Merge pull request #25 from blinklabs-io/dependabot/github_actions/do… #28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: publish | |
| on: | |
| push: | |
| branches: ['main'] | |
| tags: ['v*.*.*'] | |
| concurrency: ${{ github.ref }} | |
| env: | |
| DOCKER_IMAGE_NAME: blinklabs/haskell | |
| GHCR_IMAGE_NAME: ghcr.io/blinklabs-io/haskell | |
| jobs: | |
| build-amd64: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: blinklabs | |
| password: ${{ secrets.DOCKER_PASSWORD }} # uses token | |
| - name: Login to GHCR | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: actions/cache@v3 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ runner.os }}-${{ runner.arch }}-buildx-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}-${{ runner.arch }}-buildx- | |
| - id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ${{ env.DOCKER_IMAGE_NAME }} | |
| ${{ env.GHCR_IMAGE_NAME }} | |
| flavor: | | |
| latest=false | |
| suffix=-amd64 | |
| tags: | | |
| # version | |
| type=match,pattern=v(.*),group=1 | |
| # branch | |
| type=ref,event=branch | |
| - name: push | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max | |
| # TEMP fix | |
| # https://github.com/docker/build-push-action/issues/252 | |
| # https://github.com/moby/buildkit/issues/1896 | |
| - name: cache | |
| run: | | |
| rm -rf /tmp/.buildx-cache | |
| mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
| # TEMP fix | |
| # Something strange is happening with the manifests when we push which | |
| # breaks the downstream multi-arch-manifest, so pull and push to work | |
| # around this by resubmitting manifests | |
| - name: pull-and-push | |
| run: | | |
| for t in `echo '${{ steps.meta.outputs.tags }}'`; do | |
| docker pull $t && docker push $t | |
| done | |
| build-arm64: | |
| runs-on: ["self-hosted", "ARM64"] | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: blinklabs | |
| password: ${{ secrets.DOCKER_PASSWORD }} # uses token | |
| - name: Login to GHCR | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: actions/cache@v3 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ runner.os }}-${{ runner.arch }}-buildx-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}-${{ runner.arch }}-buildx- | |
| - id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ${{ env.DOCKER_IMAGE_NAME }} | |
| ${{ env.GHCR_IMAGE_NAME }} | |
| flavor: | | |
| latest=false | |
| suffix=-arm64v8 | |
| tags: | | |
| # version | |
| type=match,pattern=v(.*),group=1 | |
| # branch | |
| type=ref,event=branch | |
| - name: push | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max | |
| # TEMP fix | |
| # https://github.com/docker/build-push-action/issues/252 | |
| # https://github.com/moby/buildkit/issues/1896 | |
| - name: cache | |
| run: | | |
| rm -rf /tmp/.buildx-cache | |
| mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
| # TEMP fix | |
| # Something strange is happening with the manifests when we push which | |
| # breaks the downstream multi-arch-manifest, so pull and push to work | |
| # around this by resubmitting manifests | |
| - name: pull-and-push | |
| run: | | |
| for t in `echo '${{ steps.meta.outputs.tags }}'`; do | |
| docker pull $t && docker push $t | |
| done | |
| multi-arch-manifest: | |
| runs-on: ubuntu-latest | |
| needs: [build-amd64, build-arm64] | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: blinklabs | |
| password: ${{ secrets.DOCKER_PASSWORD }} # uses token | |
| - name: Login to GHCR | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - id: meta-dockerhub | |
| name: Metadata - Docker Hub | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.DOCKER_IMAGE_NAME }} | |
| flavor: | | |
| latest=false | |
| tags: | | |
| # version | |
| type=match,pattern=v(.*),group=1 | |
| # branch | |
| type=ref,event=branch | |
| - id: meta-dockerhub-tag | |
