Skip to content

Add a check that ruleset file still exists to appsec:ruleset:update #7378

Add a check that ruleset file still exists to appsec:ruleset:update

Add a check that ruleset file still exists to appsec:ruleset:update #7378

Workflow file for this run

name: Build Ruby
on:
workflow_dispatch:
inputs:
push:
description: Push images
required: true
type: boolean
default: true
push:
branches:
- "**"
env:
REGISTRY: ghcr.io
jobs:
build:
strategy:
fail-fast: false
matrix:
include:
- engine: ruby
version: 2.5.9
dockerfile: Dockerfile-2.5.9
- engine: ruby
version: 2.6.10
dockerfile: Dockerfile-2.6.10
- engine: ruby
version: 2.7.8
dockerfile: Dockerfile-2.7.8
- engine: ruby
version: 3.0.7
dockerfile: Dockerfile-3.0.7
- engine: ruby
version: 3.1.6
dockerfile: Dockerfile-3.1.6
- engine: ruby
version: 3.2.4
dockerfile: Dockerfile-3.2.4
- engine: ruby
version: 3.3.2
dockerfile: Dockerfile-3.3.2
- engine: ruby
version: 3.4.0
dockerfile: Dockerfile-3.4.0
# ADD NEW RUBIES HERE
- engine: jruby
version: 9.2.21.0
dockerfile: Dockerfile-jruby-9.2.21.0
- engine: jruby
version: 9.3.9.0
dockerfile: Dockerfile-jruby-9.3.9.0
- engine: jruby
version: 9.4.7.0
dockerfile: Dockerfile-jruby-9.4.7.0
runs-on: ubuntu-latest
name: Build (${{ matrix.engine }} ${{ matrix.version }})
steps:
- name: Checkout
uses: actions/checkout@v4
# Using docker-container engine enables advanced buildx features
- name: Set up Docker container engine
run: |
docker buildx create --name=container --driver=docker-container --use --bootstrap
# First, build image for x86_64 as it will fail fast
#
# Tagging is necessary to reference the image for the testing step
# Tagging is done separately to avoid interfrence with caching
- name: Build single-arch image (x86_64)
run: |
docker buildx build . --builder=container --cache-from=type=registry,ref=${{ env.REGISTRY }}/datadog/dd-trace-rb/${{ matrix.engine }}:${{ matrix.version }}-dd --output=type=image,push=false --platform linux/x86_64 -f ${{ matrix.dockerfile }}
working-directory: .circleci/images/primary
- name: Tag single-arch image (x86_64)
run: |
docker buildx build . --builder=container --cache-from=type=registry,ref=${{ env.REGISTRY }}/datadog/dd-trace-rb/${{ matrix.engine }}:${{ matrix.version }}-dd --load --platform linux/x86_64 -f ${{ matrix.dockerfile }} --tag ${{ env.REGISTRY }}/datadog/dd-trace-rb/${{ matrix.engine }}:${{ matrix.version }}-dd
working-directory: .circleci/images/primary
- name: Test single-arch image (x86_64)
run: |
docker run --platform linux/x86_64 --rm ${{ env.REGISTRY }}/datadog/dd-trace-rb/${{ matrix.engine }}:${{ matrix.version }}-dd ruby -e 'puts RUBY_DESCRIPTION'
docker run --platform linux/x86_64 --rm ${{ env.REGISTRY }}/datadog/dd-trace-rb/${{ matrix.engine }}:${{ matrix.version }}-dd gem --version
docker run --platform linux/x86_64 --rm ${{ env.REGISTRY }}/datadog/dd-trace-rb/${{ matrix.engine }}:${{ matrix.version }}-dd bundle --version
# Then, build image for aarch64 which, being emulated under qemu, is slower
#
# Tagging is necessary to reference the image for the testing step
# Tagging is done separately to avoid interfrence with caching
# Start by enabling qemu for aarch64
- name: Enable aarch64 emulation (x86_64)
run: |
docker run --privileged --rm tonistiigi/binfmt --install arm64
- name: Build single-arch image (aarch64)
run: |
docker buildx build . --builder=container --cache-from=type=registry,ref=${{ env.REGISTRY }}/datadog/dd-trace-rb/${{ matrix.engine }}:${{ matrix.version }}-dd --output=type=image,push=false --platform linux/aarch64 -f ${{ matrix.dockerfile }}
working-directory: .circleci/images/primary
- name: Tag single-arch image (aarch64)
run: |
docker buildx build . --builder=container --cache-from=type=registry,ref=${{ env.REGISTRY }}/datadog/dd-trace-rb/${{ matrix.engine }}:${{ matrix.version }}-dd --load --platform linux/aarch64 -f ${{ matrix.dockerfile }} --tag ${{ env.REGISTRY }}/datadog/dd-trace-rb/${{ matrix.engine }}:${{ matrix.version }}-dd
working-directory: .circleci/images/primary
- name: Test single-arch image (aarch64)
run: |
docker run --platform linux/aarch64 --rm ${{ env.REGISTRY }}/datadog/dd-trace-rb/${{ matrix.engine }}:${{ matrix.version }}-dd ruby -e 'puts RUBY_DESCRIPTION'
docker run --platform linux/aarch64 --rm ${{ env.REGISTRY }}/datadog/dd-trace-rb/${{ matrix.engine }}:${{ matrix.version }}-dd gem --version
docker run --platform linux/aarch64 --rm ${{ env.REGISTRY }}/datadog/dd-trace-rb/${{ matrix.engine }}:${{ matrix.version }}-dd bundle --version
# Finally, assemble multi-arch image for a combined push to the registry
#
# This reruns docker build but layers are in the cache, so it's fast
- name: Log in to the Container Registry
if: ${{ inputs.push }}
run: |
echo ${{ secrets.GITHUB_TOKEN }} | docker login ${{ env.REGISTRY }} -u ${{ github.actor }} --password-stdin
- name: Build multi-arch image (x86_64, aarch64)
if: ${{ inputs.push }}
run: |
docker buildx build . --builder=container --cache-from=type=registry,ref=${{ env.REGISTRY }}/datadog/dd-trace-rb/${{ matrix.engine }}:${{ matrix.version }}-dd --output=type=image,push=true --build-arg BUILDKIT_INLINE_CACHE=1 --platform linux/x86_64,linux/aarch64 -f ${{ matrix.dockerfile }} --tag ${{ env.REGISTRY }}/datadog/dd-trace-rb/${{ matrix.engine }}:${{ matrix.version }}-dd
working-directory: .circleci/images/primary