mirror of
https://github.com/DSpace/dspace-angular.git
synced 2025-10-07 01:54:15 +00:00
303 lines
12 KiB
YAML
303 lines
12 KiB
YAML
# DSpace Docker image build for hub.docker.com
|
|
name: Docker images
|
|
|
|
# Run this Build for all pushes to 'main' or maintenance branches, or tagged releases.
|
|
# Also run for PRs to ensure PR doesn't break Docker build process
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- 'dspace-**'
|
|
tags:
|
|
- 'dspace-**'
|
|
pull_request:
|
|
|
|
permissions:
|
|
contents: read # to fetch code (actions/checkout)
|
|
|
|
|
|
env:
|
|
REGISTRY_IMAGE: dspace/dspace-angular
|
|
# Define tags to use for Docker images based on Git tags/branches (for docker/metadata-action)
|
|
# For a new commit on default branch (main), use the literal tag 'latest' on Docker image.
|
|
# For a new commit on other branches, use the branch name as the tag for Docker image.
|
|
# For a new tag, copy that tag name as the tag for Docker image.
|
|
IMAGE_TAGS: |
|
|
type=raw,value=latest,enable=${{ endsWith(github.ref, github.event.repository.default_branch) }}
|
|
type=ref,event=branch,enable=${{ !endsWith(github.ref, github.event.repository.default_branch) }}
|
|
type=ref,event=tag
|
|
# Define default tag "flavor" for docker/metadata-action per
|
|
# https://github.com/docker/metadata-action#flavor-input
|
|
# We manage the 'latest' tag ourselves to the 'main' branch (see settings above)
|
|
TAGS_FLAVOR: |
|
|
latest=false
|
|
|
|
jobs:
|
|
#############################################################
|
|
# Build/Push the '${{ env.REGISTRY_IMAGE }}' image
|
|
#############################################################
|
|
dspace-angular:
|
|
# Ensure this job never runs on forked repos. It's only executed for 'dspace/dspace-angular'
|
|
if: github.repository == 'dspace/dspace-angular'
|
|
|
|
strategy:
|
|
matrix:
|
|
# Architectures / Platforms for which we will build Docker images
|
|
arch: ['linux/amd64', 'linux/arm64']
|
|
os: [ubuntu-latest]
|
|
isPr:
|
|
- ${{ github.event_name == 'pull_request' }}
|
|
# If this is a PR, we ONLY build for AMD64. For PRs we only do a sanity check test to ensure Docker builds work.
|
|
# The below exclude therefore ensures we do NOT build ARM64 for PRs.
|
|
exclude:
|
|
- isPr: true
|
|
os: ubuntu-latest
|
|
arch: linux/arm64
|
|
|
|
runs-on: ${{ matrix.os }}
|
|
steps:
|
|
# https://github.com/actions/checkout
|
|
- name: Checkout codebase
|
|
uses: actions/checkout@v4
|
|
|
|
# https://github.com/docker/setup-buildx-action
|
|
- name: Setup Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
# https://github.com/docker/setup-qemu-action
|
|
- name: Set up QEMU emulation to build for multiple architectures
|
|
uses: docker/setup-qemu-action@v3
|
|
|
|
# https://github.com/docker/login-action
|
|
- name: Login to DockerHub
|
|
# Only login if not a PR, as PRs only trigger a Docker build and not a push
|
|
if: ${{ ! matrix.isPr }}
|
|
uses: docker/login-action@v3
|
|
with:
|
|
username: ${{ secrets.DOCKER_USERNAME }}
|
|
password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
|
|
|
|
# https://github.com/docker/metadata-action
|
|
# Get Metadata for docker_build step below
|
|
- name: Sync metadata (tags, labels) from GitHub to Docker for 'dspace-angular' image
|
|
id: meta_build
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: ${{ env.REGISTRY_IMAGE }}
|
|
tags: ${{ env.IMAGE_TAGS }}
|
|
flavor: ${{ env.TAGS_FLAVOR }}
|
|
|
|
# https://github.com/docker/build-push-action
|
|
- name: Build and push 'dspace-angular' image
|
|
id: docker_build
|
|
uses: docker/build-push-action@v5
|
|
with:
|
|
context: .
