From 9ca4dba92e3d2ec7ff1a561af7b0caa741797e9d Mon Sep 17 00:00:00 2001 From: Rob Bast Date: Fri, 14 Jun 2024 10:36:21 +0200 Subject: [PATCH] initial stab at multi-arch matrix starting with v2-lts workflow only, iterate from here once it works --- .github/workflows/v1.yaml | 7 +- .github/workflows/v2-current.yaml | 7 +- .github/workflows/v2-lts.yaml | 277 +++++++++++++++++++++++------ .github/workflows/v2-previous.yaml | 10 +- README.md | 12 +- 5 files changed, 248 insertions(+), 65 deletions(-) diff --git a/.github/workflows/v1.yaml b/.github/workflows/v1.yaml index 696533d..3ef390b 100644 --- a/.github/workflows/v1.yaml +++ b/.github/workflows/v1.yaml @@ -1,8 +1,13 @@ name: Docker - v1 on: - pull_request: null + pull_request: + paths: + - .github/workflows/v1.yaml + - '1.10/**' push: + branches: + - main paths: - .github/workflows/v1.yaml - '1.10/**' diff --git a/.github/workflows/v2-current.yaml b/.github/workflows/v2-current.yaml index 818826b..eb1bb84 100644 --- a/.github/workflows/v2-current.yaml +++ b/.github/workflows/v2-current.yaml @@ -1,8 +1,13 @@ name: Docker - v2 current on: - pull_request: null + pull_request: + paths: + - .github/workflows/v2-current.yaml + - '2.7/**' push: + branches: + - main paths: - .github/workflows/v2-current.yaml - '2.7/**' diff --git a/.github/workflows/v2-lts.yaml b/.github/workflows/v2-lts.yaml index 6987c62..c041c11 100644 --- a/.github/workflows/v2-lts.yaml +++ b/.github/workflows/v2-lts.yaml @@ -1,91 +1,252 @@ name: Docker - v2 LTS on: - pull_request: null + pull_request: + paths: + - .github/workflows/v2-lts.yaml + - '2.2/**' push: + branches: + - main paths: - .github/workflows/v2-lts.yaml - '2.2/**' env: AWS_REGION: us-east-1 - ECR_REPO: public.ecr.aws/u0u1j5s3/composer + DOCKERHUB_SLUG: composer/composer + ECR_SLUG: public.ecr.aws/u0u1j5s3/composer + GHCR_SLUG: ghcr.io/composer/docker + DIRECTORY: 2.2 jobs: - build-lts: - name: Build LTS version + + prepare: + + runs-on: ubuntu-latest + + outputs: + full-annotations: ${{ steps.meta-full.outputs.annotations }} + full-labels: ${{ steps.meta-full.outputs.labels }} + full-json: ${{ steps.meta-full.outputs.json }} + bin-annotations: ${{ steps.meta-bin.outputs.annotations }} + bin-labels: ${{ steps.meta-bin.outputs.labels }} + bin-json: ${{ steps.meta-bin.outputs.json }} + + steps: + + - name: Checkout + uses: actions/checkout@v4 + + - name: Determine Composer version from Dockerfile + uses: ./.github/actions/determine-composer-version + with: + working-directory: ${{ env.DIRECTORY }} + + - name: Docker metadata (full image) + id: meta-full + uses: docker/metadata-action@v5 + with: + images: | + ${{ env.DOCKERHUB_SLUG }} + ${{ env.ECR_SLUG }} + ${{ env.GHCR_SLUG }} + flavor: | + latest=false + tags: | + type=semver,pattern={{version}},value=${{ env.COMPOSER_VERSION_MAJOR_MINOR_PATCH }} + type=semver,pattern={{major}}.{{minor}},value=${{ env.COMPOSER_VERSION_MAJOR_MINOR_PATCH }} + lts + labels: | + org.opencontainers.image.vendor=Composer + org.opencontainers.image.title=Composer + org.opencontainers.image.description=PHP runtime image with Composer + + - name: Docker metadata (binary-only image) + id: meta-bin + uses: docker/metadata-action@v5 + with: + images: | + ${{ env.DOCKERHUB_SLUG }} + ${{ env.ECR_SLUG }} + ${{ env.GHCR_SLUG }} + flavor: | + latest=false + suffix=-bin + tags: | + type=semver,pattern={{version}},value=${{ env.COMPOSER_VERSION_MAJOR_MINOR_PATCH }} + type=semver,pattern={{major}}.