Distribute image build across multiple runners #297

Workflow file for this run

.github/workflows/alpine-mainline.yml at 08e478a

	---
	name: Alpine Mainline
	on:
	pull_request:
	schedule:
	- cron: "0 0 * * 1"
	workflow_dispatch:
	jobs:
	version:
	name: Fetch NGINX mainline version
	runs-on: ubuntu-22.04
	outputs:
	major: ${{ steps.nginx_version.outputs.major }}
	minor: ${{ steps.nginx_version.outputs.minor }}
	patch: ${{ steps.nginx_version.outputs.patch }}
	distro: ${{ steps.distro_version.outputs.release }}
	steps:
	- name: Check out the codebase
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

	- name: Parse NGINX mainline version
	id: nginx_version
	run: \|
	echo "major=$(cat update.sh \| grep -m1 '\[mainline\]=' \| cut -d"'" -f2 \| cut -d"." -f1)" >> "$GITHUB_OUTPUT"
	echo "minor=$(cat update.sh \| grep -m1 '\[mainline\]=' \| cut -d"'" -f2 \| cut -d"." -f2)" >> "$GITHUB_OUTPUT"
	echo "patch=$(cat update.sh \| grep -m1 '\[mainline\]=' \| cut -d"'" -f2 \| cut -d"." -f3)" >> "$GITHUB_OUTPUT"

	- name: Parse Alpine version
	id: distro_version
	run: \|
	echo "release=$(cat update.sh \| grep -m5 '\[mainline\]=' \| tail -n1 \| cut -d"'" -f2)" >> "$GITHUB_OUTPUT"

	slim:
	name: Build Alpine NGINX mainline slim Docker image
	needs: [version]
	runs-on: ubuntu-22.04
	strategy:
	fail-fast: false
	matrix:
	platform: [linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/s390x]
	steps:
	- name: Check out the codebase
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

	- name: Set up QEMU
	uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0
	with:
	version: https://github.com/docker/buildx.git#e273a53c88832df6dceebd727a259cae2fd5be88

	# - name: Configure AWS credentials
	# if: ${{ github.event_name != 'pull_request' }}
	# uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
	# with:
	# aws-region: ${{ secrets.AWS_REGION }}
	# aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	# aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

	# - name: Login to Amazon ECR Public Gallery
	# if: ${{ github.event_name != 'pull_request' }}
	# uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
	# with:
	# registry: public.ecr.aws

	- name: Login to Docker Hub
	# if: ${{ github.event_name != 'pull_request' }}
	uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Login to GitHub Container Registry
	# if: ${{ github.event_name != 'pull_request' }}
	uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	# - name: Login to Quay
	# if: ${{ github.event_name != 'pull_request' }}
	# uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
	# with:
	# registry: quay.io
	# username: ${{ secrets.QUAY_USERNAME }}
	# password: ${{ secrets.QUAY_TOKEN }}

	- name: Extract metadata (annotations, labels, tags) for Docker
	id: meta
	uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
	with:
	images: \|
	ghcr.io/nginxinc/nginx-unprivileged
	tags: \|
	type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim-test
	type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-slim-test
	type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine-slim-test
	type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}-slim-test
	type=raw,value=${{ needs.version.outputs.major }}-alpine-slim-test
	type=raw,value=${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }}-slim-test
	type=raw,value=mainline-alpine-slim-test
	type=raw,value=mainline-alpine${{ needs.version.outputs.distro }}-slim-test
	type=raw,value=alpine-slim-test
	type=raw,value=alpine${{ needs.version.outputs.distro }}-slim-test

	- name: Build and push NGINX mainline slim Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay
	id: build
	uses: docker/build-push-action@af5a7ed5ba88268d5278f7203fb52cd833f66d6e # v5.2.0
	with:
	platforms: ${{ matrix.platform }}
	context: "{{ defaultContext }}:mainline/alpine-slim"
	labels: ${{ steps.meta.outputs.labels }}
	annotations: ${{ steps.meta.outputs.annotations }}
	outputs: type=image,"name=ghcr.io/nginxinc/nginx-unprivileged,docker.io/nginxinc/nginx-unprivileged",push-by-digest=true,name-canonical=true,push=true
	# push: ${{ github.event_name != 'pull_request' }}
	# cache-from: type=gha,scope=alpine-slim
	# cache-to: type=gha,mode=min,scope=alpine-slim

