Skip to content

fix runner

fix runner #7

Workflow file for this run

name: Package
on:
push:
branches:
- main
pull_request:
branches:
- main
release:
types: [ "published" ]
env:
CGO_ENABLED: 0
# Use docker.io for Docker Hub if empty
REGISTRY: ghcr.io
# github.repository as <account>/<repo>
IMAGE_NAME: ${{ github.repository }}
# platforms to build the image for
PLATFORMS: linux/amd64, linux/arm64
# default platform of the runners, used to mitigate time of building on x arch during PRs
PR_PLATFORMS: linux/amd64
jobs:
package:
if: ${{ github.event_name == 'pull_request' }}
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
# This is used to complete the identity challenge
# with sigstore/fulcio when running outside of PRs.
id-token: write
strategy:
matrix:
variant:
- "generic"
- "mysql"
- "postgres"
concurrency:
group: package-${{ github.workflow }}-${{ matrix.variant }}-${{ github.head_ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
platforms: ${{ env.PLATFORMS }}
# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-${{ matrix.variant }}
tags: |
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=sha,format=long
- name: Build on ${{ env.PR_PLATFORMS }} only
timeout-minutes: 10
uses: docker/build-push-action@v6
with:
context: .
file: ./build/Dockerfile
platforms: ${{ env.PR_PLATFORMS }}
build-args: |
GIT_USER=api
GIT_TOKEN=${{ secrets.GITHUB_TOKEN }}
PROXYVARIANT=${{ matrix.variant }}
push: false
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
package-multi-arch:
if: ${{ github.event_name != 'pull_request' }}
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
# This is used to complete the identity challenge
# with sigstore/fulcio when running outside of PRs.
id-token: write
strategy:
matrix:
variant:
- "generic"
- "mysql"
- "postgres"
concurrency:
group: package-multi-arch-${{ github.workflow }}-${{ matrix.variant }}-${{ github.head_ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
# Install the cosign tool except on PR
# https://github.com/sigstore/cosign-installer
- name: Install cosign
if: github.event_name == 'release'
uses: sigstore/cosign-installer@main
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
platforms: ${{ env.PLATFORMS }}
# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-${{ matrix.variant }}
tags: |
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=sha,format=long
# Login against a Docker registry
# https://github.com/docker/login-action
- name: Log into registry ${{ env.REGISTRY }}
if: github.event_name == 'release'
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push multi-arch
if: ${{ github.event_name != 'pull_request' }}
timeout-minutes: 20
uses: docker/build-push-action@v6
with:
context: .
file: ./build/Dockerfile
platforms: ${{ env.PLATFORMS }}
build-args: |
GIT_USER=api
GIT_TOKEN=${{ secrets.GITHUB_TOKEN }}
PROXYVARIANT=${{ matrix.variant }}
push: ${{ github.event_name == 'release' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
# Sign the resulting Docker image digest except on PRs.
# https://github.com/sigstore/cosign
- name: Sign the images with GitHub OIDC Token **not production ready**
if: github.event_name == 'release'
run: cosign sign --yes ${TAGS}
env:
TAGS: ${{ steps.meta.outputs.tags }}