From ed780e292bda28824852c72a5855f8ca9407f6fe Mon Sep 17 00:00:00 2001 From: Matt Kilgore Date: Tue, 8 Oct 2024 15:46:10 -0400 Subject: [PATCH] chore: split arm docker builds into their own tags (#264) Reduces overall build times significantly, and reduces the chances of architecture specific issues causing build timeouts. BREAKING CHANGE: Those using ARM based architecture docker installations will need to update the tag they use to have the `-arm` suffix. --- .github/workflows/docker-publish-arm.yaml | 107 +++++++++++++++++ .../docker-publish-rootless-arm.yaml | 108 ++++++++++++++++++ .../workflows/docker-publish-rootless.yaml | 2 +- .github/workflows/docker-publish.yaml | 2 +- 4 files changed, 217 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/docker-publish-arm.yaml create mode 100644 .github/workflows/docker-publish-rootless-arm.yaml diff --git a/.github/workflows/docker-publish-arm.yaml b/.github/workflows/docker-publish-arm.yaml new file mode 100644 index 00000000..70564126 --- /dev/null +++ b/.github/workflows/docker-publish-arm.yaml @@ -0,0 +1,107 @@ +name: Docker publish + +on: + schedule: + - cron: '00 0 * * *' + push: + branches: [ "main" ] + paths: + - 'backend/**' + - 'frontend/**' + - 'Dockerfile' + - 'Dockerfile.rootless' + - '.dockerignore' + - '.github/workflows' + # Publish semver tags as releases. + tags: [ 'v*.*.*' ] + pull_request: + branches: [ "main" ] + paths: + - 'backend/**' + - 'frontend/**' + - 'Dockerfile' + - 'Dockerfile.rootless' + - '.dockerignore' + - '.github/workflows' + +env: + # Use docker.io for Docker Hub if empty + REGISTRY: ghcr.io + # github.repository as / + IMAGE_NAME: ${{ github.repository }} + + +jobs: + build: + + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + # This is used to complete the identity challenge + # with sigstore/fulcio when running outside of PRs. + attestations: write + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + # Set up BuildKit Docker container builder to be able to build + # multi-platform images and export cache + # https://github.com/docker/setup-buildx-action + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3.0.0 # v3.0.0 + + # Login against a Docker registry except on PR + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@v3.0.0 # v3.0.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v5.0.0 # v5.0.0 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=schedule,pattern=nightly + flavor: | + suffix=-arm,onlatest=true + + # Build and push Docker image with Buildx (don't push on PR) + # https://github.com/docker/build-push-action + - name: Build and push Docker image + id: build-and-push + uses: docker/build-push-action@v5.0.0 # v5.0.0 + with: + context: . + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + platforms: linux/arm64,linux/arm/v7 + cache-from: type=gha + cache-to: type=gha,mode=max + build-args: | + VERSION=${{ github.ref_name }} + COMMIT=${{ github.sha }} + + - name: Attest + uses: actions/attest-build-provenance@v1 + id: attest + if: ${{ github.event_name != 'pull_request' }} + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + subject-digest: ${{ steps.build-and-push.outputs.digest }} + push-to-registry: true diff --git a/.github/workflows/docker-publish-rootless-arm.yaml b/.github/workflows/docker-publish-rootless-arm.yaml new file mode 100644 index 00000000..65c36cf5 --- /dev/null +++ b/.github/workflows/docker-publish-rootless-arm.yaml @@ -0,0 +1,108 @@ +name: Docker publish rootless + +on: + schedule: + - cron: '00 0 * * *' + push: + branches: [ "main" ] + paths: + - 'backend/**' + - 'frontend/**' + - 'Dockerfile' + - 'Dockerfile.rootless' + - '.dockerignore' + - '.github/workflows' + # Publish semver tags as releases. + tags: [ 'v*.*.*' ] + pull_request: + branches: [ "main" ] + paths: + - 'backend/**' + - 'frontend/**' + - 'Dockerfile' + - 'Dockerfile.rootless' + - '.dockerignore' + - '.github/workflows' + + +env: + # Use docker.io for Docker Hub if empty + REGISTRY: ghcr.io + # github.repository as / + IMAGE_NAME: ${{ github.repository }} + + +jobs: + build-rootless: + + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + # This is used to complete the identity challenge + # with sigstore/fulcio when running outside of PRs. + attestations: write + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + # Set up BuildKit Docker container builder to be able to build + # multi-platform images and export cache + # https://github.com/docker/setup-buildx-action + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3.0.0 # v3.0.0 + + # Login against a Docker registry except on PR + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@v3.0.0 # v3.0.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: metadata + uses: docker/metadata-action@v5.0.0 # v5.0.0 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=schedule,pattern=nightly + flavor: | + suffix=-rootless-arm,onlatest=true + + # Build and push Docker image with Buildx (don't push on PR) + # https://github.com/docker/build-push-action + - name: Build and push Docker image + id: build-and-push + uses: docker/build-push-action@v5.0.0 # v5.0.0 + with: + context: . + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.metadata.outputs.tags }} + labels: ${{ steps.metadata.outputs.labels }} + platforms: linux/arm64,linux/arm/v7 + cache-from: type=gha + cache-to: type=gha,mode=max + build-args: | + VERSION=${{ github.ref_name }} + COMMIT=${{ github.sha }} + + - name: Attest + uses: actions/attest-build-provenance@v1 + id: attest + if: ${{ github.event_name != 'pull_request' }} + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + subject-digest: ${{ steps.build-and-push.outputs.digest }} + push-to-registry: true diff --git a/.github/workflows/docker-publish-rootless.yaml b/.github/workflows/docker-publish-rootless.yaml index 745c089b..f5d022c6 100644 --- a/.github/workflows/docker-publish-rootless.yaml +++ b/.github/workflows/docker-publish-rootless.yaml @@ -91,7 +91,7 @@ jobs: push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.metadata.outputs.tags }} labels: ${{ steps.metadata.outputs.labels }} - platforms: linux/amd64,linux/arm64,linux/arm/v7 + platforms: linux/amd64 cache-from: type=gha cache-to: type=gha,mode=max build-args: | diff --git a/.github/workflows/docker-publish.yaml b/.github/workflows/docker-publish.yaml index cf05d993..ab226bdb 100644 --- a/.github/workflows/docker-publish.yaml +++ b/.github/workflows/docker-publish.yaml @@ -88,7 +88,7 @@ jobs: push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - platforms: linux/amd64,linux/arm64,linux/arm/v7 + platforms: linux/amd64 cache-from: type=gha cache-to: type=gha,mode=max build-args: |