	- name: Export digest
	run: \|
	mkdir -p /tmp/digests
	digest="${{ steps.build.outputs.digest }}"
	touch "/tmp/digests/${digest#sha256:}"

	- name: Prepare env
	run: \|
	platform=${{ matrix.platform }}
	echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV

	- name: Upload digest
	uses: actions/upload-artifact@v4
	with:
	name: digests-${{ env.PLATFORM_PAIR }}
	path: /tmp/digests/*
	if-no-files-found: error
	retention-days: 1

	merge:
	runs-on: ubuntu-latest
	needs:
	- slim
	- version
	steps:
	- name: Download digests
	uses: actions/download-artifact@v4
	with:
	pattern: digests-*
	path: /tmp/digests
	merge-multiple: true

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3
	with:
	version: https://github.com/docker/buildx.git#e273a53c88832df6dceebd727a259cae2fd5be88

	- name: Extract metadata (annotations, labels, tags) for Docker
	id: meta
	uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
	with:
	images: \|
	ghcr.io/nginxinc/nginx-unprivileged
	docker.io/nginxinc/nginx-unprivileged
	tags: \|
	type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim-test
	type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-slim-test
	type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine-slim-test
	type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}-slim-test
	type=raw,value=${{ needs.version.outputs.major }}-alpine-slim-test
	type=raw,value=${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }}-slim-test
	type=raw,value=mainline-alpine-slim-test
	type=raw,value=mainline-alpine${{ needs.version.outputs.distro }}-slim-test
	type=raw,value=alpine-slim-test
	type=raw,value=alpine${{ needs.version.outputs.distro }}-slim-test
	env:
	DOCKER_METADATA_ANNOTATIONS_LEVELS: index

	- name: Login to Docker Hub
	# if: ${{ github.event_name != 'pull_request' }}
	uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Login to GitHub Container Registry
	# if: ${{ github.event_name != 'pull_request' }}
	uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Create manifest list and push
	working-directory: /tmp/digests
	run: \|
	set -x
	annotations=$(jq -cr '.annotations \| map((split("=")[0] + "=\"" + split("=")[1] + "\"") \| "--annotation " + .) \| join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON")
	tags=$(jq -cr '.tags \| map("-t " + .) \| join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON")
	eval "docker buildx imagetools create $annotations $tags $(printf 'ghcr.io/nginxinc/nginx-unprivileged@sha256:%s ' *)"

	- name: Inspect image
	run: \|
	docker buildx imagetools inspect ghcr.io/nginxinc/nginx-unprivileged:alpine-slim-test
	docker buildx imagetools inspect docker.io/nginxinc/nginx-unprivileged:alpine-slim-test

