From 146518d11352e841369752d097a17dc7d366290a Mon Sep 17 00:00:00 2001 From: jon r Date: Wed, 22 May 2024 23:17:25 +0200 Subject: [PATCH] Feat(CI): add pipeline to build all images --- .github/workflows/build.all.yml | 789 ++++++++++++++++++++++++++++++++ 1 file changed, 789 insertions(+) create mode 100644 .github/workflows/build.all.yml diff --git a/.github/workflows/build.all.yml b/.github/workflows/build.all.yml new file mode 100644 index 0000000..ddde22b --- /dev/null +++ b/.github/workflows/build.all.yml @@ -0,0 +1,789 @@ +name: Build all images + +on: + workflow_dispatch: + inputs: + + ref: + description: "Reference for a git object to check out, string" + required: false + type: string + + + platforms: + description: "Mandatory comma-separated list of CPU platforms to build for, string" + required: false + type: string + default: linux/amd64 + #default: linux/amd64,linux/arm64 + image-name: + description: "Mandatory name of the image to build, string" + required: true + type: string + default: pretalx + + + base-image: + type: string + required: false + default: docker.io/library/python + base-tag: + type: string + required: false + default: 3.12-bookworm + + build-args: + description: "Optional build arguments, takes a YAML multiline string | with ENV=variables" + type: string + required: false + default: "" + image-tags: + description: "Optional additional image tags, takes a YAML multiline string |" + type: string + required: false + default: "" + context: + description: "Optional build context, defaults to the ref that triggered the run, and not ./ in the checkout root, string" + type: string + required: false + default: "./context/default" + file: + description: "Optional path to a Dockerfile to build, relative to the build context, string" + type: string + required: false + default: Dockerfile + + + docker_io: + description: "Optional toggle for disabling Docker Hub Registry, boolean" + type: boolean + required: false + default: true + ghcr_io: + description: "Optional toggle for disabling GitHub Container Registry, boolean" + type: boolean + required: false + default: true + +permissions: + contents: read + id-token: write + packages: write + +env: + docker_io: ${{ inputs.docker_io && secrets.DOCKER_USERNAME != null && secrets.DOCKER_PASSWORD != null }} + +jobs: + + # pretalx/base:* + base: + + name: Build base image + runs-on: ubuntu-latest + + outputs: + imageid: ${{ steps.build-push.outputs.imageid }} + digest: ${{ steps.build-push.outputs.digest }} + metadata: ${{ steps.build-push.outputs.metadata }} + + steps: + + - + name: Checkout repository + uses: actions/checkout@v4 + + + - + name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + context: git + images: | + name=ghcr.io/${{ github.repository_owner }}/base,enable=${{ inputs.ghcr_io }} + labels: | + org.opencontainers.image.title=Pretalx base + org.opencontainers.image.vendor=Pretalx Community + org.opencontainers.image.description=An unprivileged Pretalx base image + org.opencontainers.image.licenses=CC0 + + tags: | + type=match,pattern=v(.*),group=1 + type=ref,event=branch + type=ref,event=tag + type=ref,event=pr + type=sha + ${{ inputs.image-tags }} + + - + name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + + - + name: Login to GitHub Packages Registry + uses: docker/login-action@v3 + if: github.event_name != 'pull_request' && inputs.ghcr_io + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + + - + name: Build and push Container image + uses: docker/build-push-action@v5 + id: build-push + with: + provenance: false + target: base + push: "${{ github.event_name != 'pull_request' }}" + platforms: "${{ inputs.platforms }}" + context: "{{ defaultContext }}:${{ inputs.context }}" + file: "${{ inputs.file }}" + build-args: | + BASE_IMAGE=${{ inputs.base-image }} + BASE_TAG=${{ inputs.base-tag }} + tags: "${{ steps.meta.outputs.tags }}" + labels: "${{ steps.meta.outputs.labels }}" + outputs: "type=docker,dest=/tmp/pretalx-base.tar" + + - + name: Upload artifact + uses: actions/upload-artifact@v4 + with: + name: pretalx-base + path: /tmp/pretalx-base.tar + + + # pretalx/pretalx:* + default: + + name: Build default image + needs: base + runs-on: ubuntu-latest + + outputs: + imageid: ${{ steps.build-push.outputs.imageid }} + digest: ${{ steps.build-push.outputs.digest }} + metadata: ${{ steps.build-push.outputs.metadata }} + + steps: + + - + name: Download artifact + uses: actions/download-artifact@v4 + with: + name: pretalx-base + path: /tmp + - + name: Load image + run: | + docker load --input /tmp/pretalx-base.tar + docker image ls -a + + - + name: Checkout repository + uses: actions/checkout@v4 + + + - + name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + context: git + images: | + name=ghcr.io/${{ github.repository_owner }}/${{ inputs.image-name }},enable=${{ inputs.ghcr_io }} + name=docker.io/${{ github.repository_owner }}/${{ inputs.image-name }},enable=${{ env.docker_io }} + labels: | + org.opencontainers.image.title=Pretalx + org.opencontainers.image.vendor=Pretalx Community + org.opencontainers.image.description=An unprivileged Pretalx container image + org.opencontainers.image.licenses=CC0 + + tags: | + type=match,pattern=v(.