Migration to GitHub Actions and image namespace update

2022-04-26 23:32:52 +02:00
parent 05b0ef567e
commit 40978527b9
11 changed files with 168 additions and 139 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -0,0 +1,8 @@
+version: 2
+
+updates:
+
+  - package-ecosystem: 'github-actions'
+    directory: '/'
+    schedule:
+      interval: 'daily'
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,25 +0,0 @@
-name: 'CI'
-
-on:
-  push:
-    tags: ['*']
-    branches: ['*']
-  pull_request:
-    branches: ['*']
-  workflow_dispatch:
-
-jobs:
-
-  build:
-    name: 'Build ${{ matrix.arch }} image'
-    runs-on: 'ubuntu-latest'
-    strategy:
-      matrix:
-        arch: ['amd64', 'arm64v8']
-    steps:
-      - name: 'Checkout project'
-        uses: 'actions/checkout@v3'
-      - name: 'Build image'
-        run: |
-          make binfmt-register
-          make IMAGE_BUILD_OPTS="--pull" "build-${{ matrix.arch }}-image"
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -0,0 +1,110 @@
+name: 'Main'
+
+on:
+  push:
+    tags: ['*']
+    branches: ['*']
+  pull_request:
+    branches: ['*']
+  workflow_dispatch:
+
+jobs:
+
+  build:
+    name: 'Build ${{ matrix.arch }} image'
+    runs-on: 'ubuntu-latest'
+    permissions:
+      contents: 'read'
+    strategy:
+      matrix:
+        arch: ['native', 'amd64', 'arm64v8']
+    steps:
+      - name: 'Checkout project'
+        uses: 'actions/checkout@v3'
+      - name: 'Register binfmt entries'
+        if: "matrix.arch != 'native'"
+        run: |
+          make binfmt-register
+      - name: 'Build and save image'
+        run: |
+          make IMAGE_BUILD_OPTS="--pull" "build-${{ matrix.arch }}-image" "save-${{ matrix.arch }}-image"
+      - name: 'Upload artifacts'
+        if: "startsWith(github.ref, 'refs/tags/v')"
+        uses: 'actions/upload-artifact@v3'
+        with:
+          name: 'dist-${{ matrix.arch }}'
+          path: './dist/'
+          retention-days: 1
+
+  push:
+    name: 'Push ${{ matrix.arch }} image'
+    if: "startsWith(github.ref, 'refs/tags/v')"
+    needs: ['build']
+    runs-on: 'ubuntu-latest'
+    permissions:
+      contents: 'read'
+    strategy:
+      matrix:
+        arch: ['amd64', 'arm64v8']
+    steps:
+      - name: 'Checkout project'
+        uses: 'actions/checkout@v3'
+      - name: 'Download artifacts'
+        uses: 'actions/download-artifact@v3'
+        with:
+          name: 'dist-${{ matrix.arch }}'
+          path: './dist/'
+      - name: 'Login to Docker Hub'
+        uses: 'docker/login-action@v1'
+        with:
+          registry: 'docker.io'
+          username: '${{ secrets.DOCKERHUB_USERNAME }}'
+          password: '${{ secrets.DOCKERHUB_TOKEN }}'
+      - name: 'Load and push image'
+        run: |
+          make "load-${{ matrix.arch }}-image" "push-${{ matrix.arch }}-image"
+
+  push-manifest:
+    name: 'Push manifest'
+    if: "startsWith(github.ref, 'refs/tags/v')"
+    needs: ['push']
+    runs-on: 'ubuntu-latest'
+    permissions:
+      contents: 'read'
+    steps:
+      - name: 'Checkout project'
+        uses: 'actions/checkout@v3'
+      - name: 'Login to Docker Hub'
+        uses: 'docker/login-action@v1'
+        with:
+          registry: 'docker.io'
+          username: '${{ secrets.DOCKERHUB_USERNAME }}'
+          password: '${{ secrets.DOCKERHUB_TOKEN }}'
+      - name: 'Push manifest'
+        run: |
+          make push-cross-manifest
+
+  release-github:
+    name: 'Create GitHub release'
+    if: "startsWith(github.ref, 'refs/tags/v')"
+    needs: ['push-manifest']
+    runs-on: 'ubuntu-latest'
+    permissions:
+      contents: 'write'
+    steps:
+      - name: 'Create release'
+        run: |