{{minor}},value=${{ env.COMPOSER_VERSION_MAJOR_MINOR_PATCH }} + lts + labels: | + org.opencontainers.image.vendor=Composer + org.opencontainers.image.title=Composer + org.opencontainers.image.description=Image with Composer binary only + + build: + runs-on: ubuntu-latest timeout-minutes: 20 + + needs: + - prepare + strategy: matrix: - version: - - "2.2" + platform: + - linux/amd64 + - linux/arm/v6 + - linux/arm/v7 + - linux/arm64/v8 + - linux/i386 + - linux/ppc64le + - linux/riscv64 + - linux/s390x + + defaults: + run: + working-directory: ${{ env.DIRECTORY }} + steps: - - uses: actions/checkout@v4 - - name: "Determine composer version from Dockerfile" - uses: "./.github/actions/determine-composer-version" + + - name: Checkout + uses: actions/checkout@v4 + + - name: Prepare + run: | + platform=${{ matrix.platform }} + echo "PLATFORM_SLUG=${platform//\//-}" >> $GITHUB_ENV + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + with: + platforms: ${{ matrix.platform }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to Docker Hub + #if: github.ref == 'refs/heads/main' && github.event_name != 'pull_request' + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + + - name: Login to Amazon Public ECR + #if: github.ref == 'refs/heads/main' && github.event_name != 'pull_request' + uses: docker/login-action@v3 with: - working-directory: "${{ matrix.version }}" - # Build full image: binary with runtime + registry: public.ecr.aws + username: ${{ secrets.AWS_ECR_ACCESS_KEY }} + password: ${{ secrets.AWS_ECR_SECRET_KEY }} + + - name: Login to Github Container Registry + #if: github.ref == 'refs/heads/main' && github.event_name != 'pull_request' + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build full image - working-directory: ${{ matrix.version }} - run: | - docker build \ - --pull \ - --no-cache \ - --target binary-with-runtime \ - --tag composer/composer:lts \ - --tag composer/composer:${{ env.COMPOSER_VERSION_MAJOR_MINOR }} \ - --tag composer/composer:${{ env.COMPOSER_VERSION_MAJOR_MINOR_PATCH }} \ - . - # Build low-size image with binary only + id: build-full + uses: docker/build-push-action@v5 + with: + context: ${{ env.DIRECTORY }} + target: binary-with-runtime + annotations: ${{ needs.prepare.outputs.full-annotations }} + platforms: ${{ matrix.platform }} + outputs: type=image,"name=${{ env.DOCKERHUB_SLUG }},${{ env.ECR_SLUG }},${{ env.GHCR_SLUG }}",push-by-digest=true,name-canonical=true,push=true #if: github.ref == 'refs/heads/main' && github.event_name != 'pull_request' + - name: Build binary-only image - working-directory: ${{ matrix.version }} + id: build-bin + uses: docker/build-push-action@v5 + with: + context: ${{ env.DIRECTORY }} + target: standalone-binary + annotations: ${{ needs.prepare.outputs.bin-annotations }} + platforms: ${{ matrix.platform }} + outputs: type=image,"name=${{ env.DOCKERHUB_SLUG }},${{ env.ECR_SLUG }},${{ env.GHCR_SLUG }}",push-by-digest=true,name-canonical=true,push=true #if: github.ref == 'refs/heads/main' && github.event_name != 'pull_request' + + - name: Export digests run: | - docker build \ - --pull \ - --no-cache \ - --target standalone-binary \ - --tag composer/composer:lts-bin \ - --tag composer/composer:${{ env.COMPOSER_VERSION_MAJOR_MINOR }}-bin \ - --tag composer/composer:${{ env.COMPOSER_VERSION_MAJOR_MINOR_PATCH }}-bin \ - . + mkdir -p /tmp/digests/{full,bin} + digest="${{ steps.build-full.outputs.digest }}" + touch "/tmp/digests/full/${digest#sha256:}" + digest="${{ steps.build-bin.outputs.digest }}" + touch "/tmp/digests/bin/${digest#sha256:}" + + - name: Upload digests + uses: actions/upload-artifact@v4 + with: + name: digests-${{ env.PLATFORM_SLUG }} + path: | + /tmp/digests/full/* + /tmp/digests/bin/* + if-no-files-found: error + retention-days: 1 + + merge: + + #if: github.ref == 'refs/heads/main' && github.event_name != 'pull_request' + + runs-on: ubuntu-latest + + needs: + - prepare + - build + + steps: + + - name: Download digests + uses: actions/download-artifact@v4 + with: + path: /tmp/digests + pattern: digests-* + merge-multiple: true + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Login to Docker Hub - if: github.ref == 'refs/heads/main' uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} - - name: Push tag(s) to Docker Hub - if: github.ref == 'refs/heads/main' - working-directory: ${{ matrix.version }} - run: | - docker push composer/composer:lts - docker push composer/composer:lts-bin - docker push composer/composer:${{ env.COMPOSER_VERSION_MAJOR_MINOR }} - docker push composer/composer:${{ env.COMPOSER_VERSION_MAJOR_MINOR }}-bin - docker push composer/composer:${{ env.COMPOSER_VERSION_MAJOR_MINOR_PATCH }} - docker push composer/composer:${{ env.COMPOSER_VERSION_MAJOR_MINOR_PATCH }}-bin + - name: Login to Amazon Public ECR - if: github.ref == 'refs/heads/main' uses: docker/login-action@v3 with: registry: public.ecr.aws username: ${{ secrets.AWS_ECR_ACCESS_KEY }} password: ${{ secrets.AWS_ECR_SECRET_KEY }} - - name: Push tag(s) to Amazon Public ECR - if: github.ref == 'refs/heads/main' - working-directory: ${{ matrix.version }} + + - name: Login to Github Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Create manifest list for full image and push + working-directory: /tmp/digests/full + env: + JSON: ${{ needs.prepare.outputs.full-json }} + run: | + docker buildx imagetools create $(jq -cr '.tags | map(select(startswith("${{ env.DOCKERHUB_SLUG }}")) | "--tag " + .) | join(" ")' <<< "$JSON") \ + $(printf '${{ env.DOCKERHUB_SLUG }}@sha256:%s ' *) + docker buildx imagetools create $(jq -cr '.tags | map(select(startswith("${{ env.ECR_SLUG }}")) | "--tag " + .) | join(" ")' <<< "$JSON") \ + $(printf '${{ env.ECR_SLUG }}@sha256:%s ' *) + docker buildx imagetools create $(jq -cr '.tags | map(select(startswith("${{ env.GHCR_SLUG }}")) | "--tag " + .) | join(" ")' <<< "$JSON") \ + $(printf '${{ env.GHCR_SLUG }}@sha256:%s ' *) + + - name: Create manifest list for binary-only image and push + working-directory: /tmp/digests/bin + env: + JSON: ${{ needs.prepare.outputs.bin-json }} run: | - docker tag composer/composer:lts ${{ env.ECR_REPO }}:lts - docker tag composer/composer:lts-bin ${{ env.ECR_REPO }}:lts-bin - docker tag composer/composer:${{ env.COMPOSER_VERSION_MAJOR_MINOR }} ${{ env.ECR_REPO }}:${{ env.COMPOSER_VERSION_MAJOR_MINOR }} - docker tag composer/composer:${{ env.COMPOSER_VERSION_MAJOR_MINOR }}-bin ${{ env.ECR_REPO }}:${{ env.COMPOSER_VERSION_MAJOR_MINOR }}-bin - docker tag composer/composer:${{ env.COMPOSER_VERSION_MAJOR_MINOR_PATCH }} ${{ env.ECR_REPO }}:${{ env.COMPOSER_VERSION_MAJOR_MINOR_PATCH }} - docker tag composer/composer:${{ env.COMPOSER_VERSION_MAJOR_MINOR_PATCH }}-bin ${{ env.ECR_REPO }}:${{ env.COMPOSER_VERSION_MAJOR_MINOR_PATCH }}-bin - docker push ${{ env.ECR_REPO }}:lts - docker push ${{ env.ECR_REPO }}:lts-bin - docker push ${{ env.ECR_REPO }}:${{ env.COMPOSER_VERSION_MAJOR_MINOR }} - docker push ${{ env.ECR_REPO }}:${{ env.COMPOSER_VERSION_MAJOR_MINOR }}-bin - docker push ${{ env.ECR_REPO }}:${{ env.COMPOSER_VERSION_MAJOR_MINOR_PATCH }} - docker push ${{ env.ECR_REPO }}:${{ env.COMPOSER_VERSION_MAJOR_MINOR_PATCH }}-bin + docker buildx imagetools create $(jq -cr '.tags | map(select(startswith("${{ env.DOCKERHUB_SLUG }}")) | "--tag " + .) | join(" ")' <<< "$JSON") \ + $(printf '${{ env.DOCKERHUB_SLUG }}@sha256:%s ' *) + docker