-
Notifications
You must be signed in to change notification settings - Fork 32
137 lines (116 loc) · 4.17 KB
/
docker-publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
name: Docker
on:
push:
branches: [ "main" ]
paths:
- Dockerfile
- .github/workflows/docker-publish.yml
- build_container.sh
- Dockerfile.riscv64
- riscv64/*
pull_request:
branches: [ "main" ]
paths:
- Dockerfile
- .github/workflows/docker-publish.yml
- build_container.sh
- Dockerfile.riscv64
- riscv64/*
jobs:
build:
runs-on: ubuntu-latest
permissions:
packages: write
contents: read
attestations: write
id-token: write
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Docker Hub
if: ${{ github.event_name != 'pull_request' }}
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_ACCOUNT_ID }}
password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
- name: Generate metadata for Docker
# NOTE: The tag contains the full docker container name + tag as it is requested
# by the build-and-push step.
run: |
REGISTRY=$(./docker.sh print-registry)
echo "REGISTRY=${REGISTRY}" >> $GITHUB_ENV
echo "Registry to be published is: ${REGISTRY}"
IMAGE_NAME=$(./docker.sh print-image-name)
echo "IMAGE_NAME=${IMAGE_NAME}" >> $GITHUB_ENV
echo "Image name to be published is: ${IMAGE_NAME}"
NEXT_VERSION=$(./docker.sh print-next-version)
echo "VERSION=${NEXT_VERSION}" >> $GITHUB_ENV
echo "Next version to be published is: ${NEXT_VERSION}"
- name: Build and push Docker image
id: build-and-push
uses: docker/build-push-action@v6
with:
context: .
file: Dockerfile
push: ${{ github.event_name != 'pull_request' }}
# This is needed so that a manifest is created, and we can have the same
# docker container on both x86_64 and arm64.
platforms: linux/amd64,linux/arm64
tags: ${{ env.VERSION }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Generate artifact attestation
if: ${{ github.event_name != 'pull_request' }}
uses: actions/attest-build-provenance@v1
with:
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
subject-digest: ${{ steps.build-and-push.outputs.digest }}
push-to-registry: true
build-riscv:
runs-on: ubuntu-latest
permissions:
packages: write
contents: read
attestations: write
id-token: write
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Docker Hub
if: ${{ github.event_name != 'pull_request' }}
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_ACCOUNT_ID }}
password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
- name: Generate metadata for Docker
run: |
REGISTRY=$(./docker.sh print-registry)
echo "REGISTRY=${REGISTRY}" >> $GITHUB_ENV
echo "Registry to be published is: ${REGISTRY}"
IMAGE_NAME=$(./docker.sh print-image-name)
echo "IMAGE_NAME=${IMAGE_NAME}" >> $GITHUB_ENV
echo "Image name to be published is: ${IMAGE_NAME}"
NEXT_VERSION=$(./docker.sh print-next-version)
echo "VERSION=${NEXT_VERSION}" >> $GITHUB_ENV
echo "Next version to be published is: ${NEXT_VERSION}"
- name: Build RISC-V rootfs
id: build-riscv-rootfs
uses: docker/build-push-action@v6
with:
context: .
file: Dockerfile.riscv64_rootfs
push: false
load: true
platforms: linux/amd64
tags: rootfs
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Convert rootfs to raw image
run: |
mkdir /opt/rootfs
cat ./riscv64/rootfs_finalize.sh
docker run --privileged --volume ./riscv64/rootfs_finalize.sh:/rootfs_finalize.sh --volume /opt/rootfs:/rootfs ubuntu:22.04 /rootfs_finalize.sh