Build and push multi-arch images #321
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and push multi-arch images | |
on: | |
workflow_dispatch: | |
inputs: | |
gitRef: | |
description: Commit, tag or branch name to deploy | |
required: true | |
type: string | |
default: main | |
pushToRegistry: | |
description: Push to image registry. Set to false to build without pushing. | |
required: true | |
type: boolean | |
default: true | |
push: | |
branches: | |
- main | |
schedule: | |
- cron: '34 3 * * *' | |
env: | |
REGISTRY_BASE: ghcr.io/alphagov | |
jobs: | |
configure_builds: | |
name: Read configuration from build-matrix.json | |
runs-on: ubuntu-latest | |
outputs: | |
matrix: ${{ steps.set-matrix.outputs.matrix }} | |
matrix_versions: ${{ steps.set-matrix.outputs.matrix_versions }} | |
runs_on: ${{ steps.set-matrix.outputs.runs_on }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
show-progress: false | |
- id: set-matrix | |
run: | | |
{ | |
echo "matrix=$(jq -c . < build-matrix.json)" | |
echo "matrix_versions=$(jq -c .version < build-matrix.json)" | |
echo "runs_on=$(jq -c .runs_on < build-matrix.json)" | |
} >> "$GITHUB_OUTPUT" | |
build_and_push_image: | |
name: Build ruby_${{ join(matrix.version.rubyver, '.') }} for ${{ matrix.runs_on.arch }} and push to GHCR | |
needs: configure_builds | |
strategy: | |
matrix: ${{ fromJson(needs.configure_builds.outputs.matrix) }} | |
runs-on: ${{ matrix.runs_on.runner_type }} | |
permissions: | |
packages: write | |
steps: | |
- name: Login to GHCR | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ inputs.gitRef || github.ref }} | |
show-progress: false | |
- uses: docker/setup-buildx-action@v3 | |
- name: Calculate Image Tags | |
id: calculate-image-tags | |
run: | | |
CREATED_DATE="$(date -u +'%Y-%m-%dT%H:%M:%SZ')" | |
echo "createdDate=${CREATED_DATE}" >> "$GITHUB_OUTPUT" | |
- name: Generate Base Image Metadata | |
uses: docker/metadata-action@v5 | |
id: base-image-metadata | |
with: | |
flavor: | | |
latest=false | |
images: | | |
${{ env.REGISTRY_BASE }}/govuk-ruby-base | |
tags: | | |
type=raw,value=${{ matrix.version.rubyver[0] }}.${{ matrix.version.rubyver[1] }} | |
type=raw,value=${{ join(matrix.version.rubyver, '.') }} | |
type=raw,value=latest,enable=${{ matrix.version.extra == 'latest' }} | |
type=sha,enable=true,prefix=${{ matrix.version.rubyver[0] }}.${{ matrix.version.rubyver[1] }}-,format=short | |
type=sha,enable=true,prefix=${{ join(matrix.version.rubyver, '.') }}-,format=short | |
type=sha,enable=true,priority=100,format=long,prefix=${{ matrix.version.rubyver[0] }}.${{ matrix.version.rubyver[1] }}- | |
type=sha,enable=true,priority=200,format=long,prefix=${{ join(matrix.version.rubyver, '.') }}- | |
labels: | | |
org.opencontainers.image.title=govuk-ruby-base | |
org.opencontainers.image.authors="GOV.UK Platform Engineering" | |
org.opencontainers.image.description="Base image for GOV.UK Ruby apps" | |
org.opencontainers.image.source="https://github.com/alphagov/govuk-ruby-images" | |
org.opencontainers.image.version=${{ join(matrix.version.rubyver, '.') }} | |
org.opencontainers.image.created=${{ steps.calculate-image-tags.outputs.createdDate }} | |
org.opencontainers.image.vendor=GDS | |
- name: Generate Builder Image Metadata | |
uses: docker/metadata-action@v5 | |
id: builder-image-metadata | |
with: | |
flavor: | | |
latest=false | |
images: | | |
${{ env.REGISTRY_BASE }}/govuk-ruby-builder | |
tags: | | |
type=raw,value=${{ matrix.version.rubyver[0] }}.${{ matrix.version.rubyver[1] }} | |
type=raw,value=${{ join(matrix.version.rubyver, '.') }} | |
type=raw,value=latest,enable=${{ matrix.version.extra == 'latest' }} | |
