-
Notifications
You must be signed in to change notification settings - Fork 3
142 lines (129 loc) · 4.42 KB
/
reusable-docker-build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
name: docker
on:
workflow_call:
inputs:
dockerfile:
description: "Path to the Dockerfile to build"
type: string
default: Dockerfile
context:
description: "The context for Docker build"
type: string
default: "."
platforms:
description: "Comma separate list of platforms to build on"
type: string
required: false
default: "linux/amd64,linux/arm64"
images:
description: "The image names that we want to build"
type: string
required: true
tags:
description: "The various tags to be attached to the built image"
type: string
required: false
default: ""
labels:
description: "The various labels to attach to the built image"
type: string
required: false
default: |
org.opencontainers.image.url=https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
org.opencontainers.image.vendor=Noteable
org.opencontainers.image.version=${{ github.ref }}
target:
description: "Sets the target stage to build"
type: string
required: false
build_args:
description: "Additional build args to pass to the Docker build"
type: string
required: false
default: ""
secrets:
# We login to Dockerhub to prevent rate limiting issues when pulling images
# https://docs.docker.com/docker-hub/download-rate-limit/
DOCKERHUB_USER:
required: true
DOCKERHUB_PASSWORD:
required: true
jobs:
build:
permissions:
id-token: write
contents: read
packages: write
if: |
github.event_name == 'push' ||
(github.event_name == 'pull_request' && github.event.pull_request.state == 'open')
runs-on: ubuntu-22.04
steps:
- name: Checkout the code
uses: actions/checkout@v3
- name: Copy common files
run: make copy-common-files
- name: Log in to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Log in to the Container registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
version: v0.10.1
# Note: The outputs in github action will show duplicate labels being generated for the meta outputs.
# When the Docker engine builds, it will only take the later values, and our custom labels get added
# at the end. https://github.com/docker/metadata-action/issues/125
- name: Docker metadata for labels and tags
id: meta
uses: docker/metadata-action@v4
with:
images: ${{ inputs.images }}
tags: ${{ inputs.tags }}
labels: ${{ inputs.labels }}
- name: Build and push
uses: docker/build-push-action@v3
with:
platforms: ${{ inputs.platforms }}
context: ${{ inputs.context }}
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
target: ${{ inputs.target }}
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: ${{ inputs.build_args }}
clear_cache:
permissions:
contents: read
actions: write
# If the PR is closed (or merged), we want to clear the cache
if: ${{ github.event_name == 'pull_request' && github.event.pull_request.state == 'closed' }}
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Cleanup
run: |
gh extension install actions/gh-actions-cache
REPO=${{ github.repository }}
BRANCH=${{ github.ref }}
echo "Fetching list of cache key"
cacheKeysForPR=$(gh actions-cache list -R $REPO -B $BRANCH | cut -f 1 )
## Setting this to not fail the workflow while deleting cache keys.
set +e
echo "Deleting caches..."
for cacheKey in $cacheKeysForPR
do
gh actions-cache delete $cacheKey -R $REPO -B $BRANCH --confirm
done
echo "Done"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}