try to deal with provenance issues #22
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build all images | |
| on: | |
| push: | |
| branches: [ master ] | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| define-matrix: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| ubuntus: ${{ steps.distros.outputs.ubuntus }} | |
| debians: ${{ steps.distros.outputs.debians }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Define Distros | |
| id: distros | |
| run: | | |
| echo "ubuntus=[$(awk -F= '/UBUNTU_DISTROS/{print $2}' ./internal/lib/distro_info.sh | sed -e 's/ /", "/g')]" >> "$GITHUB_OUTPUT" | |
| echo "debians=[$(awk -F= '/DEBIAN_DISTROS/{print $2}' ./internal/lib/distro_info.sh | sed -e 's/ /", "/g')]" >> "$GITHUB_OUTPUT" | |
| build-buildbox: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| arch: | |
| - name: amd64 | |
| runner: ubuntu-24.04 | |
| - name: arm64 | |
| runner: ubuntu-24.04-arm | |
| name: build buildbox-${{ matrix.arch.name }} | |
| runs-on: ${{ matrix.arch.runner }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Prepare | |
| run: | | |
| echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV | |
| echo "BUILDBOX_IMAGE_VERSION=$(./internal/lib/docker_image_info.sh buildbox_version)" >> $GITHUB_ENV | |
| echo "BUILDBOX_IMAGE_NAME=$(./internal/lib/docker_image_info.sh buildbox_name)" >> $GITHUB_ENV | |
| env: | |
| platform: linux/${{ matrix.arch.name }} | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ghcr.io/${{ env.BUILDBOX_IMAGE_NAME }} | |
| tags: | | |
| type=raw,value=${{ env.BUILDBOX_IMAGE_VERSION }}-${{ matrix.arch.name }} | |
| type=edge,enable=true,priority=700,prefix=,suffix=${{ matrix.arch.name }},branch=$repo.default_branch | |
| - name: Login to GHCR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build and push by tag | |
| id: build | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: ./docker-images/buildbox | |
| file: ./docker-images/buildbox/Dockerfile | |
| platforms: linux/${{ matrix.arch.name }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| outputs: "type=image,name=ghcr.io/${{ env.BUILDBOX_IMAGE_NAME }},push-by-digest=false,name-canonical=true,push=true" | |
| - name: Export digest | |
| run: | | |
| mkdir -p /tmp/digests | |
| digest="${{ steps.build.outputs.digest }}" | |
| touch "/tmp/digests/${digest#sha256:}" | |
| - name: Upload digest | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: digests-buildbox-${{ env.PLATFORM_PAIR }} | |
| path: /tmp/digests/* | |
| if-no-files-found: error | |
| retention-days: 1 | |
| build-ubuntus: | |
| needs: define-matrix | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| distro: ${{ fromJSON(needs.define-matrix.outputs.ubuntus) }} | |
| arch: | |
| - name: amd64 | |
| runner: ubuntu-24.04 | |
| - name: arm64 | |
| runner: ubuntu-24.04-arm | |
| name: build testbox ubuntu-${{ matrix.distro }}-${{ matrix.arch.name }} | |
| runs-on: ${{ matrix.arch.runner }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Prepare | |
| run: | | |
| echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV | |
| echo "TESTBOX_IMAGE_VERSION=$(./internal/lib/docker_image_info.sh testbox_version)" >> $GITHUB_ENV | |
| export "TESTBOX_BASE_NAME=$(./internal/lib/docker_image_info.sh testbox_base_name)" | |
| echo "TESTBOX_BASE_NAME=$TESTBOX_BASE_NAME" >> $GITHUB_ENV | |
| echo "TESTBOX_IMAGE_NAME=${TESTBOX_BASE_NAME}_ubuntu_${distro//\./_}" >> $GITHUB_ENV | |
| env: | |
| platform: linux/${{ matrix.arch.name }} | |
| distro: ${{ matrix.distro }} | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ghcr.io/${{ env.TESTBOX_IMAGE_NAME }} | |
| tags: | | |
| type=raw,value=${{ env.TESTBOX_IMAGE_VERSION }}-${{ matrix.arch.name }} | |
