diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 8054b2a..b527c9a 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -3,7 +3,7 @@ name: ci on: push: branches: - - "*" + - '**' jobs: test: @@ -15,10 +15,15 @@ jobs: - run: make test release: - needs: [test] - # only create a release on main builds: - if: github.ref == 'refs/heads/main' runs-on: ubuntu-latest + # only create a release on main builds: + # TODO: remove comment: + #if: github.ref == 'refs/heads/main' + needs: [test] + permissions: + contents: write + packages: write + steps: - name: checkout code with full history (unshallow) uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 @@ -35,18 +40,67 @@ jobs: - 'action.yaml' - '**.sh' - 'Dockerfile' + - 'Dockerfile.base' - - name: install autotag binary + - name: Calculate new version with autotag if: steps.filter.outputs.app == 'true' run: | - curl -sL https://git.io/autotag-install | sudo sh -s -- -b /usr/local/bin + set -xeou pipefail + + curl -sL https://git.io/autotag-install | sh -s -- -b "${RUNNER_TEMP}/bin" + new_version=$(${RUNNER_TEMP}/bin/autotag -n -b joem/optimize-image-pull) + echo "new_version=$new_version" >> $GITHUB_ENV - - name: increment tag and create release + + - name: login to ghcr.io + if: steps.filter.outputs.app == 'true' + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # setup qemu and buildx for cross-builds (arm64) + - name: Set up QEMU (for arm64 builds) + if: steps.filter.outputs.app == 'true' + uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3 + - name: Set up Docker Buildx + if: steps.filter.outputs.app == 'true' + uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3 + + - name: Build and push Dockerfile.base (ghcr.io/planetscale/ghcommit-action) + if: steps.filter.outputs.app == 'true' + run: | + set -xeou pipefail + + # build and push a multi-arch image: + image="ghcr.io/planetscale/ghcommit-action:v${new_version}" + docker buildx build \ + -f Dockerfile.base \ + --platform linux/amd64,linux/arm64 \ + --output type=image,name=$image,oci-mediatypes=true,compression=zstd,push=true \ + . + + - name: Update image version in Dockerfile if: steps.filter.outputs.app == 'true' run: | - set -eou pipefail + set -xeou pipefail + + sed -i'' -Ee "s/ghcommit-action:v(.*)/ghcommit-action:v${new_version}/" Dockerfile - new_version=$(autotag -vn) - gh release create v"${new_version}" --target main --title "v${new_version}" --generate-notes + - name: Commit changes + if: steps.filter.outputs.app == 'true' + uses: planetscale/ghcommit-action@c7915d6c18d5ce4eb42b0eff3f10a29fe0766e4c # v0.1.44 + with: + commit_message: "🤖 Bump version in Dockerfile" + repo: ${{ github.repository }} + branch: ${{ github.head_ref || github.ref_name }} env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} + + # - name: Create GitHub Release + # if: steps.filter.outputs.app == 'true' + # run: | + # gh release create "v${new_version}" --target main --title "v${new_version}" --generate-notes + # env: + # GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/Dockerfile.base b/Dockerfile.base new file mode 100644 index 0000000..4230d51 --- /dev/null +++ b/Dockerfile.base @@ -0,0 +1,15 @@ +FROM ghcr.io/planetscale/ghcommit:v0.1.51@sha256:eb0fa7df39e99d74cb14adf98b9d255eeef45577698eadc6eef546f278256eb1 AS ghcommit + +# hadolint ignore=DL3007 +FROM pscale.dev/wolfi-prod/base:latest AS base + +COPY --from=ghcommit /ghcommit /usr/bin/ghcommit + +# hadolint ignore=DL3018 +RUN apk add --no-cache \ + bash \ + git + +COPY entrypoint.sh /entrypoint.sh + +ENTRYPOINT ["/entrypoint.sh"]