Skip to content

Simplify docker build and push workflow #76

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Jan 26, 2022
Merged

Simplify docker build and push workflow #76

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
df0dfe7
Simplify build-and-push workflow
Xerkus Jan 24, 2022
37f9832
Use docker meta action
Xerkus Jan 25, 2022
a984051
Drop commented out target for docker build
Xerkus Jan 26, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
68 changes: 23 additions & 45 deletions .github/workflows/build-and-push-containers.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,65 +11,43 @@ jobs:
env:
DOCKER_USER: ${{ secrets.CONTAINER_USERNAME }}
steps:
- name: Compile tag list
id: tags
run: |
TAG=${GITHUB_REF/refs\/tags\//}
PREFIX=ghcr.io/laminas/laminas-continuous-integration
MAJOR="${PREFIX}:$(echo ${TAG} | cut -d. -f1)"
MINOR="${MAJOR}.$(echo ${TAG} | cut -d. -f2)"
PATCH="${PREFIX}:${TAG}"
echo "::set-output name=tags::[\"${MAJOR}\",\"${MINOR}\",\"${PATCH}\"]"

- name: Checkout
uses: actions/checkout@v2

- name: Setup QEMU
uses: docker/setup-qemu-action@v1

- name: Setup Docker Buildx
uses: docker/setup-buildx-action@v1
with:
install: true

- name: Login to GitHub Container Registry
if: ${{ env.DOCKER_USER }}
if: ${{ github.event_name == 'release' }}
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ env.DOCKER_USER }}
password: ${{ secrets.CONTAINER_PAT }}

- name: Build and push for release
if: ${{ github.event_name == 'release' }}
uses: docker/build-push-action@v2
with:
context: .
file: ./Dockerfile
platforms: linux/amd64
pull: true
push: true
tags: ${{ join(fromJSON(steps.tags.outputs.tags), ',') }}
cache-from: type=registry,ref=ghcr.io/laminas/laminas-continuous-integration-action:build-cache
cache-to: type=registry,ref=ghcr.io/laminas/laminas-continuous-integration-action:build-cache,mode=max
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
Comment on lines 22 to +28
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actions token works for GHCR because package has this repository added with write access for actions.

Link for reference for TSC members: https://github.com/orgs/laminas/packages/container/laminas-continuous-integration/settings


- name: Build for local pull request
if: ${{ github.event_name == 'pull_request' && env.DOCKER_USER }}
uses: docker/build-push-action@v2
- name: Docker meta
id: docker_meta
uses: docker/metadata-action@v3
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given that for us, git tag === image tag, why not skip this action completely, and just get the tag from github.ref_name + github.ref_type === 'tag' ?

That would remove he need for this third-party to be involved.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why not skip this action completely

It have sanity checks and validations in place. Action that was used here failed immediately when used with ref for PR.

with:
context: .
file: ./Dockerfile
platforms: linux/amd64
pull: true
push: false
cache-from: type=registry,ref=ghcr.io/laminas/laminas-continuous-integration-action:build-cache
cache-to: type=registry,ref=ghcr.io/laminas/laminas-continuous-integration-action:build-cache,mode=max

- name: Build for fork pull request
if: ${{ github.event_name == 'pull_request' && ! env.DOCKER_USER }}
images: ghcr.io/laminas/laminas-continuous-integration
tags: |
type=semver,pattern={{version}}
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

{{version}} is shorthand for {{major}}.{{minor}}.{{patch}}
It uses tag ref associated with release to extract version info.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Checking the docs, type=semver seems wrong, as it expects the tag to be v1.2.3, while we tag 1.2.3: https://github.com/docker/metadata-action#typesemver

https://github.com/docker/metadata-action#typepep440 seems to be more connected

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

semver is correct. v prefix is dropped and ignored

type=ref,event=branch
type=ref,event=pr
flavor: |
latest=false

- name: Build image. Push for release
uses: docker/build-push-action@v2
with:
context: .
file: ./Dockerfile
platforms: linux/amd64
pull: true
push: false
cache-from: type=registry,ref=ghcr.io/laminas/laminas-continuous-integration-action:build-cache
push: ${{ github.event_name == 'release' }}
tags: |
${{ steps.docker_meta.outputs.tags }}
labels: ${{ steps.docker_meta.outputs.labels }}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this fetched from the LABEL blocks in Dockerfile? If so, I can totally see the value in using the docker/metadata-action, although it's weird that these aren't simply fetched from the LABEL blocks in this step directly 🤔

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, those are populated from action context, you can see output in log for metadata step:

Docker tags
  ghcr.io/laminas/laminas-continuous-integration:pr-76
Docker labels
  org.opencontainers.image.title=laminas-continuous-integration-action
  org.opencontainers.image.description=GitHub Action for running a QA check
  org.opencontainers.image.url=https://github.com/laminas/laminas-continuous-integration-action
  org.opencontainers.image.source=https://github.com/laminas/laminas-continuous-integration-action
  org.opencontainers.image.version=pr-76
  org.opencontainers.image.created=2022-01-25T00:22:31.500Z
  org.opencontainers.image.revision=2b0bbcc594923f10ac377486321ba0e1fd8cc366
  org.opencontainers.image.licenses=BSD-3-Clause

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LABEL in dockerfile are already applied and those don't need to be specified at runtime

cache-from: type=gha
cache-to: type=gha,mode=max