	# - name: Sign Docker Hub Manifest
	# if: ${{ github.event_name != 'pull_request' }}
	# run: \|
	# set -ex
	# sudo apt update
	# sudo apt install -y notary
	# mkdir -p ~/.docker/trust/private
	# echo "$DOCKER_CONTENT_TRUST_REPOSITORY_KEY" > ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key
	# chmod 0400 ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key
	# docker trust key load ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key --name nginx
	# DIGEST=$(printf '${{ steps.build.outputs.metadata }}' \| jq -r '."containerimage.descriptor".digest' \| cut -d ':' -f2)
	# SIZE=$(printf '${{ steps.build.outputs.metadata }}' \| jq -r '."containerimage.descriptor".size')
	# export NOTARY_AUTH=$(printf "${{ secrets.DOCKERHUB_USERNAME }}:${{ secrets.DOCKERHUB_TOKEN }}" \| base64 -w0)
	# notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim $SIZE --sha256 $DIGEST --publish --verbose
	# notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-slim $SIZE --sha256 $DIGEST --publish --verbose
	# notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine-slim $SIZE --sha256 $DIGEST --publish --verbose
	# notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}-slim $SIZE --sha256 $DIGEST --publish --verbose
	# notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}-alpine-slim $SIZE --sha256 $DIGEST --publish --verbose
	# notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }}-slim $SIZE --sha256 $DIGEST --publish --verbose
	# notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged mainline-alpine-slim $SIZE --sha256 $DIGEST --publish --verbose
	# notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged mainline-alpine${{ needs.version.outputs.distro }}-slim $SIZE --sha256 $DIGEST --publish --verbose
	# notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged alpine-slim $SIZE --sha256 $DIGEST --publish --verbose
	# notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged alpine${{ needs.version.outputs.distro }}-slim $SIZE --sha256 $DIGEST --publish --verbose
	# env:
	# DOCKER_CONTENT_TRUST_REPOSITORY_KEY: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY }}
	# DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID }}
	# DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }}
	# NOTARY_TARGETS_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }}

	# core:
	# name: Build Alpine NGINX mainline Docker image
	# runs-on: ubuntu-22.04
	# strategy:
	# fail-fast: false
	# needs: [version, slim]
	# steps:
	# - name: Check out the codebase
	# uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

	# - name: Set up QEMU
	# uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0

	# - name: Set up Docker Buildx
	# uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0

	# - name: Configure AWS credentials
	# if: ${{ github.event_name != 'pull_request' }}
	# uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
	# with:
	# aws-region: ${{ secrets.AWS_REGION }}
	# aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	# aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

	# - name: Login to Amazon ECR Public Gallery
	# if: ${{ github.event_name != 'pull_request' }}
	# uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
	# with:
	# registry: public.ecr.aws

	# - name: Login to Docker Hub
	# if: ${{ github.event_name != 'pull_request' }}
	# uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
	# with:
	# username: ${{ secrets.DOCKERHUB_USERNAME }}
	# password: ${{ secrets.DOCKERHUB_TOKEN }}

	# - name: Login to GitHub Container Registry
	# if: ${{ github.event_name != 'pull_request' }}
	# uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
	# with:
	# registry: ghcr.io
	# username: ${{ github.actor }}
	# password: ${{ secrets.GITHUB_TOKEN }}

	# - name: Login to Quay
	# if: ${{ github.event_name != 'pull_request' }}
	# uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
	# with:
	# registry: quay.io
	# username: ${{ secrets.QUAY_USERNAME }}
	# password: ${{ secrets.QUAY_TOKEN }}

	# - name: Extract metadata (tags, labels) for Docker
	# id: meta
	# uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
	# with:
	# images: \|
	# docker.io/nginxinc/nginx-unprivileged
	# ghcr.io/nginxinc/nginx-unprivileged
	# public.ecr.aws/nginx/nginx-unprivileged
	# quay.io/nginx/nginx-unprivileged
	# tags: \|
	# type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine
	# type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}
	# type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine
	# type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}
	# type=raw,value=${{ needs.version.outputs.major }}-alpine
	# type=raw,value=${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }}
	# type=raw,value=mainline-alpine
	# type=raw,value=mainline-alpine${{ needs.version.outputs.distro }}
	# type=raw,value=alpine
	# type=raw,value=alpine${{ needs.version.outputs.distro }}

	# - name: Build and push NGINX mainline Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay
	# id: build
	# uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
	# with:
	# platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/s390x
	# context: "{{ defaultContext }}:mainline/alpine"
	# tags: ${{ steps.meta.outputs.tags }}
	# labels: ${{ steps.meta.outputs.labels }}
	# push: ${{ github.event_name != 'pull_request' }}
	# # cache-from: type=gha,scope=debian-perl
	# # cache-to: type=gha,mode=min,scope=debian-perl

