action@v5
with:
file: docker/ot-efr32-dev.Dockerfile
push: true
tags: ${{ env.SHA_TAG }}
platforms:
linux/amd64
- name: Tag `latest` and push
uses: docker/build-push-action@v5
if: github.ref == 'refs/heads/main'
with:
file: docker/ot-efr32-dev.Dockerfile
push: true
tags: ${{ env.LATEST_TAG }}
platforms:
linux/amd64