buildx imagetools create $(jq -cr '.tags | map(select(startswith("${{ env.ECR_SLUG }}")) | "--tag " + .) | join(" ")' <<< "$JSON") \ + $(printf '${{ env.ECR_SLUG }}@sha256:%s ' *) + docker buildx imagetools create $(jq -cr '.tags | map(select(startswith("${{ env.GHCR_SLUG }}")) | "--tag " + .) | join(" ")' <<< "$JSON") \ + $(printf '${{ env.GHCR_SLUG }}@sha256:%s ' *) diff --git a/.github/workflows/v2-previous.yaml b/.github/workflows/v2-previous.yaml index 40d4d0a..25cccaf 100644 --- a/.github/workflows/v2-previous.yaml +++ b/.github/workflows/v2-previous.yaml @@ -1,8 +1,16 @@ name: Docker - v2 previous on: - pull_request: null + pull_request: + paths: + - .github/workflows/v2-previous.yaml + - '2.3/**' + - '2.4/**' + - '2.5/**' + - '2.6/**' push: + branches: + - main paths: - .github/workflows/v2-previous.yaml - '2.3/**' diff --git a/README.md b/README.md index 70443d7..5c22cb4 100644 --- a/README.md +++ b/README.md @@ -4,8 +4,8 @@ Source behind the following images: - DockerHub https://hub.docker.com/_/composer (official) - DockerHub https://hub.docker.com/r/composer/composer (community) -- DockerHub Binary-only images https://hub.docker.com/r/composer/composer (community, see `-bin` suffixed tags, [read more about it](https://blog.codito.dev/2022/11/composer-binary-only-docker-images/)) - AWS ECR https://gallery.ecr.aws/composer/composer (community) +- GHCR https://github.com/composer/docker/pkgs/container/docker (community) Docker Hub documentation can be found at https://github.com/docker-library/docs/tree/master/composer @@ -18,7 +18,7 @@ The "official" image release workflow is as follows: - :robot: [release workflow] on [Composer repository] creates an issue regarding new tag on [Docker repository] - :writing_hand: modification to relevant `Dockerfile`s is pushed/merged - :writing_hand: a pull request is submitted to the [official images repository] -- :writing_hand: pull request is merged, resulting in new release being added to [Docker Hub](https://hub.docker.com/_/composer) +- :writing_hand: pull request is merged, resulting in new release being added to [Docker Hub (official)] ## Community / Vendor Image @@ -28,12 +28,16 @@ The "community" image release workflow is as follows: - :robot: a new tag is pushed to [Composer repository] - :robot: [release workflow] on [Composer repository] creates an issue regarding new tag on [Docker repository] - :writing_hand: modification to relevant `Dockerfile`s is pushed/merged -- :robot: [docker workflows] builds and pushes new release to [Docker Hub](https://hub.docker.com/r/composer/composer) +- :robot: [docker workflows] builds and pushes new release to [Docker Hub (community)] - :robot: [docker workflows] builds and pushes new release to [Amazon Public ECR] +- :robot: [docker workflows] builds and pushes new release to [GHCR] [composer repository]: https://github.com/composer/composer [docker repository]: https://github.com/composer/docker [official images repository]: https://github.com/docker-library/official-images/ -[release workflow]: https://github.com/composer/composer/blob/832af78e284b23a8f43914b2571fb4c48a7b108a/.github/workflows/release.yml#L81-L96 +[release workflow]: https://github.com/composer/composer/blob/main/.github/workflows/release.yml [docker workflows]: https://github.com/composer/docker/tree/main/.github/workflows [Amazon Public ECR]: https://gallery.ecr.aws/composer/composer +[GHCR]: https://github.com/composer/docker/pkgs/container/docker +[Docker Hub (official)]: https://hub.docker.com/_/composer +[Docker Hub (community)]: https://hub.docker.com/r/composer/composer