Skip to content

Use mbedTLS 3.6.2 released a few days ago (Oct 15, 2024) #412

Use mbedTLS 3.6.2 released a few days ago (Oct 15, 2024)

Use mbedTLS 3.6.2 released a few days ago (Oct 15, 2024) #412

Workflow file for this run

name: ftl-build builds
on:
pull_request:
paths:
- 'ftl-build/**'
- '.github/workflows/ftl-build.yml'
push:
branches:
- '**'
tags:
- "**"
paths:
- 'ftl-build/**'
- '.github/workflows/ftl-build.yml'
- '.github/actions/**'
workflow_dispatch:
schedule:
# 1:30am UTC every Sunday, has no particular significance
- cron: "30 1 * * 0"
env:
DOCKER_REGISTRY_IMAGE: ${{ secrets.DOCKERHUB_NAMESPACE }}/ftl-build
GITHUB_REGISTRY_IMAGE: ghcr.io/${{ github.repository_owner }}/ftl-build
jobs:
build-and-test:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- platform: linux/amd64
- platform: linux/386
- platform: linux/arm/v6
- platform: linux/arm/v7
- platform: linux/arm64/v8
- platform: linux/riscv64
steps:
-
name: Prepare name for digest up/download
run: |
platform=${{ matrix.platform }}
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
-
name: Checkout Repo
uses: actions/checkout@v4
-
name: Docker meta (Docker Hub and GitHub Container Registry)
id: meta
uses: docker/metadata-action@v5
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
images: |
${{ env.DOCKER_REGISTRY_IMAGE }},enable=${{ github.event_name != 'workflow_dispatch' }}
${{ env.GITHUB_REGISTRY_IMAGE }},enable=${{ github.event_name != 'workflow_dispatch' }}
foo/bar,enable=${{ github.event_name == 'workflow_dispatch' }}
tags: |
type=ref,event=branch,enable=${{ github.event_name != 'schedule' }}
-
name: Login to DockerHub and GitHub Container Registry
if: github.event_name != 'pull_request'
uses: ./.github/actions/login-repo
with:
docker_username: ${{ secrets.DOCKERHUB_USER }}
docker_password: ${{ secrets.DOCKERHUB_PASS }}
ghcr_username: ${{ github.repository_owner }}
ghcr_password: ${{ secrets.GITHUB_TOKEN }}
-
# Add support for more platforms with QEMU (optional)
# https://github.com/docker/setup-qemu-action
name: Set up QEMU
uses: docker/setup-qemu-action@v3
with:
platforms: all
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Build container and test-compile FTL
uses: docker/build-push-action@v6
with:
context: ftl-build
platforms: ${{ matrix.platform }}
push: false
target: tester
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
-
name: Push builder target and push by digest
if: github.event_name != 'pull_request'
id: build_docker
uses: docker/build-push-action@v6
with:
context: ftl-build
platforms: ${{ matrix.platform }}
push: ${{ github.event_name != 'workflow_dispatch' }}
target: builder
labels: ${{ steps.meta.outputs.labels }}
outputs: |
type=image,name=${{ env.DOCKER_REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true
type=image,name=${{ env.GITHUB_REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true
-
name: Export digests
if: github.event_name != 'pull_request'
run: |
mkdir -p /tmp/digests/
digest_docker="${{ steps.build_docker.outputs.digest }}"
touch "/tmp/digests/${digest_docker#sha256:}"
-
name: Upload digest
if: github.event_name != 'pull_request'
uses: actions/upload-artifact@v4
with:
name: digests-${{ env.PLATFORM_PAIR }}
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1
# Merge all the digests into a single file
# If we would push immediately above, the individual runners would overwrite each other's images
# https://docs.docker.com/build/ci/github-actions/multi-platform/#distribute-build-across-multiple-runners
merge-and-deploy:
if: github.event_name != 'pull_request'
runs-on: ubuntu-latest
needs:
- build-and-test
steps:
-
name: Checkout Repo
uses: actions/checkout@v4
-
name: Download digests
uses: actions/download-artifact@v4
with:
path: /tmp/digests
pattern: digests-*
merge-multiple: true
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Login to DockerHub and GitHub Container Registry
uses: ./.github/actions/login-repo
with:
docker_username: ${{ secrets.DOCKERHUB_USER }}
docker_password: ${{ secrets.DOCKERHUB_PASS }}
ghcr_username: ${{ github.repository_owner }}
ghcr_password: ${{ secrets.GITHUB_TOKEN }}
-
name: Docker meta
id: meta_docker
uses: docker/metadata-action@v5
with:
images: |
${{ env.DOCKER_REGISTRY_IMAGE }},enable=${{ github.event_name != 'workflow_dispatch' }}
${{ env.GITHUB_REGISTRY_IMAGE }},enable=${{ github.event_name != 'workflow_dispatch' }}
# We want to tag the image with the latest tag if the workflow was triggered by a tag
flavor: |
latest=${{ startsWith(github.ref, 'refs/tags/') }}
# tags:
# type=schedule means that a tag is applied when the workflow is triggered by a schedule event
# type=ref,event=branch means that a tag is applied when the workflow is triggered by a push to a branch
# type=ref,event=tag means that a tag is applied when the workflow is triggered by a push to a tag
tags: |
type=schedule,enable=${{ github.event_name == 'schedule' }}
type=ref,event=branch,enable=${{ github.event_name != 'schedule' }}
type=ref,event=tag
-
name: Create manifest list and push to repository DockerHub and GitHub Container Registry)
working-directory: /tmp/digests
run: |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ env.GITHUB_REGISTRY_IMAGE }}@sha256:%s ' *)
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ env.DOCKER_REGISTRY_IMAGE }}@sha256:%s ' *)
-
name: Inspect images
shell: bash
run: |
docker buildx imagetools inspect ${{ env.DOCKER_REGISTRY_IMAGE }}:${{ steps.meta_docker.outputs.version }}
docker buildx imagetools inspect ${{ env.GITHUB_REGISTRY_IMAGE }}:${{ steps.meta_docker.outputs.version }}