1+ # Based on https://docs.docker.com/build/ci/github-actions/multi-platform/
12name : Docker
23
34on :
1213
1314env :
1415 REGISTRY : ghcr.io
15- IMAGE_NAME : ${{ github.repository }}
16+ ORGANIZATION : singlestore-labs
17+
18+ permissions :
19+ contents : read
20+ packages : write
21+ attestations : write
22+ id-token : write
1623
1724jobs :
1825 build :
@@ -24,15 +31,27 @@ jobs:
2431 - linux/amd64
2532 - linux/arm64
2633
27- permissions :
28- contents : read
29- packages : write
30- attestations : write
31- id-token : write
32-
3334 steps :
34- - name : Checkout repository
35- uses : actions/checkout@v4
35+ - name : Prepare
36+ run : |
37+ platform=${{ matrix.platform }}
38+ # Store image name in lowercase and platform pair for Docker push
39+ echo "IMAGE_NAME=${GITHUB_REPOSITORY@L}" >> $GITHUB_ENV
40+ echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
41+
42+ name : Docker meta
43+ id : meta
44+ uses : docker/metadata-action@v5
45+ with :
46+ images : ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
47+ tags : |
48+ type=raw,value=latest,enable={{is_default_branch}}
49+ type=ref,event=branch
50+ type=ref,event=tag
51+ type=ref,event=pr
52+ type=semver,pattern={{version}}
53+ type=semver,pattern={{major}}.{{minor}}
54+ type=sha,format=long
3655
3756name : Set up QEMU
3857 uses : docker/setup-qemu-action@v3
@@ -47,70 +66,78 @@ jobs:
4766 username : ${{ github.actor }}
4867 password : ${{ secrets.GITHUB_TOKEN }}
4968
50- - name : Build and cache Docker image
51- id : push
69+ - name : Build and push by digest
70+ id : build
5271 uses : docker/build-push-action@v6
5372 with :
54- context : .
5573 platforms : ${{ matrix.platform }}
56- cache-from : type=gha
57- cache-to : type=gha,mode=max
58- push : false
74+ cache-from : type=gha,scope=${{ matrix.platform }}
75+ cache-to : type=gha,scope=${{ matrix.platform }},mode=max
76+ labels : ${{ steps.meta.outputs.labels }}
77+ outputs : type=image,name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true,push=${{ github.ref == 'refs/heads/main' || github.repository_owner != env.ORGANIZATION }}
78+
79+ - name : Export digest
80+ if : github.ref == 'refs/heads/main' || github.repository_owner != env.ORGANIZATION
81+ run : |
82+ mkdir -p /tmp/digests
83+ digest="${{ steps.build.outputs.digest }}"
84+ touch "/tmp/digests/${digest#sha256:}"
85+
86+ name : Upload digest
87+ if : github.ref == 'refs/heads/main' || github.repository_owner != env.ORGANIZATION
88+ uses : actions/upload-artifact@v4
89+ with :
90+ name : digests-${{ env.PLATFORM_PAIR }}
91+ path : /tmp/digests/*
92+ if-no-files-found : error
93+ retention-days : 1
5994
60- push :
61- needs : build
95+ merge :
6296 runs-on : ubuntu-latest
63-
64- permissions :
65- contents : read
66- packages : write
67- attestations : write
68- id-token : write
69-
97+ if : github.ref == 'refs/heads/main' || github.repository_owner != 'singlestore-labs'
98+ needs :
99+ - build
70100 steps :
71- - name : Checkout repository
72- uses : actions/checkout@v4
101+ - name : Prepare
102+ run : |
103+ echo "IMAGE_NAME=${GITHUB_REPOSITORY@L}" >> $GITHUB_ENV
73104
74- - name : Set up QEMU
75- uses : docker/setup-qemu-action@v3
105+ name : Download digests
106+ uses : actions/download-artifact@v4
107+ with :
108+ path : /tmp/digests
109+ pattern : digests-*
110+ merge-multiple : true
76111
77112 - name : Set up Docker Buildx
78113 uses : docker/setup-buildx-action@v3
79114
80- - name : Log in to the Container registry
81- uses : docker/login-action@v3
82- with :
83- registry : ${{ env.REGISTRY }}
84- username : ${{ github.actor }}
85- password : ${{ secrets.GITHUB_TOKEN }}
86-
87- - name : Extract metadata (tags, labels) for Docker
115+ - name : Docker meta
88116 id : meta
89117 uses : docker/metadata-action@v5
90118 with :
91119 images : ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
92120 tags : |
121+ type=raw,value=latest,enable={{is_default_branch}}
93122 type=ref,event=branch
94- type=ref,event=pr
123+ type=ref,event=tag
95124 type=semver,pattern={{version}}
96125 type=semver,pattern={{major}}.{{minor}}
97126 type=sha,format=long
98127
99- name : Build and push Docker image
100- id : push
101- uses : docker/build-push-action@v6
128+ name : Log in to the Container registry
129+ uses : docker/login-action@v3
102130 with :
103- context : .
104- platforms : linux/amd64,linux/arm64
105- cache-from : type=gha
106- cache-to : type=gha,mode=max
107- push : true
108- tags : ${{ steps.meta.outputs.tags }}
109- labels : ${{ steps.meta.outputs.labels }}
131+ registry : ${{ env.REGISTRY }}
132+ username : ${{ github.actor }}
133+ password : ${{ secrets.GITHUB_TOKEN }}
110134
111- - name : Generate artifact attestation
112- uses : actions/attest-build-provenance@v1
113- with :
114- subject-name : ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
115- subject-digest : ${{ steps.push.outputs.digest }}
116- push-to-registry : true
135+ - name : Create manifest list and push
136+ working-directory : /tmp/digests
137+ run : |
138+ docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
139+ $(printf '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s ' *)
140+
141+ name : Inspect image
142+ run : |
143+ docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }}
0 commit comments