	# - name: Sign Docker Hub Manifest
	# if: ${{ github.event_name != 'pull_request' }}
	# run: \|
	# set -ex
	# sudo apt update
	# sudo apt install -y notary
	# mkdir -p ~/.docker/trust/private
	# echo "$DOCKER_CONTENT_TRUST_REPOSITORY_KEY" > ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key
	# chmod 0400 ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key
	# docker trust key load ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key --name nginx
	# DIGEST=$(printf '${{ steps.build.outputs.metadata }}' \| jq -r '."containerimage.descriptor".digest' \| cut -d ':' -f2)
	# SIZE=$(printf '${{ steps.build.outputs.metadata }}' \| jq -r '."containerimage.descriptor".size')
	# export NOTARY_AUTH=$(printf "${{ secrets.DOCKERHUB_USERNAME }}:${{ secrets.DOCKERHUB_TOKEN }}" \| base64 -w0)
	# notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine $SIZE --sha256 $DIGEST --publish --verbose
	# notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }} $SIZE --sha256 $DIGEST --publish --verbose
	# notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine $SIZE --sha256 $DIGEST --publish --verbose
	# notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }} $SIZE --sha256 $DIGEST --publish --verbose
	# notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}-alpine $SIZE --sha256 $DIGEST --publish --verbose
	# notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }} $SIZE --sha256 $DIGEST --publish --verbose
	# notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged mainline-alpine $SIZE --sha256 $DIGEST --publish --verbose
	# notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged mainline-alpine${{ needs.version.outputs.distro }} $SIZE --sha256 $DIGEST --publish --verbose
	# notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged alpine $SIZE --sha256 $DIGEST --publish --verbose
	# notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged alpine${{ needs.version.outputs.distro }} $SIZE --sha256 $DIGEST --publish --verbose
	# env:
	# DOCKER_CONTENT_TRUST_REPOSITORY_KEY: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY }}
	# DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID }}
	# DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }}
	# NOTARY_TARGETS_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }}

	# perl:
	# name: Build Alpine NGINX mainline perl Docker image
	# runs-on: ubuntu-22.04
	# strategy:
	# fail-fast: false
	# needs: [version, core]
	# steps:
	# - name: Check out the codebase
	# uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

	# - name: Set up QEMU
	# uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0

	# - name: Set up Docker Buildx
	# uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0

	# - name: Configure AWS credentials
	# if: ${{ github.event_name != 'pull_request' }}
	# uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
	# with:
	# aws-region: ${{ secrets.AWS_REGION }}
	# aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	# aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

	# - name: Login to Amazon ECR Public Gallery
	# if: ${{ github.event_name != 'pull_request' }}
	# uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
	# with:
	# registry: public.ecr.aws

	# - name: Login to Docker Hub
	# if: ${{ github.event_name != 'pull_request' }}
	# uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
	# with:
	# username: ${{ secrets.DOCKERHUB_USERNAME }}
	# password: ${{ secrets.DOCKERHUB_TOKEN }}

	# - name: Login to GitHub Container Registry
	# if: ${{ github.event_name != 'pull_request' }}
	# uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
	# with:
	# registry: ghcr.io
	# username: ${{ github.actor }}
	# password: ${{ secrets.GITHUB_TOKEN }}

	# - name: Login to Quay
	# if: ${{ github.event_name != 'pull_request' }}
	# uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
	# with:
	# registry: quay.io
	# username: ${{ secrets.QUAY_USERNAME }}
	# password: ${{ secrets.QUAY_TOKEN }}

	# - name: Extract metadata (tags, labels) for Docker
	# id: meta
	# uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
	# with:
	# images: \|
	# docker.io/nginxinc/nginx-unprivileged
	# ghcr.io/nginxinc/nginx-unprivileged
	# public.ecr.aws/nginx/nginx-unprivileged
	# quay.io/nginx/nginx-unprivileged
	# tags: \|
	# type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-perl
	# type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-perl
	# type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine-perl
	# type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}-perl
	# type=raw,value=${{ needs.version.outputs.major }}-alpine-perl
	# type=raw,value=${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }}-perl
	# type=raw,value=mainline-alpine-perl
	# type=raw,value=mainline-alpine${{ needs.version.outputs.distro }}-perl
	# type=raw,value=alpine-perl
	# type=raw,value=alpine${{ needs.version.outputs.distro }}-perl

