From 5cdc2dfe02349772a9f514ee686b60a3e4370c1d Mon Sep 17 00:00:00 2001 From: Mogyuchi Date: Sat, 17 Aug 2024 19:03:47 +0900 Subject: [PATCH] build: switch to buildah --- .github/files/build/Dockerfile | 17 --- .github/workflows/docker-publish.yml | 187 ++++++++++++++++++--------- 2 files changed, 124 insertions(+), 80 deletions(-) delete mode 100644 .github/files/build/Dockerfile diff --git a/.github/files/build/Dockerfile b/.github/files/build/Dockerfile deleted file mode 100644 index 0b37865f4..000000000 --- a/.github/files/build/Dockerfile +++ /dev/null @@ -1,17 +0,0 @@ -# syntax=docker/dockerfile:1.9.0@sha256:fe40cf4e92cd0c467be2cfc30657a680ae2398318afd50b0c80585784c604f28 -FROM --platform=$BUILDPLATFORM busybox:1.36.1-uclibc@sha256:97d85ff9630b634ddff3e3ff69fd02bc3b69de8dba0c5002eb0ad6915d1bf4c0 AS env -ARG TARGETPLATFORM -RUN --mount=type=bind,source=artifact,target=artifact \ - if [ "$TARGETPLATFORM" = 'darwin/amd64' ]; then\ - cp artifact/x86_64-apple-darwin/binary .\ - ;elif [ "$TARGETPLATFORM" = 'darwin/arm64' ]; then\ - cp artifact/aarch64-apple-darwin/binary .\ - ;elif [ "$TARGETPLATFORM" = 'linux/amd64' ]; then\ - cp artifact/x86_64-unknown-linux-musl/binary .\ - ;elif [ "$TARGETPLATFORM" = 'linux/arm64' ]; then\ - cp artifact/aarch64-unknown-linux-musl/binary .\ - ;fi - -FROM --platform=$BUILDPLATFORM scratch as runner -COPY --from=env --chmod=755 binary . -ENTRYPOINT ["./binary"] diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index fb6490b4d..cee9bb8cc 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -18,34 +18,79 @@ on: env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} - BINARY_NAME: ${{ github.event.repository.name }} # renovate: datasource=github-releases depName=docker/buildx BUILDX_VERSION: v0.16.2 jobs: - build: + env: + # release-please によるコミットの時は workflow_call でのみ実行する if: ${{ !( github.workflow == 'build' && startsWith(github.event.head_commit.message, 'release:') && github.event.head_commit.author.name == 'github-actions[bot]' ) }} + runs-on: ubuntu-latest + outputs: + BINARY_NAME: ${{ steps.meta.outputs.BINARY_NAME }} + REGISTRY_IMAGE: ${{ steps.lowercase.outputs.REGISTRY_IMAGE }} + PUSH: ${{ github.event_name != 'pull_request' && github.ref_name == github.event.repository.default_branch }} + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + sparse-checkout: | + Cargo.toml + sparse-checkout-cone-mode: false + - id: meta + run: | + echo "BINARY_NAME=$(cargo metadata --offline --no-deps --format-version=1 | jq -r '.packages.[].name')" >> $GITHUB_OUTPUT + - id: lowercase + run: | + registory_image='${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}' + echo "REGISTRY_IMAGE=${registory_image@L}" >> $GITHUB_OUTPUT + meta: + needs: [env] + runs-on: ubuntu-latest + outputs: + version: ${{ steps.meta.outputs.version}} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + json: ${{ steps.meta.outputs.json }} + steps: + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + with: + images: ${{ needs.env.outputs.REGISTRY_IMAGE }} + tags: | + type=semver,pattern={{version}},value=${{ inputs.tag-name }} + type=semver,pattern={{major}}.{{minor}},value=${{ inputs.tag-name }} + type=semver,pattern={{major}},value=${{ inputs.tag-name }} + type=edge + type=ref,event=branch + + build: + needs: [env] permissions: contents: write strategy: fail-fast: false matrix: - target: [aarch64-unknown-linux-gnu, aarch64-unknown-linux-musl] - use-cross: [true] include: + - target: aarch64-unknown-linux-gnu + use-cross: true + - platform: linux/arm64 + target: aarch64-unknown-linux-musl + use-cross: true - target: x86_64-unknown-linux-gnu use-cross: false - - target: x86_64-unknown-linux-musl + - platform: linux/amd64 + target: x86_64-unknown-linux-musl use-cross: false - - os: macos-latest - target: aarch64-apple-darwin - - os: macos-latest - target: x86_64-apple-darwin - - os: windows-latest - target: x86_64-pc-windows-msvc - - os: windows-latest - target: x86_64-pc-windows-gnu + # - os: macos-latest + # target: aarch64-apple-darwin + # - os: macos-latest + # target: x86_64-apple-darwin + # - os: windows-latest + # target: x86_64-pc-windows-msvc + # - os: windows-latest + # target: x86_64-pc-windows-gnu runs-on: ${{ matrix.os || 'ubuntu-latest'}} env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -72,50 +117,78 @@ jobs: with: tool: cross - run: mkdir dist - - run: ${{ (!matrix.os && matrix.use-cross) && 'cross' || 