ci: add build action

lotyp · lotyp · commit 42ad54a61fef · 2024-04-06T17:38:59.000+03:00
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,202 @@
+---
+
+concurrency:
+  group: "${{ github.workflow }}-${{ github.ref }}"
+  cancel-in-progress: true
+
+on:  # yamllint disable-line rule:truthy
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+  release:
+    types:
+      - released
+
+env:
+  DOCKER_NAMESPACE: wayofdev/php-dev
+  GHCR_NAMESPACE: ghcr.io/wayofdev/docker-php-dev
+
+name: 🚀 Build docker images with latest tag
+
+jobs:
+  build:
+    strategy:
+      fail-fast: false
+      matrix:
+        os_name: ["alpine"]
+        php_version: ["8.1", "8.2", "8.3"]
+        php_type: ["fpm", "cli", "supervisord"]
+        builder: [{arch: "amd64", os: "ubuntu-latest"}, {arch: "arm64", os: "ubuntu-latest"}]
+    runs-on: ${{ matrix.builder.os }}
+    steps:
+
+      - name: 🌎 Set environment variables
+        run: |
+          php_version="${{ matrix.php_version }}"
+          tag="${{ matrix.php_version }}-${{ matrix.php_type }}-${{ matrix.os_name }}-${{ matrix.builder.arch }}"
+          php_version_slug="${php_version//./}"
+          target="php-${php_version_slug}-${{ matrix.php_type }}-${{ matrix.os_name }}"
+          echo "TARGET=${target}" >> $GITHUB_ENV
+          echo "PLATFORM_CACHE_TAG=${tag}" >> $GITHUB_ENV
+
+      - name: 📦 Check out the codebase
+        uses: actions/checkout@v4
+
+      - name: 🤖 Generate dist files
+        run: ansible-playbook src/playbook.yml -l ${{ matrix.php_version }}-${{ matrix.php_type }}-${{ matrix.os_name }}
+
+      - name: 🖥️ Setup docker QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: linux/${{ matrix.builder.arch }}
+
+      - name: 🛠️ Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          platforms: linux/${{ matrix.builder.arch }}
+          buildkitd-flags: "--debug"
+
+      - name: 🐳 Extract docker meta data
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ env.DOCKER_NAMESPACE }}
+            ${{ env.GHCR_NAMESPACE }}
+          tags: |
+            type=raw,event=branch,value=latest
+            type=ref,event=tag
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+          flavor: |
+            latest=false
+            prefix=${{ matrix.php_version }}-${{ matrix.php_type }}-${{ matrix.os_name }}-
+
+      - name: ⚙️ Rename meta bake definition file
+        run: |
+          mv "${{ steps.meta.outputs.bake-file }}" "/tmp/bake-meta-${{ env.PLATFORM_CACHE_TAG }}.json"
+
+      - name: 📤 Upload meta bake definition
+        uses: actions/upload-artifact@v4
+        with:
+          name: bake-meta-${{ env.PLATFORM_CACHE_TAG }}.json
+          path: /tmp/bake-meta-*.json
+          if-no-files-found: error
+          retention-days: 1
+
+      - name: 🔑 Login to docker-hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_TOKEN }}
+
+      - name: 🔑 Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: 🚀 Bake image and push to docker-hub and GHCR
+        id: bake
+        uses: docker/bake-action@v4
+        with:
+          targets: ${{ env.TARGET }}
+          files: |
+            ./docker-bake.hcl
+            /tmp/bake-meta-${{ env.PLATFORM_CACHE_TAG }}.json
+          set: |
+            *.tags=
+            *.platform=linux/${{ matrix.builder.arch }}
+            *.cache-from=type=gha,scope=build-${{ env.PLATFORM_CACHE_TAG }}
+            *.cache-to=type=gha,scope=build-${{ env.PLATFORM_CACHE_TAG }}
+            *.output=type=image,"name=${{ env.DOCKER_NAMESPACE }},${{ env.GHCR_NAMESPACE }}",push-by-digest=true,name-canonical=true,push=true
+
+      - name: 📥 Export digest
+        run: |
+          mkdir -p /tmp/digests
+          echo "Bake Metadata: ${{ steps.bake.outputs.metadata }}"
+          digest=$(echo '${{ steps.bake.outputs.metadata }}' | jq -r '.["${{ env.TARGET }}"]["containerimage.digest"]')
+          if [[ -z "$digest" || "$digest" == "null" ]]; then
+            echo "Digest not found."
+            exit 1
+          fi
+          echo "Digest: $digest"
+          touch "/tmp/digests/${digest#sha256:}"
+
+      - name: 📤 Upload digest
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-${{ env.PLATFORM_CACHE_TAG }}
+          path: /tmp/digests/*
+          if-no-files-found: error
+          retention-days: 1
+
+  merge:
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: 📥 Download meta bake definitions
+        uses: actions/download-artifact@v4
+        with:
+          pattern: bake-meta-*
+          path: /tmp
+          merge-multiple: true
+
+      - name: 📥 Download meta bake definitions
+        uses: actions/download-artifact@v4
+        with:
+          pattern: digests-*
+          path: /tmp/digests
+
+      - name: 🔑 Login to docker-hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_TOKEN }}
+
+      - name: 🔑 Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: 🖥️ Setup docker QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: linux/amd64,linux/arm64
+
+      - name: 🛠️ Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          platforms: linux/amd64,linux/arm64
+          buildkitd-flags: "--debug"
+
+      - name: 🚀 Create manifest list and push
+        working-directory: /tmp
+        run: |
+          variants=($(ls bake-meta-*.json | sed -E 's/bake-meta-//; s/-amd64.json|-arm64.json//g' | sort -u))
+          for variant in "${variants[@]}"; do
+
+            # Fetch digests for amd64 and arm64 architectures
+            DIGEST_AMD64=$(basename $(ls /tmp/digests/digests-${variant}-amd64/*))
+            DIGEST_ARM64=$(basename $(ls /tmp/digests/digests-${variant}-arm64/*))
+            echo "Digest AMD64: $DIGEST_AMD64"
+            echo "Digest ARM64: $DIGEST_ARM64"
+
+            # Create the manifest list for Docker Hub
+            docker buildx imagetools create $(jq -cr ".target.\"docker-metadata-action\".tags | map(select(startswith(\"${DOCKER_NAMESPACE}\")) | \"-t \" + .) | join(\" \")" /tmp/bake-meta-${variant}-amd64.json) \
+              "${DOCKER_NAMESPACE}@sha256:${DIGEST_AMD64}" \
+              "${DOCKER_NAMESPACE}@sha256:${DIGEST_ARM64}"
+
+            # Create the manifest list for GHCR
+            docker buildx imagetools create $(jq -cr ".target.\"docker-metadata-action\".tags | map(select(startswith(\"${GHCR_NAMESPACE}\")) | \"-t \" + .) | join(\" \")" /tmp/bake-meta-${variant}-amd64.json) \
+              "${GHCR_NAMESPACE}@sha256:${DIGEST_AMD64}" \
+              "${GHCR_NAMESPACE}@sha256:${DIGEST_ARM64}"
+
+          done
+
+...