	# - name: Build and push NGINX mainline perl Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay
	# id: build
	# uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
	# with:
	# platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/s390x
	# context: "{{ defaultContext }}:mainline/alpine-perl"
	# tags: ${{ steps.meta.outputs.tags }}
	# labels: ${{ steps.meta.outputs.labels }}
	# push: ${{ github.event_name != 'pull_request' }}
	# # cache-from: type=gha,scope=alpine-perl
	# # cache-to: type=gha,mode=min,scope=alpine-perl

	# - name: Sign Docker Hub Manifest
	# if: ${{ github.event_name != 'pull_request' }}
	# run: \|
	# set -ex
	# sudo apt update
	# sudo apt install -y notary
	# mkdir -p ~/.docker/trust/private
	# echo "$DOCKER_CONTENT_TRUST_REPOSITORY_KEY" > ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key
	# chmod 0400 ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key
	# docker trust key load ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key --name nginx
	# DIGEST=$(printf '${{ steps.build.outputs.metadata }}' \| jq -r '."containerimage.descriptor".digest' \| cut -d ':' -f2)
	# SIZE=$(printf '${{ steps.build.outputs.metadata }}' \| jq -r '."containerimage.descriptor".size')
	# export NOTARY_AUTH=$(printf "${{ secrets.DOCKERHUB_USERNAME }}:${{ secrets.DOCKERHUB_TOKEN }}" \| base64 -w0)
	# notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-perl $SIZE --sha256 $DIGEST --publish --verbose
	# notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-perl $SIZE --sha256 $DIGEST --publish --verbose
	# notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine-perl $SIZE --sha256 $DIGEST --publish --verbose
	# notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}-perl $SIZE --sha256 $DIGEST --publish --verbose
	# notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}-alpine-perl $SIZE --sha256 $DIGEST --publish --verbose
	# notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }}-perl $SIZE --sha256 $DIGEST --publish --verbose
	# notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged mainline-alpine-perl $SIZE --sha256 $DIGEST --publish --verbose
	# notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged mainline-alpine${{ needs.version.outputs.distro }}-perl $SIZE --sha256 $DIGEST --publish --verbose
	# notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged alpine-perl $SIZE --sha256 $DIGEST --publish --verbose
	# notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged alpine${{ needs.version.outputs.distro }}-perl $SIZE --sha256 $DIGEST --publish --verbose
	# env:
	# DOCKER_CONTENT_TRUST_REPOSITORY_KEY: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY }}
	# DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID }}
	# DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }}
	# NOTARY_TARGETS_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }}

	# cleanup:
	# name: Delete untagged Alpine NGINX mainline Docker images on the Amazon ECR Public Gallery and the GitHub Container Registry
	# if: ${{ github.event_name != 'pull_request' }}
	# runs-on: ubuntu-22.04
	# strategy:
	# fail-fast: false
	# needs: [slim, core, perl]
	# steps:
	# - name: Check out the codebase
	# uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

	# - name: Configure AWS credentials
	# uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
	# with:
	# aws-region: ${{ secrets.AWS_REGION }}
	# aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	# aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

	# - name: Delete untagged Alpine NGINX mainline Docker images on the Amazon ECR Public Gallery
	# run: \|
	# .github/workflows/scripts/delete-untagged-amazon-public-ecr-images.sh

	# - name: Delete untagged Alpine NGINX mainline Docker images on the GitHub Container Registry
	# uses: stumpylog/image-cleaner-action/untagged@9255a1b3b8ca44b3e5887e2168155223b277ca1d # v0.5.0
	# with:
	# is_org: true
	# owner: nginxinc
	# package_name: nginx-unprivileged
	# do_delete: true
	# token: ${{ secrets.GITHUB_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Distribute image build across multiple runners #297

Workflow file

Distribute image build across multiple runners #297

Jobs

Run details

Workflow file for this run