|
|
file: ./Dockerfile
|
|
platforms: ${{ matrix.arch }}
|
|
# For pull requests, we run the Docker build (to ensure no PR changes break the build),
|
|
# but we ONLY do an image push to DockerHub if it's NOT a PR
|
|
push: ${{ ! matrix.isPr }}
|
|
# Use tags / labels provided by 'docker/metadata-action' above
|
|
tags: ${{ steps.meta_build.outputs.tags }}
|
|
labels: ${{ steps.meta_build.outputs.labels }}
|
|
|
|
# Export the digest of Docker build locally (for non PRs only)
|
|
- name: Export digest
|
|
if: ${{ ! matrix.isPr }}
|
|
run: |
|
|
mkdir -p /tmp/digests
|
|
digest="${{ steps.docker_build.outputs.digest }}"
|
|
touch "/tmp/digests/${digest#sha256:}"
|
|
|
|
# Upload digest to an artifact, so that it can be used in manifest below
|
|
- name: Upload digest
|
|
if: ${{ ! matrix.isPr }}
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: digests
|
|
path: /tmp/digests/*
|
|
if-no-files-found: error
|
|
retention-days: 1
|
|
|
|
# Merge digests into a manifest.
|
|
# This runs after all Docker builds complete above, and it tells hub.docker.com
|
|
# that these builds should be all included in the manifest for this tag.
|
|
# (e.g. AMD64 and ARM64 should be listed as options under the same tagged Docker image)
|
|
# Borrowed from https://docs.docker.com/build/ci/github-actions/multi-platform/#distribute-build-across-multiple-runners
|
|
dspace-angular_manifest:
|
|
if: ${{ github.event_name != 'pull_request' }}
|
|
runs-on: ubuntu-latest
|
|
needs:
|
|
- dspace-angular
|
|
steps:
|
|
- name: Download digests
|
|
uses: actions/download-artifact@v3
|
|
with:
|
|
name: digests
|
|
path: /tmp/digests
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Add Docker metadata for image
|
|
id: meta
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: ${{ env.REGISTRY_IMAGE }}
|
|
tags: ${{ env.IMAGE_TAGS }}
|
|
flavor: ${{ env.TAGS_FLAVOR }}
|
|
|
|
- name: Login to Docker Hub
|
|
uses: docker/login-action@v3
|
|
with:
|
|
username: ${{ secrets.DOCKER_USERNAME }}
|
|
password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
|
|
|
|
- name: Create manifest list from digests and push
|
|
working-directory: /tmp/digests
|
|
run: |
|
|
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
|
|
$(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)
|
|
|
|
- name: Inspect image
|
|
run: |
|
|
docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }}
|
|
|
|
#############################################################
|
|
# Build/Push the '${{ env.REGISTRY_IMAGE }}' image ('-dist' tag)
|
|
#############################################################
|
|
dspace-angular-dist:
|
|
# Ensure this job never runs on forked repos. It's only executed for 'dspace/dspace-angular'
|
|
if: github.repository == 'dspace/dspace-angular'
|
|
|
|
strategy:
|
|
matrix:
|
|
# Architectures / Platforms for which we will build Docker images
|
|
arch: ['linux/amd64', 'linux/arm64']
|
|
os: [ubuntu-latest]
|
|
isPr:
|
|
- ${{ github.event_name == 'pull_request' }}
|
|
# If this is a PR, we ONLY build for AMD64. For PRs we only do a sanity check test to ensure Docker builds work.
|
|
# The below exclude therefore ensures we do NOT build ARM64 for PRs.
|
|
exclude:
|
|
- isPr: true
|
|
os: ubuntu-latest
|
|
arch: linux/arm64
|
|
|
|
runs-on: ${{ matrix.os }}
|
|
steps:
|
|
# https://github.com/actions/checkout
|
|
- name: Checkout codebase
|
|
uses: actions/checkout@v4
|
|
|
|
# https://github.com/docker/setup-buildx-action
|
|
- name: Setup Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
# https://github.com/docker/setup-qemu-action
|
|
- name: Set up QEMU emulation to build for multiple architectures
|
|
uses: docker/setup-qemu-action@v3
|
|
|
|
# https://github.com/docker/login-action
|
|
- name: Login to DockerHub
|
|
# Only login if not a PR, as PRs only trigger a Docker build and not a push
|
|
if: ${{ ! matrix.isPr }}
|
|
uses: docker/login-action@v3
|
|
with:
|
|
username: ${{ secrets.DOCKER_USERNAME }}
|
|
password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
|
|
|
|
# https://github.com/docker/metadata-action
|
|
# Get Metadata for docker_build_dist step below
|
|
- name: Sync metadata (tags, labels) from GitHub to Docker for 'dspace-angular-dist' image
|
|
id: meta_build_dist
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: ${{ env.REGISTRY_IMAGE }}
|
|
tags: ${{ env.IMAGE_TAGS }}
|
|
# As this is a "dist" image, its tags are all suffixed with "-dist". Otherwise, it uses the same
|
|
# tagging logic as the primary '${{ env.REGISTRY_IMAGE }}' image above.
|
|
flavor: ${{ env.TAGS_FLAVOR }}
|
|
suffix=-dist
|
|
|
|
- name: Build and push 'dspace-angular-dist' image
|
|
id: docker_build_dist
|
|
uses: docker/build-push-action@v5
|
|
with:
|
|
context: .
|
|
file: ./Dockerfile.dist
|
|
platforms: ${{ matrix.arch }}
|
|
# For pull requests, we run the Docker build (to ensure no PR changes break the build),
|
|
# but we ONLY do an image push to DockerHub if it's NOT a PR
|
|
push: ${{ ! matrix.isPr }}
|
|
# Use tags / labels provided by 'docker/metadata-action' above
|
|
tags: ${{ steps.meta_build_dist.outputs.tags }}
|
|
labels: ${{ steps.meta_build_dist.outputs.labels }}
|
|
|
|
# Export the digest of Docker build locally (for non PRs only)
|
|
- name: Export digest
|
|
if: ${{ ! matrix.isPr }}
|
|
run: |
|
|
mkdir -p /tmp/digests/dist
|
|
digest="${{ steps.docker_build_dist.outputs.digest }}"
|
|
touch "/tmp/digests/dist/${digest#sha256:}"
|
|
|
|
# Upload Digest to an artifact, so that it can be used in manifest below
|
|
- name: Upload digest
|
|
if: ${{ ! matrix.isPr }}
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
# NOTE: It's important that this artifact has a unique name so that two
|
|
# image builds don't upload digests to the same artifact.
|
|
name: digests-dist
|
|
path: /tmp/digests/*
|
|
if-no-files-found: error
|
|
retention-days: 1
|
|
|
|
# Merge *-dist digests into a manifest.
|
|
# This runs after all Docker builds complete above, and it tells hub.docker.com
|
|
# that these builds should be all included in the manifest for this tag.
|
|
# (e.g. AMD64 and ARM64 should be listed as options under the same tagged Docker image)
|
|
dspace-angular-dist_manifest:
|
|
if: ${{ github.event_name != 'pull_request' }}
|
|
runs-on: ubuntu-latest
|
|
needs:
|
|
- dspace-angular-dist
|
|
steps:
|
|
- name: Download digests for -dist builds
|
|
uses: actions/download-artifact@v3
|
|
with:
|
|
name: digests-dist
|
|
path: /tmp/digests
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Add Docker metadata for image
|
|
id: meta_dist
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: ${{ env.REGISTRY_IMAGE }}
|
|
tags: ${{ env.IMAGE_TAGS }}
|
|
# As this is a "dist" image, its tags are all suffixed with "-dist". Otherwise, it uses the same
|
|
# tagging logic as the primary '${{ env.REGISTRY_IMAGE }}' image above.
|
|
flavor: ${{ env.TAGS_FLAVOR }}
|
|
suffix=-dist
|
|
|
|
- name: Login to Docker Hub
|
|
uses: docker/login-action@v3
|
|
with:
|
|
username: ${{ secrets.DOCKER_USERNAME }}
|
|
password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
|
|
|
|
- name: Create manifest list from digests and push
|
|
working-directory: /tmp/digests
|
|
run: |
|
|
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
|
|
$(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)
|
|
|
|
- name: Inspect image
|
|
run: |
|
|
docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta_dist.outputs.version }}
|