*),group=1 + type=ref,event=branch + type=ref,event=tag + type=ref,event=pr + type=sha + ${{ inputs.image-tags }} + + - + name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + + - + name: Login to Docker Hub Registry + uses: docker/login-action@v3 + if: github.event_name != 'pull_request' && env.docker_io == 'true' + with: + registry: "docker.io" + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - + name: Login to GitHub Packages Registry + uses: docker/login-action@v3 + if: github.event_name != 'pull_request' && inputs.ghcr_io + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + + - + name: Build and push Container image + uses: docker/build-push-action@v5 + id: build-push + with: + provenance: false + push: "${{ github.event_name != 'pull_request' }}" + platforms: "${{ inputs.platforms }}" + context: "{{ defaultContext }}:${{ inputs.context }}" + file: "${{ inputs.file }}" + build-args: | + BASE_IMAGE=${{ github.repository_owner }}/base + BASE_TAG=${{ needs.base.outputs.digest }} + tags: "${{ steps.meta.outputs.tags }}" + labels: "${{ steps.meta.outputs.labels }}" + outputs: "type=docker,dest=/tmp/pretalx-default.tar" + + - + name: Upload artifact + uses: actions/upload-artifact@v4 + with: + name: pretalx-default + path: /tmp/pretalx-default.tar + + + # pretalx/pretalx-extended:* + extended: + + name: Build extended image + needs: default + runs-on: ubuntu-latest + + outputs: + imageid: ${{ steps.build-push.outputs.imageid }} + digest: ${{ steps.build-push.outputs.digest }} + metadata: ${{ steps.build-push.outputs.metadata }} + + steps: + + - + name: Download artifact + uses: actions/download-artifact@v4 + with: + name: pretalx-default + path: /tmp + - + name: Load image + run: | + docker load --input /tmp/pretalx-default.tar + docker image ls -a + + - + name: Checkout repository + uses: actions/checkout@v4 + + + - + name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + context: git + images: | + name=ghcr.io/${{ github.repository_owner }}/${{ inputs.image-name }}-extended,enable=${{ inputs.ghcr_io }} + name=docker.io/${{ github.repository_owner }}/${{ inputs.image-name }}-extended,enable=${{ env.docker_io }} + labels: | + org.opencontainers.image.title=Pretalx extended + org.opencontainers.image.vendor=Pretalx Community + org.opencontainers.image.description=An unprivileged Pretalx container image that is extended with cron and a series of pretalx plugins + org.opencontainers.image.licenses=CC0 + + tags: | + type=match,pattern=v(.*),group=1 + type=ref,event=branch + type=ref,event=tag + type=ref,event=pr + type=sha + ${{ inputs.image-tags }} + + - + name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + + - + name: Login to Docker Hub Registry + uses: docker/login-action@v3 + if: github.event_name != 'pull_request' && env.docker_io == 'true' + with: + registry: "docker.io" + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - + name: Login to GitHub Packages Registry + uses: docker/login-action@v3 + if: github.event_name != 'pull_request' && inputs.ghcr_io + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + + - + name: Build and push Container image + uses: docker/build-push-action@v5 + id: build-push + with: + provenance: false + push: "${{ github.event_name != 'pull_request' }}" + platforms: "${{ inputs.platforms }}" + context: "{{ defaultContext }}:./context/extended" + file: "${{ inputs.file }}" + build-args: | + BASE_IMAGE=${{ github.repository_owner }}/${{ inputs.image-name }} + BASE_TAG=${{ needs.default.outputs.digest }} + tags: "${{ steps.meta.outputs.tags }}" + labels: "${{ steps.meta.outputs.labels }}" + outputs: "type=docker,dest=/tmp/pretalx-extended.tar" + + - + name: Upload artifact + uses: actions/upload-artifact@v4 + with: + name: pretalx-default + path: /tmp/pretalx-extended.tar + + # pretalx/pretalx-extended:*-cron + extended-cron: + + name: Build extended image with cron + needs: extended + runs-on: ubuntu-latest + + outputs: + imageid: ${{ steps.build-push.outputs.imageid }} + digest: ${{ steps.build-push.outputs.digest }} + metadata: ${{ steps.build-push.outputs.metadata }} + + steps: + + - + name: Download artifact + uses: actions/download-artifact@v4 + with: + name: pretalx-extended + path: /tmp + - + name: Load image + run: | + docker