| type=edge,enable=true,priority=700,prefix=,suffix=${{ matrix.arch.name }},branch=$repo.default_branch | |
| - name: Login to GHCR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build and push by tag | |
| id: build | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: ./docker-images/testbox-ubuntu-${{ matrix.distro }} | |
| file: ./docker-images/testbox-ubuntu-${{ matrix.distro }}/Dockerfile | |
| platforms: linux/${{ matrix.arch.name }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| outputs: "type=image,name=ghcr.io/${{ env.TESTBOX_IMAGE_NAME }},push-by-digest=false,name-canonical=true,push=true" | |
| - name: Export digest | |
| run: | | |
| mkdir -p /tmp/digests | |
| digest="${{ steps.build.outputs.digest }}" | |
| touch "/tmp/digests/${digest#sha256:}" | |
| - name: Upload digest | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: digests-ubuntu-${{ matrix.distro }}-${{ env.PLATFORM_PAIR }} | |
| path: /tmp/digests/* | |
| if-no-files-found: error | |
| retention-days: 1 | |
| build-debians: | |
| needs: define-matrix | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| distro: ${{ fromJSON(needs.define-matrix.outputs.debians) }} | |
| arch: | |
| - name: amd64 | |
| runner: ubuntu-24.04 | |
| - name: arm64 | |
| runner: ubuntu-24.04-arm | |
| runs-on: ${{ matrix.arch.runner }} | |
| name: build testbox debian-${{ matrix.distro }}-${{ matrix.arch.name }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Prepare | |
| run: | | |
| echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV | |
| echo "TESTBOX_IMAGE_VERSION=$(./internal/lib/docker_image_info.sh testbox_version)" >> $GITHUB_ENV | |
| export "TESTBOX_BASE_NAME=$(./internal/lib/docker_image_info.sh testbox_base_name)" | |
| echo "TESTBOX_BASE_NAME=$TESTBOX_BASE_NAME" >> $GITHUB_ENV | |
| echo "TESTBOX_IMAGE_NAME=${TESTBOX_BASE_NAME}_debian_${{ matrix.distro }}" >> $GITHUB_ENV | |
| env: | |
| platform: linux/${{ matrix.arch.name }} | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ghcr.io/${{ env.TESTBOX_IMAGE_NAME }} | |
| tags: | | |
| type=raw,value=${{ env.TESTBOX_IMAGE_VERSION }}-${{ matrix.arch.name }} | |
| type=edge,enable=true,priority=700,prefix=,suffix=-${{ matrix.arch.name }},branch=$repo.default_branch | |
| - name: Login to GHCR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build and push by tag | |
| id: build | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: ./docker-images/testbox-debian-${{ matrix.distro }} | |
| file: ./docker-images/testbox-debian-${{ matrix.distro }}/Dockerfile | |
| platforms: linux/${{ matrix.arch.name }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| outputs: "type=image,name=ghcr.io/${{ env.TESTBOX_IMAGE_NAME }},push-by-digest=false,name-canonical=true,push=true" | |
| - name: Export digest | |
| run: | | |
| mkdir -p /tmp/digests | |
| digest="${{ steps.build.outputs.digest }}" | |
| touch "/tmp/digests/${digest#sha256:}" | |
| - name: Upload digest | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: digests-debian-${{ matrix.distro }}-${{ env.PLATFORM_PAIR }} | |
| path: /tmp/digests/* | |
| if-no-files-found: error | |
| retention-days: 1 | |
| merge-buildbox: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build-buildbox | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Prepare env | |
| run: | | |
| echo "BUILDBOX_IMAGE_VERSION=$(./internal/lib/docker_image_info.sh buildbox_version)" >> $GITHUB_ENV | |
| echo "BUILDBOX_IMAGE_NAME=$(./internal/lib/docker_image_info.sh buildbox_name)" >> $GITHUB_ENV | |
| - name: Login to GHCR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Download digests | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: /tmp/digests | |
