Publish ARM Ansible Docker images

.github/workflows/build.yml

@@ -2,47 +2,55 @@ name: Build
 
 on:
   push:
-    branches-ignore:
-      - main
-      - future
+    branches-ignore: [main, future]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
 jobs:
-  base:
-    name: Build and deploy the base Alpine image
+  build:
     runs-on: ubuntu-latest
+    name: 👷 ${{ matrix.folder }} image on ${{ matrix.arch }}
+    strategy:
+      fail-fast: false
+      max-parallel: 2 # ECR has pretty aggressive rate limiting 😪
+      matrix:
+        folder: [base, aws]
+        arch: [amd64, arm64]
+    env:
+      IMAGE_NAME: ansible-test-${{ matrix.folder }}-${{ matrix.arch }}:${{ github.sha }}
     steps:
       - name: Check out repository code
-        uses: actions/checkout@master
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: actions/checkout@main
 
-      - name: Build and push the image
-        uses: docker/build-push-action@v2
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+        if: matrix.arch == 'arm64'
         with:
-          context: base
-          push: false
-          tags: |
-            ${{ secrets.PREPROD_PUBLIC_RUNNER_ANSIBLE_ECR_REPOSITORY_URL }}:${{ github.ref == 'refs/heads/main' && 'latest' || 'future' }}
-            ghcr.io/spacelift-io/runner-ansible:${{ github.ref == 'refs/heads/main' && 'latest' || 'future' }}
-
-  aws:
-    name: Build and deploy the alpine base AWS image
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out repository code
-        uses: actions/checkout@master
-      - name: Set env
-        run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
+          platforms: linux/arm64
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
 
-      - name: Build and push the image
-        uses: docker/build-push-action@v2
+      - name: Build the ${{ matrix.folder }} image
+        uses: docker/build-push-action@v3
         with:
+          context: ${{ matrix.folder }}
           build-args: |
             REPOSITORY_BASE_PATH=${{ secrets.PUBLIC_RUNNER_ANSIBLE_ECR_REPOSITORY_URL }}
-          context: aws
           push: false
-          tags: |
-            ${{ secrets.PREPROD_PUBLIC_RUNNER_ANSIBLE_ECR_REPOSITORY_URL_AWS }}:${{ github.ref == 'refs/heads/main' && 'latest' || 'future' }}
+          load: true
+          platforms: linux/${{ matrix.arch }}
+          tags: ${{ env.IMAGE_NAME }}
+
+      - name: Test if ansible and Python binary works
+        run: |
+          docker run --rm ${{ env.IMAGE_NAME }} ansible --version
+          docker run --rm ${{ env.IMAGE_NAME }} ansible-playbook --help
+          docker run --rm ${{ env.IMAGE_NAME }} ansible-galaxy --version
+          docker run --rm ${{ env.IMAGE_NAME }} ansible-runner --version
+
+          if [ "${{ matrix.folder }}" == "aws" ]; then
+            docker run --rm ${{ env.IMAGE_NAME }} sh -c "python3 -c \"import boto3; print(boto3.__version__)\""
+          fi

.github/workflows/deploy-production.yml → .github/workflows/deploy.yml

@@ -1,11 +1,12 @@
-name: Deploy Production
+name: Deploy
 
 on:
   push:
     branches:
+      - future
       - main
   schedule:
-    - cron: "20 8 * * 1"
+    - cron: '20 8 * * 1'
 
 env:
   AWS_REGION: "us-east-1"
@@ -20,7 +21,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository code
-        uses: actions/checkout@master
+        uses: actions/checkout@main
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+        with:
+          platforms: linux/arm64
 
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v1
@@ -46,23 +52,31 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
 
       - name: Build and push the image
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
         with:
           context: base
+          platforms: linux/amd64,linux/arm64
           push: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/future' }}
           tags: |
             ${{ secrets.PUBLIC_RUNNER_ANSIBLE_ECR_REPOSITORY_URL }}:${{ github.ref == 'refs/heads/main' && 'latest' || 'future' }}
+            ghcr.io/spacelift-io/runner-ansible:${{ github.ref == 'refs/heads/main' && 'latest' || 'future' }}
 
   aws:
     needs: base
     name: Build and deploy the alpine base AWS image
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository code
-        uses: actions/checkout@master
+        uses: actions/checkout@main
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+        with:
+          platforms: linux/arm64
+
       - name: Set env
         run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
 
@@ -83,14 +97,15 @@ jobs:
           REPOSITORY_PATH: ${{ secrets.PUBLIC_RUNNER_ANSIBLE_ECR_REPOSITORY_URL_AWS }}
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
 
       - name: Build and push the image
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
         with:
           build-args: |
             REPOSITORY_BASE_PATH=${{ secrets.PUBLIC_RUNNER_ANSIBLE_ECR_REPOSITORY_URL }}
           context: aws
+          platforms: linux/amd64,linux/arm64
           push: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/future' }}
           tags: |
             ${{ secrets.PUBLIC_RUNNER_ANSIBLE_ECR_REPOSITORY_URL_AWS }}:${{ github.ref == 'refs/heads/main' && 'latest' || 'future' }}

.github/workflows/prod-pr.yml

@@ -8,10 +8,10 @@ jobs:
   create-pr:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@main
 
       - name: Create Pull Request
-        uses: vsoch/pull-request-action@1.0.13
+        uses: vsoch/pull-request-action@1.0.22
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PASS_IF_EXISTS: true

.github/workflows/trivy.yml

@@ -15,7 +15,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@main
 
       - name: Build an image from Dockerfile
         run: |
@@ -31,7 +31,7 @@ jobs:
           severity: "CRITICAL,HIGH"
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v1
+        uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: "trivy-results.sarif"
 
@@ -41,7 +41,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@main
 
       - name: Build an image from Dockerfile
         run: |
@@ -57,6 +57,6 @@ jobs:
           severity: "CRITICAL,HIGH"
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v1
+        uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: "trivy-results.sarif"