load --input /tmp/pretalx-extended.tar + docker image ls -a + + - + name: Checkout repository + uses: actions/checkout@v4 + + + - + name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + context: git + images: | + name=ghcr.io/${{ github.repository_owner }}/${{ inputs.image-name }}-extended,enable=${{ inputs.ghcr_io }} + name=docker.io/${{ github.repository_owner }}/${{ inputs.image-name }}-extended,enable=${{ env.docker_io }} + labels: | + org.opencontainers.image.title=Pretalx extended and cron + org.opencontainers.image.vendor=Pretalx Community + org.opencontainers.image.description=An unprivileged Pretalx container image that is extended with cron and a series of pretalx plugins + org.opencontainers.image.licenses=CC0 + + tags: | + type=match,pattern=v(.*),group=1,suffix=-cron + type=ref,event=branch,suffix=-cron + type=ref,event=tag,suffix=-cron + type=ref,event=pr,suffix=-cron + type=sha,suffix=-cron + ${{ inputs.image-tags }} + + - + name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + + - + name: Login to Docker Hub Registry + uses: docker/login-action@v3 + if: github.event_name != 'pull_request' && env.docker_io == 'true' + with: + registry: "docker.io" + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - + name: Login to GitHub Packages Registry + uses: docker/login-action@v3 + if: github.event_name != 'pull_request' && inputs.ghcr_io + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + + - + name: Build and push Container image + uses: docker/build-push-action@v5 + id: build-push + with: + provenance: false + push: "${{ github.event_name != 'pull_request' }}" + platforms: "${{ inputs.platforms }}" + context: "{{ defaultContext }}:./context/extended" + file: "${{ inputs.file }}" + build-args: | + BASE_IMAGE=${{ github.repository_owner }}/${{ inputs.image-name }}-extended + BASE_TAG=${{ needs.extended.outputs.digest }} + tags: "${{ steps.meta.outputs.tags }}" + labels: "${{ steps.meta.outputs.labels }}" + + + # pretalx/standalone:* + standalone: + + name: Build standalone image + needs: default + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + packages: write + + outputs: + imageid: ${{ steps.build-push.outputs.imageid }} + digest: ${{ steps.build-push.outputs.digest }} + metadata: ${{ steps.build-push.outputs.metadata }} + + steps: + + - + name: Download artifact + uses: actions/download-artifact@v4 + with: + name: pretalx-default + path: /tmp + - + name: Load image + run: | + docker load --input /tmp/pretalx-default.tar + docker image ls -a + + - + name: Checkout repository + uses: actions/checkout@v4 + + + - + name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + context: git + images: | + name=ghcr.io/${{ github.repository_owner }}/standalone,enable=${{ inputs.ghcr_io }} + name=docker.io/${{ github.repository_owner }}/standalone,enable=${{ env.docker_io }} + labels: | + org.opencontainers.image.title=Pretalx standalone + org.opencontainers.image.vendor=Pretalx Community + org.opencontainers.image.description=A partially privileged and unprivileged, standalone Pretalx container image + org.opencontainers.image.licenses=CC0 + + tags: | + type=match,pattern=v(.*),group=1 + type=ref,event=branch + type=ref,event=tag + type=ref,event=pr + type=sha + ${{ inputs.image-tags }} + + - + name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + + - + name: Login to Docker Hub Registry + uses: docker/login-action@v3 + if: github.event_name != 'pull_request' && env.docker_io == 'true' + with: + registry: "docker.io" + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - + name: Login to GitHub Packages Registry + uses: docker/login-action@v3 + if: github.event_name != 'pull_request' && inputs.ghcr_io + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + + - + name: Build and push Container image + uses: docker/build-push-action@v5 + id: build-push + with: + provenance: false + push: "${{ github.event_name != 'pull_request' }}" + platforms: "${{ inputs.platforms }}" + context: "{{ defaultContext }}:./context/standalone/default" + file: "${{ inputs.file }}" + build-args: | + BASE_IMAGE=${{ github.repository_owner }}/${{ inputs.image-name }} + BASE_TAG=${{ needs.default.outputs.digest }} + tags: "${{ steps.meta.outputs.tags }}" + labels: "${{ steps.meta.outputs.labels }}" + outputs: "type=docker,dest=/tmp/pretalx-standalone.tar" + + - + name: Upload artifact + uses: actions/upload-artifact@v4 + with: + name: pretalx-standalone + path: /tmp/pretalx-standalone.tar + + + # pretalx/standalone-extended:* + standalone-extended: + + name: Build default image + needs: standalone + runs-on: ubuntu-latest + + outputs: + imageid: ${{ steps.build-push.outputs.imageid }} + digest: ${{ steps.build-push.outputs.digest }} + metadata: ${{ steps.build-push.outputs.metadata }} + + steps: + + - + name: Download artifact + uses: actions/download-artifact@v4 + with: + name: pretalx-standalone + path: /tmp + - + name: Load image + run: | + docker load --input /tmp/pretalx-standalone.tar + docker image ls -a + + - + name: Checkout repository + uses: actions/checkout@v4 + + + - + name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + context: git + images: | + name=ghcr.io/${{ github.repository_owner }}/standalone-extended,enable=${{ inputs.ghcr_io }} + name=docker.io/${{ github.repository_owner }}/standalone-extended,enable=${{ env.docker_io }} + labels: | + org.opencontainers.image.title=Pretalx standalone extended + org.opencontainers.image.vendor=Pretalx Community + org.opencontainers.image.description=A partially privileged and unprivileged, standalone Pretalx container image with plugins + org.opencontainers.image.licenses=CC0 + + tags: | + type=match,pattern=v(.*),group=1 + type=ref,event=branch + type=ref,event=tag + type=ref,event=pr + type=sha + ${{ inputs.image-tags }} + + - + name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + + - + name: Login to Docker Hub Registry + uses: docker/login-action@v3 + if: github.event_name != 'pull_request' && env.docker_io == 'true' + with: + registry: "docker.io" + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - + name: Login to GitHub Packages Registry + uses: docker/login-action@v3 + if: github.event_name != 'pull_request' && inputs.ghcr_io + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + + - + name: Build and push Container image + uses: docker/build-push-action@v5 + id: build-push + with: + provenance: false + push: "${{ github.event_name != 'pull_request' }}" + platforms: "${{ inputs.platforms }}" + context: "{{ defaultContext }}:./context/standalone/extended" + file: "${{ inputs.file }}" + build-args: | + BASE_IMAGE=${{ github.repository_owner }}/pretalx-standalone + BASE_TAG=${{ needs.standalone.outputs.digest }} + tags: "${{ steps.meta.outputs.tags }}" + labels: "${{ steps.meta.outputs.labels }}" + outputs: "type=docker,dest=/tmp/pretalx-standalone-extended.tar" + + - + name: Upload artifact + uses: actions/upload-artifact@v4 + with: + name: pretalx-default + path: /tmp/pretalx-standalone-extended.tar + + + # pretalx/standalone-extended:*-cron + standalone-extended-cron: + + name: Build default image + needs: standalone-extended + runs-on: ubuntu-latest + + outputs: + imageid: ${{ steps.build-push.outputs.imageid }} + digest: ${{ steps.build-push.outputs.digest }} + metadata: ${{ steps.build-push.outputs.metadata }} + + steps: + + - + name: Download artifact + uses: actions/download-artifact@v4 + with: + name: pretalx-standalone-extended + path: /tmp + - + name: Load image + run: | + docker load --input /tmp/pretalx-standalone-extended.tar + docker image ls -a + + - + name: Checkout repository + uses: actions/checkout@v4 + + + - + name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + context: git + images: | + name=ghcr.io/${{ github.repository_owner }}/standalone-extended,enable=${{ inputs.ghcr_io }} + name=docker.io/${{ github.repository_owner }}/standalone-extended,enable=${{ env.docker_io }} + labels: | + org.opencontainers.image.title=Pretalx standalone extended with cron + org.opencontainers.image.vendor=Pretalx Community + org.opencontainers.image.description=A partially privileged and unprivileged, standalone Pretalx container image with cron and plugins + org.opencontainers.image.licenses=CC0 + + tags: | + type=match,pattern=v(.*),group=1,suffix=-cron + type=ref,event=branch,suffix=-cron + type=ref,event=tag,suffix=-cron + type=ref,event=pr,suffix=-cron + type=sha,suffix=-cron + ${{ inputs.image-tags }} + + - + name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + + - + name: Login to Docker Hub Registry + uses: docker/login-action@v3 + if: github.event_name != 'pull_request' && env.docker_io == 'true' + with: + registry: "docker.io" + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - + name: Login to GitHub Packages Registry + uses: docker/login-action@v3 + if: github.event_name != 'pull_request' && inputs.ghcr_io + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + + - + name: Build and push Container image + uses: docker/build-push-action@v5 + id: build-push + with: + provenance: false + push: "${{ github.event_name != 'pull_request' }}" + platforms: "${{ inputs.platforms }}" + context: "{{ defaultContext }}:./context/standalone/extended.cron" + file: "${{ inputs.file }}" + build-args: | + BASE_IMAGE=${{ github.repository_owner }}/standalone-extended + BASE_TAG=${{ needs.standalone-extended.outputs.digest }} + tags: "${{ steps.meta.outputs.tags }}" + labels: "${{ steps.meta.outputs.labels }}"