| pattern: digests-buildbox-* | |
| merge-multiple: true | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ghcr.io/${{ env.BUILDBOX_IMAGE_NAME }} | |
| tags: | | |
| type=raw,value=${{ env.BUILDBOX_IMAGE_VERSION }} | |
| type=raw,value=latest | |
| type=edge,enable=true,priority=700,prefix=,suffix=,branch=$repo.default_branch | |
| - name: Create manifest list and push | |
| working-directory: /tmp/digests | |
| run: docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $(printf 'ghcr.io/${{ env.BUILDBOX_IMAGE_NAME }}@sha256:%s ' *) | |
| - name: Inspect image | |
| run: docker buildx imagetools inspect ghcr.io/${{ env.BUILDBOX_IMAGE_NAME }}:${{ steps.meta.outputs.version }} | |
| merge-ubuntus: | |
| name: Merge Ubuntu ${{ matrix.distro }} Testbox images | |
| runs-on: ubuntu-latest | |
| needs: | |
| - define-matrix | |
| - build-ubuntus | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| distro: ${{ fromJSON(needs.define-matrix.outputs.ubuntus) }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Prepare env | |
| run: | | |
| echo "TESTBOX_IMAGE_VERSION=$(./internal/lib/docker_image_info.sh testbox_version)" >> $GITHUB_ENV | |
| echo "TESTBOX_IMAGE_NAME=$(./internal/lib/docker_image_info.sh testbox_base_name)_ubuntu_${distro//\./_}" >> $GITHUB_ENV | |
| env: | |
| distro: ${{ matrix.distro }} | |
| - name: Login to GHCR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Download digests | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: /tmp/digests | |
| pattern: digests-ubuntu-${{ matrix.distro }}-* | |
| merge-multiple: true | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ghcr.io/${{ env.TESTBOX_IMAGE_NAME }} | |
| tags: | | |
| type=raw,value=${{ env.TESTBOX_IMAGE_VERSION }} | |
| type=raw,value=latest | |
| type=edge,enable=true,priority=700,prefix=,suffix=,branch=$repo.default_branch | |
| - name: Create manifest list and push | |
| working-directory: /tmp/digests | |
| run: docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $(printf 'ghcr.io/${{ env.TESTBOX_IMAGE_NAME }}@sha256:%s ' *) | |
| - name: Inspect image | |
| run: docker buildx imagetools inspect ghcr.io/${{ env.TESTBOX_IMAGE_NAME }}:${{ steps.meta.outputs.version }} | |
| merge-debians: | |
| name: Merge Debian ${{ matrix.distro }} Testbox images | |
| runs-on: ubuntu-latest | |
| needs: | |
| - define-matrix | |
| - build-debians | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| distro: ${{ fromJSON(needs.define-matrix.outputs.debians) }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Prepare env | |
| run: | | |
| echo "TESTBOX_IMAGE_VERSION=$(./internal/lib/docker_image_info.sh testbox_version)" >> $GITHUB_ENV | |
| echo "TESTBOX_IMAGE_NAME=$(./internal/lib/docker_image_info.sh testbox_base_name)_debian_${distro//\./_}" >> $GITHUB_ENV | |
| env: | |
| distro: ${{ matrix.distro }} | |
| - name: Login to GHCR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Download digests | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: /tmp/digests | |
| pattern: digests-debian-${{ matrix.distro }}-* | |
| merge-multiple: true | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ghcr.io/${{ env.TESTBOX_IMAGE_NAME }} | |
| tags: | | |
| type=raw,value=${{ env.TESTBOX_IMAGE_VERSION }} | |
| type=raw,value=latest | |
| type=edge,enable=true,priority=700,prefix=,suffix=,branch=$repo.default_branch | |
| - name: Create manifest list and push | |
| working-directory: /tmp/digests | |
| run: docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $(printf 'ghcr.io/${{ env.TESTBOX_IMAGE_NAME }}@sha256:%s ' *) | |
| - name: Inspect image | |
| run: docker buildx imagetools inspect ghcr.io/${{ env.TESTBOX_IMAGE_NAME }}:${{ steps.meta.outputs.version }} |