| name: Metadata - Docker Hub (Tags) | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ${{ env.DOCKER_IMAGE_NAME }} | |
| flavor: | | |
| latest=false | |
| tags: | | |
| # Only version, no revision | |
| type=match,pattern=v(.*),group=1 | |
| - id: meta-ghcr | |
| name: Metadata - GHCR | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.GHCR_IMAGE_NAME }} | |
| flavor: | | |
| latest=false | |
| tags: | | |
| # version | |
| type=match,pattern=v(.*),group=1 | |
| # branch | |
| type=ref,event=branch | |
| - id: meta-ghcr-tag | |
| name: Metadata - GHCR (Tags) | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ${{ env.GHCR_IMAGE_NAME }} | |
| flavor: | | |
| latest=false | |
| tags: | | |
| # version | |
| type=match,pattern=v(.*),group=1 | |
| # First, create manifests and push to GHCR | |
| # Manifest for either branch or semver | |
| - name: manifest-ghcr | |
| run: | | |
| for t in `echo '${{ steps.meta-ghcr.outputs.tags }}'`; do | |
| docker manifest create ${t} --amend ${t}-amd64 --amend ${t}-arm64v8 | |
| done | |
| # Optional manifest for tag versions (includes revisions) | |
| - name: manifest-ghcr-tags | |
| run: | | |
| for t in `echo '${{ steps.meta-ghcr-tag.outputs.tags }}'`; do | |
| docker manifest create ${t} --amend ${t}-amd64 --amend ${t}-arm64v8 | |
| docker manifest create ${{ env.GHCR_IMAGE_NAME }}:latest --amend ${t}-amd64 --amend ${t}-arm64v8 | |
| done | |
| if: startsWith(github.ref, 'refs/tags/') | |
| # Push various manifests | |
| - name: push-ghcr | |
| run: | | |
| for t in `echo '${{ steps.meta-ghcr.outputs.tags }}'`; do | |
| docker manifest push ${t} | |
| done | |
| - name: push-ghcr-tags | |
| run: | | |
| docker manifest push ${{ env.GHCR_IMAGE_NAME }}:latest | |
| for t in `echo '${{ steps.meta-ghcr-tag.outputs.tags }}'`; do | |
| docker manifest push ${t} | |
| done | |
| if: startsWith(github.ref, 'refs/tags/') | |
| # Now, create manifests for Docker Hub | |
| - name: manifest-dockerhub | |
| run: | | |
| for t in `echo '${{ steps.meta-dockerhub.outputs.tags }}'`; do | |
| docker manifest create ${t} --amend ${t}-amd64 --amend ${t}-arm64v8 | |
| done | |
| - name: manifest-dockerhub-tags | |
| run: | | |
| for t in `echo '${{ steps.meta-dockerhub-tag.outputs.tags }}'`; do | |
| docker manifest create ${t} --amend ${t}-amd64 --amend ${t}-arm64v8 | |
| docker manifest create ${{ env.DOCKER_IMAGE_NAME }}:latest --amend ${t}-amd64 --amend ${t}-arm64v8 | |
| done | |
| if: startsWith(github.ref, 'refs/tags/') | |
| - name: push-dockerhub | |
| run: | | |
| for t in `echo '${{ steps.meta-dockerhub.outputs.tags }}'`; do | |
| docker manifest push ${t} | |
| done | |
| - name: push-dockerhub-tags | |
| run: | | |
| docker manifest push ${{ env.DOCKER_IMAGE_NAME }}:latest | |
| for t in `echo '${{ steps.meta-dockerhub-tag.outputs.tags }}'`; do | |
| docker manifest push ${t} | |
| done | |
| if: startsWith(github.ref, 'refs/tags/') | |
| # Update Docker Hub from README | |
| - name: Docker Hub Description | |
| uses: peter-evans/dockerhub-description@v3 | |
| with: | |
| username: blinklabs | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| repository: ${{ env.DOCKER_IMAGE_NAME }} | |
| readme-filepath: ./README.md | |
| short-description: "GHC and Cabal built on Debian for Cardano" | |
| github-release: | |
| runs-on: ubuntu-latest | |
| needs: [multi-arch-manifest] | |
| steps: | |
| - run: "echo \"RELEASE_TAG=${GITHUB_REF#refs/tags/}\" >> $GITHUB_ENV" | |
| - uses: actions/github-script@v7 | |
| if: startsWith(github.ref, 'refs/tags/') | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| try { | |
| await github.rest.repos.createRelease({ | |
| draft: false, | |
| generate_release_notes: true, | |
| name: process.env.RELEASE_TAG, | |
| owner: context.repo.owner, | |
| prerelease: false, | |
| repo: context.repo.repo, | |
| tag_name: process.env.RELEASE_TAG, | |
| }); | |
| } catch (error) { | |
| core.setFailed(error.message); | |
| } |