From e7ac5dcf008391635a8c74df8e139fb0b77306fb Mon Sep 17 00:00:00 2001 From: Damon To Date: Wed, 26 Jun 2024 15:56:14 +0800 Subject: [PATCH] Improve GitHub Action docker workflow (#1) docker matrix build --- .github/dependabot.yml | 5 ++ .github/workflows/build.yml | 6 +- .github/workflows/deploy.yml | 1 + .github/workflows/docker.yml | 152 ++++++++++++++++++++++++++++------- Dockerfile | 6 +- scripts/deploy.sh | 2 +- 6 files changed, 136 insertions(+), 36 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index e0871f9..23138c0 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -5,6 +5,11 @@ version: 2 updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + - package-ecosystem: "gomod" # See documentation for possible values directory: "/" # Location of package manifests schedule: diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ca4dd01..ee0a987 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -20,7 +20,7 @@ jobs: target: - { os: linux, arch: amd64, name: linux-amd64 } - { os: linux, arch: arm64, name: linux-arm64 } - - { os: linux, arch: mips64, name: linux-mips64 } + - { os: linux, arch: mips64le, name: linux-mips64le } - { os: linux, arch: riscv64, name: linux-riscv64 } - { os: darwin, arch: amd64, name: macos-amd64 } - { os: darwin, arch: arm64, name: macos-arm64 } @@ -31,15 +31,18 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 + - name: Set up Go id: go uses: actions/setup-go@v5 with: go-version: 1.22 + - name: Build for ${{ matrix.target.name }} run: | VERSION=$(git describe --always --tags --match "v*" --dirty="-dev") CGO_ENABLED=0 GOOS=${{ matrix.target.os }} GOARCH=${{ matrix.target.arch }} go build -trimpath -ldflags="-w -s -X main.Version=${VERSION}" -o estkme-cloud-${{ matrix.target.os }}-${{ matrix.target.arch }} + - name: Upload ${{ matrix.target.name }} to Artifact uses: actions/upload-artifact@v4 with: @@ -59,6 +62,7 @@ jobs: with: merge-multiple: true pattern: "*" + - name: Release uses: softprops/action-gh-release@v2 with: diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 8c6e7fb..ddbf3ae 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -32,6 +32,7 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 + - name: Run deploy.sh on ${{ matrix.server.name }} env: SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index a5c6424..98be158 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -3,65 +3,48 @@ name: Docker Image on: workflow_dispatch: push: - branches: [main] tags: [v*] - paths-ignore: - - "**/*.md" - - LICENSE pull_request: branches: [main] +permissions: + contents: read + packages: write + jobs: - docker: + build: name: Build for ${{ matrix.platform }} runs-on: ubuntu-latest strategy: fail-fast: false matrix: platform: + - linux/386 - linux/amd64 - linux/arm64 - linux/arm/v7 - linux/arm/v6 - linux/riscv64 - - linux/mips64 - - linux/mips64le - permissions: - contents: read - packages: write steps: - name: Checkout code uses: actions/checkout@v4 with: fetch-depth: 0 submodules: recursive - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: | - ${{ secrets.DOCKERHUB_USERNAME }}/estkme-cloud - ghcr.io/${{ github.repository_owner }}/estkme-cloud - tags: | - type=schedule - type=ref,event=branch - type=ref,event=pr - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{major}} - type=sha + - name: Set up QEMU uses: docker/setup-qemu-action@v3 - with: - platforms: ${{ matrix.platform }} + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Login to Docker Hub if: github.event_name != 'pull_request' uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Login to GHCR if: github.event_name != 'pull_request' uses: docker/login-action@v3 @@ -69,18 +52,125 @@ jobs: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Build and push + + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ghcr.io/${{ secrets.DOCKERHUB_USERNAME }}/estkme-cloud + tags: | + type=raw,value=latest,enable={{is_default_branch}} + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=ref,event=branch + type=ref,event=tag + + - name: Build and push by digest + id: build uses: docker/build-push-action@v6 with: context: . - platforms: ${{ steps.qemu.outputs.platforms }} + platforms: ${{ matrix.platform }} build-args: | BUILDKIT_CONTEXT_KEEP_GIT_DIR=true VERSION=${{ steps.meta.outputs.version }} provenance: false - push: ${{ startsWith(github.ref, 'refs/tags/v') }} - tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} annotations: ${{ steps.meta.outputs.annotations }} cache-from: type=gha + outputs: type=image,"name=ghcr.io/${{ secrets.DOCKERHUB_USERNAME }}/estkme-cloud,docker.io/${{ github.repository_owner }}/estkme-cloud",push-by-digest=true,name-canonical=true,push=${{ startsWith(github.ref, 'refs/tags/v') }} cache-to: type=gha,mode=max + + - name: Export digest + run: | + mkdir -p /tmp/digests + digest="${{ steps.build.outputs.digest }}" + touch "/tmp/digests/${digest#sha256:}" + + - name: Prepare ENV + run: | + platform=${{ matrix.platform }} + echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + + - name: Upload digest + uses: actions/upload-artifact@v4 + with: + name: digests-${{ env.PLATFORM_PAIR }} + path: /tmp/digests/* + if-no-files-found: error + retention-days: 1 + + merge: + name: Merge and Push image manifest + runs-on: ubuntu-latest + if: ${{ startsWith(github.ref, 'refs/tags/v') }} + needs: + - build + steps: + - name: Download digests + uses: actions/download-artifact@v4 + with: + path: /tmp/digests + pattern: digests-* + merge-multiple: true + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ghcr.io/${{ github.repository_owner }}/estkme-cloud + docker.io/${{ secrets.DOCKERHUB_USERNAME }}/estkme-cloud + tags: | + type=raw,value=latest,enable={{is_default_branch}} + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=ref,event=branch + type=ref,event=tag + env: + DOCKER_METADATA_ANNOTATIONS_LEVELS: index + + - name: Login to Docker Hub + if: github.event_name != 'pull_request' + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Login to GHCR + if: github.event_name != 'pull_request' + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Create manifest list and push + working-directory: /tmp/digests + run: | + set -x + annotations=$(jq -cr '.annotations | map((split("=")[0] + "=\"" + split("=")[1] + "\"") | "--annotation " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") + tags=$(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") + eval "docker buildx imagetools create $annotations $tags $(printf 'ghcr.io/${{ github.repository_owner }}/estkme-cloud@sha256:%s ' *)" + + - name: Inspect image + run: | + docker buildx imagetools inspect docker.io/${{ secrets.DOCKERHUB_USERNAME }}/estkme-cloud:${{ steps.meta.outputs.version }} + docker buildx imagetools inspect ghcr.io/${{ github.repository_owner }}/estkme-cloud:${{ steps.meta.outputs.version }} + + cleanup: + name: Cleanup + runs-on: ubuntu-latest + needs: + - merge + steps: + - name: Delete Untagged Packages + uses: dataaxiom/ghcr-cleanup-action@v1 + with: + token: ${{ github.token }} diff --git a/Dockerfile b/Dockerfile index 558be92..4281829 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,7 +7,7 @@ RUN apk add --no-cache git gcc cmake make musl-dev curl-dev COPY . . -RUN set -ex \ +RUN set -eux \ && cd lpac \ && cmake . -DLPAC_WITH_APDU_PCSC=off -DLPAC_WITH_APDU_AT=off \ && make -j$(nproc) @@ -21,7 +21,7 @@ ARG VERSION COPY . . -RUN set -ex \ +RUN set -eux \ && CGO_ENABLED=0 go build -trimpath -ldflags="-w -s -X main.Version=${VERSION}" -o estkme-cloud main.go # Production @@ -32,7 +32,7 @@ WORKDIR /app COPY --from=lpac-builder /app/lpac/output/lpac /app/lpac COPY --from=estkme-cloud-builder /app/estkme-cloud /app/estkme-cloud -RUN set -ex \ +RUN set -eux \ && apk add --no-cache libcurl EXPOSE 1888 diff --git a/scripts/deploy.sh b/scripts/deploy.sh index cbc0d19..9896904 100755 --- a/scripts/deploy.sh +++ b/scripts/deploy.sh @@ -1,6 +1,6 @@ #!/bin/bash -set -xe +set -eux DST_DIR="/opt/estkme-cloud"