fix: install mesa-gl 24.1.0 due to libgallium missing (#44) #353
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: [ main ] | |
pull_request: | |
branches: [ main ] | |
env: | |
DOCKER_REPOSITORY: quay.io/unstructured-io | |
DOCKER_BUILD_REPOSITORY: quay.io/unstructured-io/build-base-images | |
DOCKER_IMAGE: base-images | |
jobs: | |
set-short-sha: | |
runs-on: ubuntu-latest | |
outputs: | |
short_sha: ${{ steps.set_short_sha.outputs.short_sha }} | |
steps: | |
- name: Set Short SHA | |
id: set_short_sha | |
run: echo "short_sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT | |
build-images: | |
strategy: | |
matrix: | |
architecture: ["arm64", "amd64"] | |
# NOTE(robinson) - temporarily disabled rocky due to build failures | |
image: ["wolfi-base", "wolfi-py3.12-slim"] # ["rocky9.2-gpu", "rocky9.2-slim", "rocky9.2-cpu"] | |
runs-on: ubuntu-latest-m | |
needs: [set-short-sha] | |
env: | |
SHORT_SHA: ${{ needs.set-short-sha.outputs.short_sha }} | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Login to Quay.io | |
# build-base-images pushes images to quay.io when on the main branch | |
uses: docker/login-action@v2 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_IO_ROBOT_USERNAME }} | |
password: ${{ secrets.QUAY_IO_ROBOT_TOKEN }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Download APKs for chainguard/wolfi-base | |
env: | |
ARCH: ${{ matrix.architecture }} | |
if: matrix.image == 'wolfi-base' | |
run: make docker-dl-wolfi-packages | |
- name: Build base images | |
run: make build-base-images | |
env: | |
DOCKER_PLATFORM: linux/${{ matrix.architecture }} | |
DOCKERFILE: ${{ matrix.image }} | |
CI: "true" | |
- name: Print images | |
run: docker images | |
- name: Scan image for vulnerabilities | |
uses: anchore/scan-action@v3 | |
with: | |
image: "${{ env.DOCKER_BUILD_REPOSITORY }}:${{ matrix.image }}-${{ matrix.architecture }}-${{ env.SHORT_SHA }}" | |
severity-cutoff: high | |
fail-build: ${{ ( matrix.image == 'wolfi-base' || matrix.image == 'wolfi-py3.12-slim' ) }} | |
output-format: table | |
publish-images: | |
strategy: | |
matrix: | |
# NOTE(robinson) - temporarily disabled rocky due to build failures | |
image: ["wolfi-base", "wolfi-py3.12-slim"] # "rocky9.2-gpu","rocky9.2-slim", "rocky9.2-cpu" ] | |
env: | |
SHORT_SHA: ${{ needs.set-short-sha.outputs.short_sha }} | |
runs-on: ubuntu-latest | |
if: github.ref == 'refs/heads/main' | |
needs: [set-short-sha, build-images] | |
steps: | |
- uses: docker/setup-buildx-action@v1 | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Login to Quay.io | |
uses: docker/login-action@v2 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_IO_ROBOT_USERNAME }} | |
password: ${{ secrets.QUAY_IO_ROBOT_TOKEN }} | |
- name: Pull AMD image | |
run: | | |
docker pull --platform linux/amd64 $DOCKER_BUILD_REPOSITORY:${{ matrix.image }}-amd64-${{ env.SHORT_SHA }} | |
docker tag $DOCKER_BUILD_REPOSITORY:${{ matrix.image }}-amd64-${{ env.SHORT_SHA }} $DOCKER_BUILD_REPOSITORY:${{ matrix.image }}-amd64 | |
docker push $DOCKER_BUILD_REPOSITORY:${{ matrix.image }}-amd64 | |
- name: Pull ARM image | |
run: | | |
docker pull --platform linux/arm64 $DOCKER_BUILD_REPOSITORY:${{ matrix.image }}-arm64-${{ env.SHORT_SHA }} | |
docker tag $DOCKER_BUILD_REPOSITORY:${{ matrix.image }}-arm64-${{ env.SHORT_SHA }} $DOCKER_BUILD_REPOSITORY:${{ matrix.image }}-arm64 | |
docker push $DOCKER_BUILD_REPOSITORY:${{ matrix.image }}-arm64 | |
- name: Push multiarch manifest with short SHA | |
env: | |
IMAGE_TAG: ${{ matrix.image }}-${{ env.SHORT_SHA }} | |
run: | | |
docker manifest create $DOCKER_REPOSITORY/$DOCKER_IMAGE:${IMAGE_TAG} $DOCKER_BUILD_REPOSITORY:${{ matrix.image }}-amd64 $DOCKER_BUILD_REPOSITORY:${{ matrix.image }}-arm64 | |
docker manifest push $DOCKER_REPOSITORY/$DOCKER_IMAGE:${IMAGE_TAG} | |
- name: Update latest multiarch manifest | |
env: | |
IMAGE_TAG: ${{ matrix.image }}-latest | |
run: | | |
docker manifest create $DOCKER_REPOSITORY/$DOCKER_IMAGE:${IMAGE_TAG} $DOCKER_BUILD_REPOSITORY:${{ matrix.image }}-amd64 $DOCKER_BUILD_REPOSITORY:${{ matrix.image }}-arm64 | |
docker manifest push $DOCKER_REPOSITORY/$DOCKER_IMAGE:${IMAGE_TAG} | |
shellcheck: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: ShellCheck | |
uses: ludeeus/action-shellcheck@master | |
shfmt: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: setup shfmt | |
uses: mfinelli/setup-shfmt@v3 | |
- name: Run shfmt | |
run: shfmt -i 2 -d . |