+          RELEASE_STATUS="$(curl -fs --proto '=https' --tlsv1.3 --globoff \
+            --url "https://api.github.com/repos/${GITHUB_REPOSITORY:?}/releases/tags/${GITHUB_REF_NAME:?}" \
+            --header 'Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \
+            --header 'Accept: application/vnd.github.v3+json' \
+            --header 'Content-Type: application/json' \
+            --write-out '%{http_code}' --output /dev/null ||:)"
+          if [ "${RELEASE_STATUS:?}" = '200' ]; then exit 0; fi
+          RELEASE_ID="$(curl -fsS --proto '=https' --tlsv1.3 --globoff \
+            --url "https://api.github.com/repos/${GITHUB_REPOSITORY:?}/releases" \
+            --header 'Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \
+            --header 'Accept: application/vnd.github.v3+json' \
+            --header 'Content-Type: application/json' \
+            --data "$(jq -rn --arg tag "${GITHUB_REF_NAME:?}" '{"name": $tag, "tag_name": $tag, "generate_release_notes": true}')" | jq -r '.id')"
+          if [ -z "${RELEASE_ID-}" ] || [ "${RELEASE_ID:?}" = 'null' ]; then exit 1; fi
--- a/.github/workflows/rebuild-latest-release.yml
+++ b/.github/workflows/rebuild-latest-release.yml
@@ -0,0 +1,33 @@
+name: 'Rebuild latest release'
+
+on:
+  schedule:
+    - cron: '20 04 * * 1'
+  workflow_dispatch:
+
+jobs:
+
+  trigger-rebuild:
+    name: 'Trigger rebuild'
+    runs-on: 'ubuntu-latest'
+    permissions:
+      contents: 'read'
+    steps:
+      - name: 'REST API call'
+        run: |
+          RELEASE_TAG="$(curl -fsS --proto '=https' --tlsv1.3 --globoff \
+              --url 'https://api.github.com/repos/${{ github.repository }}/releases/latest' \
+              --header 'Authorization: Bearer ${{ secrets.PERSONAL_GITHUB_TOKEN }}' \
+              --header 'Accept: application/vnd.github.v3+json' \
+              --header 'Content-Type: application/json' \
+                | jq -rc '.tag_name')"
+          if [ -n "${RELEASE_TAG-}" ] && [ "${RELEASE_TAG:?}" != 'null' ]; then
+            curl -fsS --proto '=https' --tlsv1.3 --globoff \
+              --url 'https://api.github.com/repos/${{ github.repository }}/actions/workflows/main.yml/dispatches' \
+              --header 'Authorization: Bearer ${{ secrets.PERSONAL_GITHUB_TOKEN }}' \
+              --header 'Accept: application/vnd.github.v3+json' \
+              --header 'Content-Type: application/json' \
+              --data "$(jq -rn --arg tag "${RELEASE_TAG:?}" '{"ref": $tag}')"
+          else
+            exit 1
+          fi
--- a/.github/workflows/trigger-rebuild-latest-release.yml
+++ b/.github/workflows/trigger-rebuild-latest-release.yml
@@ -1,26 +0,0 @@
-name: 'Trigger rebuild of latest release'
-
-on:
-  schedule:
-    - cron: '20 04 * * 1'
-  workflow_dispatch:
-
-jobs:
-
-  trigger-rebuild:
-    name: 'Trigger rebuild'
-    runs-on: 'ubuntu-latest'
-    steps:
-      - name: 'REST API call'
-        run: |
-          curl -fsS --proto '=https' --tlsv1.3 \
-            --url 'https://api.github.com/repos/${{ github.repository }}/actions/workflows/ci.yml/dispatches' \
-            --header 'Authorization: Bearer ${{ secrets.PERSONAL_GITHUB_TOKEN }}' \
-            --header 'Accept: application/vnd.github.v3+json' \
-            --header 'Content-Type: application/json' \
-            --data "$(curl -fsS --proto '=https' --tlsv1.3 \
-              --url 'https://api.github.com/repos/${{ github.repository }}/releases/latest' \
-              --header 'Authorization: Bearer ${{ secrets.PERSONAL_GITHUB_TOKEN }}' \
-              --header 'Accept: application/vnd.github.v3+json' \
-              --header 'Content-Type: application/json' \
-                | jq -rc '{ ref: .tag_name }')"