diff --git a/.github/workflows/docker-new.yml b/.github/workflows/docker-new.yml new file mode 100644 index 0000000..05d58e0 --- /dev/null +++ b/.github/workflows/docker-new.yml @@ -0,0 +1,119 @@ +on: + workflow_run: + workflows: ["release"] + types: + - completed + - requested + +name: Publish Docker Image (new) +jobs: + build: + name: Build and test Docker images + runs-on: ubuntu-latest + services: + registry: + image: registry:2 + ports: + - 5000:5000 + # this is needed because we restart the docker daemon for experimental + # support + options: "--restart always" + env: + # Export environment variables for all stages. + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} + DOCKER_DEPLOY_IMAGES: false + # //TEMP replace with correct repo once we are happy with tags + DOCKER_REPO: lycheeverse/lychee-dev + DOCKER_PLATFORMS: linux/amd64,linux/arm64/v8 + + steps: + - name: Checkout code + uses: actions/checkout@v2 + # Enable docker daemon experimental support (for 'pull --platform'). + - name: Enable experimental support + run: | + config='/etc/docker/daemon.json' + if [[ -e "$config" ]]; then + sudo sed -i -e 's/{/{ "experimental": true, /' "$config" + else + echo '{ "experimental": true }' | sudo tee "$config" + fi + sudo systemctl restart docker + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + - name: Set up Docker Buildx (local builds) + uses: docker/setup-buildx-action@v1 + with: + driver-opts: network=host + - name: Set up env vars + run: | + set -vx + # Export environment variable for later stages. + if echo "$GITHUB_REF" | grep -q '^refs/heads/'; then + # Pushes to (master) branch - deploy 'latest'. + echo "TAG=latest" >> $GITHUB_ENV + elif echo "$GITHUB_REF" | grep -q '^refs/tags/'; then + # Pushes tag - deploy tag name. + echo "TAG=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV + else + # Use commit SHA for PR + echo "TAG=${GITHUB_SHA::8}" >> $GITHUB_ENV + fi + - name: Build and push to local registry + uses: docker/build-push-action@v2 + with: + context: . + file: Dockerfile-CI.Dockerfile + platforms: ${{ env.DOCKER_PLATFORMS }} + push: true + tags: localhost:5000/${{ env.DOCKER_REPO }}:${{ env.TAG }} + - name: Test docker images locally + run: | + for platform in ${DOCKER_PLATFORMS/,/ }; do + image="localhost:5000/${DOCKER_REPO}:${TAG}" + msg="Testing docker image $image on platform $platform" + line="${msg//?/=}" + printf "\n${line}\n${msg}\n${line}\n" + docker pull -q --platform "$platform" "$image" + echo -n "Image architecture: " + docker run --rm --entrypoint /bin/sh "$image" -c 'uname -m' + version=$(docker run --rm "$image" --version) + echo "lychee version: $version" + if [[ $TAG != "latest" ]] && + [[ $TAG != "$version" ]] && + ! echo "$version" | grep -q "$TAG"; then + echo "Version mismatch: lychee $version tagged as $TAG" + exit 1 + fi + done + - name: Check GitHub settings + if: > + github.event_name == 'push' && + (github.ref == 'refs/heads/master' || + startsWith(github.ref, 'refs/tags/')) && + github.repository == 'lycheeverse/lychee' + run: | + missing=() + [[ -n "${{ secrets.DOCKER_USERNAME }}" ]] || missing+=(DOCKER_USERNAME) + [[ -n "${{ secrets.DOCKER_PASSWORD }}" ]] || missing+=(DOCKER_PASSWORD) + for i in "${missing[@]}"; do + echo "Missing github secret: $i" + done + (( ${#missing[@]} == 0 )) || exit 1 + echo "DOCKER_DEPLOY_IMAGES=true" >> $GITHUB_ENV + - name: Login to DockerHub + if: ${{ env.DOCKER_DEPLOY_IMAGES == 'true' }} + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + - name: Push images to DockerHub + if: ${{ env.DOCKER_DEPLOY_IMAGES == 'true' }} + run: | + image_src="${DOCKER_REPO}:${TAG}" + image_dst="${{ secrets.DOCKER_USERNAME }}/${{ env.DOCKER_REPO }}:${TAG}" + msg="Copy multi-arch docker images to DockerHub ($image)" + line="${msg//?/=}" + printf "\n${line}\n${msg}\n${line}\n" + skopeo copy --all --src-tls-verify=0 docker://localhost:5000/$image_src docker://docker.io/$image_dst diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 40556c1..98e9577 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -54,7 +54,7 @@ jobs: crate: cargo-publish-all version: latest # This currently doesn't work. - # TODO: Re-enable once https://gitlab.com/torkleyy/cargo-publish-all/-/issues/3 + # TODO: Re-enable once https://gitlab.com/torkleyy/cargo-publish-all/-/issues/3 # is resolved. # See also https://github.com/lycheeverse/lychee/pull/346#issuecomment-928355735 #- run: cargo-publish-all --dry-run diff --git a/Dockerfile-CI.Dockerfile b/Dockerfile-CI.Dockerfile new file mode 100644 index 0000000..1f34747 --- /dev/null +++ b/Dockerfile-CI.Dockerfile @@ -0,0 +1,41 @@ +FROM debian:bullseye-slim as builder +WORKDIR /builder + +RUN apt-get update \ + && DEBIAN_FRONTEND=noninteractive apt-get install -y \ + --no-install-recommends \ + ca-certificates \ + jq \ + wget \ + && case $(dpkg --print-architecture) in \ + "amd64") \ + wget -q -O - "$(wget -q -O- https://api.github.com/repos/lycheeverse/lychee/releases/latest \ + | jq -r '.assets[].browser_download_url' \ + | grep x86_64-unknown-linux-gnu)" | tar -xz lychee \ + ;; \ + "arm64") \ + wget -q -O - "$(wget -q -O- https://api.github.com/repos/lycheeverse/lychee/releases/latest \ + | jq -r '.assets[].browser_download_url' \ + | grep aarch64-unknown-linux-gnu)" | tar -xz lychee \ + ;; \ + esac \ + && chmod +x lychee + +FROM debian:bullseye-slim + +RUN apt-get update \ + && DEBIAN_FRONTEND=noninteractive apt-get install -y \ + --no-install-recommends \ + ca-certificates \ + tzdata \ + && rm -rf /var/cache/debconf/* \ + # Clean and keep the image small. This should not + # be necessary as the debian-slim images have an + # auto clean mechanism but we may rely on other + # images in the future (see: + # https://github.com/debuerreotype/debuerreotype/blob/master/scripts/debuerreotype-minimizing-config). + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +COPY --from=builder /builder/lychee /usr/local/bin/lychee +ENTRYPOINT [ "/usr/local/bin/lychee" ]