'cargo' }} rustc --locked --release --target=${{ matrix.target }} -- --emit=link=dist/binary + - run: ${{ (!matrix.os && matrix.use-cross) && 'cross' || 'cargo' }} rustc --locked --release --target=${{ matrix.target }} -- --emit=link=dist/${{ needs.env.outputs.BINARY_NAME }} - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 with: name: ${{ matrix.target }} path: | - dist/binary - dist/binary.exe + dist/${{ needs.env.outputs.BINARY_NAME }} + dist/${{ needs.env.outputs.BINARY_NAME }}.exe + - id: build_image + if: ${{ needs.env.outputs.PUSH && matrix.platform }} + name: Build Image + uses: redhat-actions/buildah-build@v2 + with: + platforms: ${{ matrix.platform }} + base-image: scratch + tags: ${{ needs.env.outputs.REGISTRY_IMAGE }} + content: | + dist/${{ needs.env.outputs.BINARY_NAME }} + entrypoint: ./${{ needs.env.outputs.BINARY_NAME }} + oci: true + - id: push + if: ${{ steps.build_image.conclusion == 'success' }} + name: Push To GHCR + uses: redhat-actions/push-to-registry@v2 + with: + tags: ${{ steps.build_image.outputs.tags }} + username: ${{ github.actor }} + password: ${{ github.token }} + + - id: export-digest + if: ${{ steps.push.conclusion == 'success' }} + name: Export digest + run: | + mkdir -p /tmp/digests + digest="${{ steps.push.outputs.digest }}" + touch "/tmp/digests/${digest#sha256:}" + - if: ${{ steps.export-digest.conclusion == 'success' }} + name: Upload digest + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + with: + name: digests-${{ matrix.target }} + path: /tmp/digests/* + if-no-files-found: error + retention-days: 1 + - name: Upload to release if: ${{ inputs.tag-name }} working-directory: dist/ run: | - if [ -e binary.exe ]; then - filename="${{ env.BINARY_NAME }}-${{ inputs.tag-name }}-${{ matrix.target }}.exe" - mv binary.exe "$filename" + if [ -e ${{ needs.env.outputs.BINARY_NAME }}.exe ]; then + filename="${{ needs.env.outputs.BINARY_NAME }}-${{ inputs.tag-name }}-${{ matrix.target }}.exe" + mv ${{ needs.env.outputs.BINARY_NAME }}.exe "$filename" gh release upload ${{ inputs.tag-name }} "$filename"#${{ matrix.target }} --clobber else - filename="${{ env.BINARY_NAME }}-${{ inputs.tag-name }}-${{ matrix.target }}" - mv binary "$filename" + filename="${{ needs.env.outputs.BINARY_NAME }}-${{ inputs.tag-name }}-${{ matrix.target }}" + mv ${{ needs.env.outputs.BINARY_NAME }} "$filename" gh release upload ${{ inputs.tag-name }} "$filename"#${{ matrix.target }} --clobber fi - docker: - needs: build + + merge: permissions: packages: write - runs-on: 'ubuntu-latest' - outputs: - image_tags: ${{ steps.meta.outputs.tags }} - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GH_REPO: ${{ github.repository }} + needs: [env, meta, build] + if: ${{ fromJson(needs.env.outputs.PUSH) }} + runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - sparse-checkout: | - .github/files/build/Dockerfile - sparse-checkout-cone-mode: false - - name: Download build artifact + - name: Download digests uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: - path: artifact - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 - with: - version: ${{ env.BUILDX_VERSION }} + path: /tmp/digests + pattern: digests-* + merge-multiple: true + - name: Log in to the Container registry uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: @@ -123,26 +196,14 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - tags: | - type=semver,pattern={{version}},value=${{ inputs.tag-name }} - type=semver,pattern={{major}}.{{minor}},value=${{ inputs.tag-name }} - type=semver,pattern={{major}},value=${{ inputs.tag-name }},enable=${{ !(startsWith(github.ref, 'refs/tags/v0.') || startsWith(inputs.tag-name, 'v0.')) }} - type=edge - type=ref,event=branch - type=sha - - name: Build and push Docker image - uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 - with: - context: . - file: .github/files/build/Dockerfile - platforms: darwin/amd64,darwin/arm64,linux/amd64,linux/arm64 - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=gha - cache-to: type=gha,mode=max + - name: Create manifest list and push + working-directory: /tmp/digests + env: + DOCKER_METADATA_OUTPUT_JSON: ${{ needs.meta.outputs.json }} + run: | + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf '${{ needs.env.outputs.REGISTRY_IMAGE }}@sha256:%s ' *) + + - name: Inspect image + run: | + docker buildx imagetools inspect ${{ needs.env.outputs.REGISTRY_IMAGE }}:${{ needs.meta.outputs.version }}