chore: Refactor toolchain versioning #189
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Docker | |
on: | |
push: | |
branches: [ "main" ] | |
paths: | |
- Dockerfile | |
- .github/workflows/docker-publish.yml | |
- build_container.sh | |
- Dockerfile.riscv64 | |
- riscv64/* | |
pull_request: | |
branches: [ "main" ] | |
paths: | |
- Dockerfile | |
- .github/workflows/docker-publish.yml | |
- build_container.sh | |
- Dockerfile.riscv64 | |
- riscv64/* | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
permissions: | |
packages: write | |
contents: read | |
attestations: write | |
id-token: write | |
steps: | |
- name: Check out the repo | |
uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Log in to Docker Hub | |
if: ${{ github.event_name != 'pull_request' }} | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKER_ACCOUNT_ID }} | |
password: ${{ secrets.DOCKER_ACCESS_TOKEN }} | |
- name: Generate metadata for Docker | |
# NOTE: The tag contains the full docker container name + tag as it is requested | |
# by the build-and-push step. | |
run: | | |
REGISTRY=$(./docker.sh print-registry) | |
echo "REGISTRY=${REGISTRY}" >> $GITHUB_ENV | |
echo "Registry to be published is: ${REGISTRY}" | |
IMAGE_NAME=$(./docker.sh print-image-name) | |
echo "IMAGE_NAME=${IMAGE_NAME}" >> $GITHUB_ENV | |
echo "Image name to be published is: ${IMAGE_NAME}" | |
NEXT_VERSION=$(./docker.sh print-next-version) | |
echo "VERSION=${NEXT_VERSION}" >> $GITHUB_ENV | |
echo "Next version to be published is: ${NEXT_VERSION}" | |
- name: Build and push Docker image | |
id: build-and-push | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
file: Dockerfile | |
push: ${{ github.event_name != 'pull_request' }} | |
# This is needed so that a manifest is created, and we can have the same | |
# docker container on both x86_64 and arm64. | |
platforms: linux/amd64,linux/arm64 | |
tags: ${{ env.VERSION }} | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
- name: Generate artifact attestation | |
if: ${{ github.event_name != 'pull_request' }} | |
uses: actions/attest-build-provenance@v1 | |
with: | |
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
subject-digest: ${{ steps.build-and-push.outputs.digest }} | |
push-to-registry: true | |
build-riscv: | |
runs-on: ubuntu-latest | |
permissions: | |
packages: write | |
contents: read | |
attestations: write | |
id-token: write | |
steps: | |
- name: Check out the repo | |
uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Log in to Docker Hub | |
if: ${{ github.event_name != 'pull_request' }} | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKER_ACCOUNT_ID }} | |
password: ${{ secrets.DOCKER_ACCESS_TOKEN }} | |
- name: Generate metadata for Docker | |
run: | | |
REGISTRY=$(./docker.sh print-registry) | |
echo "REGISTRY=${REGISTRY}" >> $GITHUB_ENV | |
echo "Registry to be published is: ${REGISTRY}" | |
IMAGE_NAME=$(./docker.sh print-image-name) | |
echo "IMAGE_NAME=${IMAGE_NAME}" >> $GITHUB_ENV | |
echo "Image name to be published is: ${IMAGE_NAME}" | |
NEXT_VERSION=$(./docker.sh print-next-version) | |
echo "VERSION=${NEXT_VERSION}" >> $GITHUB_ENV | |
echo "Next version to be published is: ${NEXT_VERSION}" | |
- name: Build and push Docker image for RISC-V | |
id: build-and-push-riscv | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
file: Dockerfile.riscv64 | |
push: ${{ github.event_name != 'pull_request' }} | |
platforms: linux/amd64 | |
tags: ${{ env.VERSION }}-riscv | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
- name: Generate artifact attestation | |
if: ${{ github.event_name != 'pull_request' }} | |
uses: actions/attest-build-provenance@v1 | |
with: | |
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
subject-digest: ${{ steps.build-and-push-riscv.outputs.digest }} | |
push-to-registry: true |