type=sha,enable=true,prefix=${{ matrix.version.rubyver[0] }}.${{ matrix.version.rubyver[1] }}-,format=short | |
type=sha,enable=true,prefix=${{ join(matrix.version.rubyver, '.') }}-,format=short | |
type=sha,enable=true,priority=100,format=long,prefix=${{ matrix.version.rubyver[0] }}.${{ matrix.version.rubyver[1] }}- | |
type=sha,enable=true,priority=200,format=long,prefix=${{ join(matrix.version.rubyver, '.') }}- | |
labels: | | |
org.opencontainers.image.title=govuk-ruby-builder | |
org.opencontainers.image.authors="GOV.UK Platform Engineering" | |
org.opencontainers.image.description="Builder Image for GOV.UK Ruby-based Apps" | |
org.opencontainers.image.source="https://github.com/alphagov/govuk-ruby-images" | |
org.opencontainers.image.version=${{ join(matrix.version.rubyver, '.') }} | |
org.opencontainers.image.created=${{ steps.calculate-image-tags.outputs.createdDate }} | |
org.opencontainers.image.vendor=GDS | |
- id: build-base-image | |
uses: docker/build-push-action@v5 | |
with: | |
file: base.Dockerfile | |
context: . | |
platforms: "linux/${{ matrix.runs_on.arch }}" | |
load: true | |
provenance: false | |
build-args: | | |
RUBY_MAJOR=${{ matrix.version.rubyver[0] }}.${{ matrix.version.rubyver[1] }} | |
RUBY_VERSION=${{ join(matrix.version.rubyver, '.') }} | |
RUBY_CHECKSUM=${{ matrix.version.checksum }} | |
labels: ${{ steps.base-image-metadata.outputs.labels }} | |
outputs: type=image,name=${{ env.REGISTRY_BASE }}/govuk-ruby-base,push-by-digest=true,name-canonical=true,push=true | |
cache-from: type=gha,scope=build-base-${{ matrix.version.rubyver }}-${{ matrix.runs_on.arch }} | |
cache-to: type=gha,scope=build-base-${{ matrix.version.rubyver }}-${{ matrix.runs_on.arch }},mode=max | |
- id: build-builder-image | |
uses: docker/build-push-action@v5 | |
with: | |
file: builder.Dockerfile | |
context: . | |
push: false | |
platforms: "linux/${{ matrix.runs_on.arch }}" | |
load: true | |
provenance: false | |
build-args: | | |
BASE_IMAGE_DIGEST=${{steps.build-base-image.outputs.digest }} | |
OWNER=${{ github.repository_owner }} | |
labels: ${{ steps.builder-image-metadata.outputs.labels }} | |
outputs: type=image,name=${{ env.REGISTRY_BASE }}/govuk-ruby-builder,push-by-digest=true,name-canonical=true,push=true | |
cache-from: type=gha,scope=build-builder-${{ matrix.version.rubyver }}-${{ matrix.runs_on.arch }} | |
cache-to: type=gha,scope=build-builder-${{ matrix.version.rubyver }}-${{ matrix.runs_on.arch }},mode=max | |
- id: export-digests | |
run: | | |
mkdir -p /tmp/digests/base /tmp/digests/builder | |
baseDigest="${{steps.build-base-image.outputs.digest }}" | |
builderDigest="${{steps.build-builder-image.outputs.digest }}" | |
touch "/tmp/digests/base/${baseDigest#sha256:}" | |
touch "/tmp/digests/builder/${builderDigest#sha256:}" | |
- id: upload-digests | |
uses: actions/upload-artifact@v4 | |
with: | |
name: digests-${{ join(matrix.version.rubyver, '.') }}-${{ matrix.runs_on.arch }} | |
path: /tmp/digests/* | |
if-no-files-found: error | |
retention-days: 1 | |
overwrite: true | |
combine_manifests: | |
if: ${{ inputs.pushToRegistry || true }} | |
name: Combine Docker Manifests for Ruby ${{ join(matrix.version.rubyver, '.') }} Images | |
needs: | |
- configure_builds | |
- build_and_push_image | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
version: ${{ fromJson(needs.configure_builds.outputs.matrix_versions) }} | |
permissions: | |
packages: write | |
steps: | |
- name: Download Digests | |
uses: actions/download-artifact@v4 | |
with: | |
path: /tmp/digests | |
pattern: digests-${{ join(matrix.version.rubyver, '.') }}-* | |
merge-multiple: true | |
- uses: docker/setup-buildx-action@v3 | |
- name: Calculate Image Tags | |
id: calculate-image-tags | |
run: | | |
