ftl-build builds #746
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ftl-build builds | |
| on: | |
| push: | |
| branches: | |
| - '**' | |
| tags: | |
| - '**' | |
| pull_request: | |
| workflow_dispatch: | |
| release: | |
| types: [published] | |
| schedule: | |
| # 1:30am UTC every Sunday, has no particular significance | |
| - cron: "30 1 * * 0" | |
| env: | |
| DOCKER_REGISTRY_IMAGE: ${{ secrets.DOCKERHUB_NAMESPACE }}/ftl-build | |
| GITHUB_REGISTRY_IMAGE: ghcr.io/${{ github.repository_owner }}/ftl-build | |
| permissions: | |
| contents: read | |
| jobs: | |
| smoke-tests: | |
| if: | | |
| github.event_name == 'push' | |
| || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) | |
| || github.event_name == 'workflow_dispatch' | |
| || github.event_name == 'schedule' | |
| || github.event_name == 'release' | |
| outputs: | |
| DO_DEPLOY: ${{ steps.variables.outputs.DO_DEPLOY }} | |
| DOCKER_REGISTRY_IMAGE: ${{ env.DOCKER_REGISTRY_IMAGE }} | |
| GITHUB_REGISTRY_IMAGE: ${{ env.GITHUB_REGISTRY_IMAGE }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - | |
| name: "Calculate required variables" | |
| id: variables | |
| run: | | |
| echo "DO_DEPLOY=${{ github.event_name != 'pull_request' && secrets.DOCKERHUB_PASS != '' && github.actor != 'dependabot[bot]' }}" >> $GITHUB_OUTPUT | |
| # FIXME: can't use env object in reusable workflow inputs: https://github.com/orgs/community/discussions/26671 | |
| - | |
| name: "Expose registry variables for reusable workflow" | |
| run: echo "Exposing env vars for reusable workflow" | |
| build-and-test: | |
| uses: docker/github-builder/.github/workflows/build.yml@7d2a02426d4b989616ba5aaee4e879afd4134b0d #v1.6.0 | |
| needs: | |
| - smoke-tests | |
| permissions: | |
| contents: read # same as global permissions | |
| with: | |
| setup-qemu: true | |
| cache: true | |
| cache-scope: build | |
| cache-mode: max | |
| context: ftl-build | |
| fail-fast: true | |
| output: image | |
| target: test | |
| platforms: linux/amd64,linux/386,linux/arm/v6,linux/arm/v7,linux/arm64,linux/riscv64 | |
| push: false | |
| meta-images: | | |
| ${{ needs.smoke-tests.outputs.DOCKER_REGISTRY_IMAGE }} | |
| ${{ needs.smoke-tests.outputs.GITHUB_REGISTRY_IMAGE }} | |
| build-and-push: | |
| if: needs.smoke-tests.outputs.DO_DEPLOY == 'true' | |
| needs: [smoke-tests, build-and-test] | |
| uses: docker/github-builder/.github/workflows/build.yml@7d2a02426d4b989616ba5aaee4e879afd4134b0d #v1.6.0 | |
| permissions: | |
| contents: read # same as global permissions | |
| id-token: write # for signing attestation(s) with GitHub OIDC Token | |
| packages: write # required to push to GHCR | |
| with: | |
| setup-qemu: true | |
| cache: true | |
| cache-scope: build | |
| cache-mode: max | |
| context: ftl-build | |
| fail-fast: true | |
| output: image | |
| target: build | |
| platforms: linux/amd64,linux/386,linux/arm/v6,linux/arm/v7,linux/arm64,linux/riscv64 | |
| push: true | |
| set-meta-labels: true | |
| meta-images: | | |
| ${{ needs.smoke-tests.outputs.DOCKER_REGISTRY_IMAGE }} | |
| ${{ needs.smoke-tests.outputs.GITHUB_REGISTRY_IMAGE }} | |
| # meta-tags: | |
| # type=schedule, pattern=nightly means that a "nightly" tag is applied when the workflow is triggered by a schedule event | |
| # type=raw,value=nightly means that a "nightly" tag is applied when the workflow is triggerd by a push to a branch (enabled only for master branch to avoid tagging every push to other branches with "nightly") | |
| # type=ref,event=branch means that a tag is applied when the workflow is triggered by a push to a branch (enabled only for non-master branches to avoid tagging every push to master branch with the branch name) | |
| # type=ref,event=tag means that a tag is applied when the workflow is triggered by a push to a tag | |
| meta-tags: | | |
| type=schedule,pattern=nightly | |
| type=raw,value=nightly,enable=${{ github.ref == 'refs/heads/master' }} | |
| type=ref,event=branch,enable=${{ github.ref != 'refs/heads/master' }} | |
| type=ref,event=tag | |
| meta-flavor: | | |
| latest=${{ startsWith(github.ref, 'refs/tags/') }} | |
| # FIXME: GHCR does not support the referrers API and spams the registry with sha-tagged images when cosigned: https://github.com/docker/github-builder/issues/109 | |
| sign: false | |
| secrets: | |
| registry-auths: | | |
| - registry: docker.io | |
| username: ${{ secrets.DOCKERHUB_USER }} | |
| password: ${{ secrets.DOCKERHUB_PASS }} | |
| - registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} |