CREATED_DATE="$(date -u +'%Y-%m-%dT%H:%M:%SZ')" | |
echo "createdDate=${CREATED_DATE}" >> "$GITHUB_OUTPUT" | |
- name: Login to GHCR | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Generate Base Image Metadata | |
uses: docker/metadata-action@v5 | |
id: base-image-metadata | |
with: | |
flavor: | | |
latest=false | |
images: | | |
${{ env.REGISTRY_BASE }}/govuk-ruby-base | |
labels: | | |
org.opencontainers.image.title=govuk-ruby-base | |
org.opencontainers.image.authors="GOV.UK Platform Engineering" | |
org.opencontainers.image.description="Base image for GOV.UK Ruby apps" | |
org.opencontainers.image.source="https://github.com/alphagov/govuk-ruby-images" | |
org.opencontainers.image.version=${{ join(matrix.version.rubyver, '.') }} | |
org.opencontainers.image.created=${{ steps.calculate-image-tags.outputs.createdDate }} | |
org.opencontainers.image.vendor=GDS | |
tags: | | |
type=raw,value=${{ matrix.version.rubyver[0] }}.${{ matrix.version.rubyver[1] }} | |
type=raw,value=${{ join(matrix.version.rubyver, '.') }} | |
type=raw,value=latest,enable=${{ matrix.version.extra == 'latest' }} | |
type=sha,enable=true,prefix=${{ matrix.version.rubyver[0] }}.${{ matrix.version.rubyver[1] }}-,format=short | |
type=sha,enable=true,prefix=${{ join(matrix.version.rubyver, '.') }}-,format=short | |
type=sha,enable=true,priority=100,format=long,prefix=${{ matrix.version.rubyver[0] }}.${{ matrix.version.rubyver[1] }}- | |
type=sha,enable=true,priority=200,format=long,prefix=${{ join(matrix.version.rubyver, '.') }}- | |
- name: Create Manifest Lists (for Base) | |
working-directory: /tmp/digests/base | |
run: | | |
# shellcheck disable=SC2046 | |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | |
$(printf '${{ env.REGISTRY_BASE }}/govuk-ruby-base@sha256:%s ' *) | |
- name: Generate Builder Image Metadata | |
uses: docker/metadata-action@v5 | |
id: builder-image-metadata | |
with: | |
flavor: | | |
latest=false | |
images: | | |
${{ env.REGISTRY_BASE }}/govuk-ruby-builder | |
labels: | | |
org.opencontainers.image.title=govuk-ruby-builder | |
org.opencontainers.image.authors="GOV.UK Platform Engineering" | |
org.opencontainers.image.description="Builder Image for GOV.UK Ruby-based Apps" | |
org.opencontainers.image.source="https://github.com/alphagov/govuk-ruby-images" | |
org.opencontainers.image.version=${{ join(matrix.version.rubyver, '.') }} | |
org.opencontainers.image.created=${{ steps.calculate-image-tags.outputs.createdDate }} | |
org.opencontainers.image.vendor=GDS | |
tags: | | |
type=raw,value=${{ matrix.version.rubyver[0] }}.${{ matrix.version.rubyver[1] }} | |
type=raw,value=${{ join(matrix.version.rubyver, '.') }} | |
type=raw,value=latest,enable=${{ matrix.version.extra == 'latest' }} | |
type=sha,enable=true,prefix=${{ matrix.version.rubyver[0] }}.${{ matrix.version.rubyver[1] }}-,format=short | |
type=sha,enable=true,prefix=${{ join(matrix.version.rubyver, '.') }}-,format=short | |
type=sha,enable=true,priority=100,format=long,prefix=${{ matrix.version.rubyver[0] }}.${{ matrix.version.rubyver[1] }}- | |
type=sha,enable=true,priority=200,format=long,prefix=${{ join(matrix.version.rubyver, '.') }}- | |
- name: Create Manifest Lists (for Builder) | |
working-directory: /tmp/digests/builder | |
run: | | |
# shellcheck disable=SC2046 | |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | |
$(printf '${{ env.REGISTRY_BASE }}/govuk-ruby-builder@sha256:%s ' *) | |
- name: Inspect Images | |
run: | | |
docker buildx imagetools inspect ${{ env.REGISTRY_BASE }}/govuk-ruby-base:${{ steps.base-image-metadata.outputs.version }} | |
docker buildx imagetools inspect ${{ env.REGISTRY_BASE }}/govuk-ruby-builder:${{ steps.builder-image-metadata.outputs.version }} |