From 8d48dcde69411fedbedd505993ce389fef6a7624 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= Date: Mon, 26 Aug 2024 11:14:05 +0200 Subject: [PATCH] feat(ci): add merge step to CI pipeline - this verifies that merging actually works before doing publish - can be later used for proper merge as described in #2589 --- .github/workflows/bleeding.yml | 40 +++++++++++++++++++++++++++++++ .github/workflows/dockerimage.yml | 37 ++++++++++++++++++++++++++++ 2 files changed, 77 insertions(+) diff --git a/.github/workflows/bleeding.yml b/.github/workflows/bleeding.yml index 07b56281f..9d3d93434 100644 --- a/.github/workflows/bleeding.yml +++ b/.github/workflows/bleeding.yml @@ -676,6 +676,44 @@ jobs: name: Trivy scan SARIF path: trivy-results.sarif + merge: + runs-on: ubuntu-22.04 + name: Merge images + needs: + - build + - buildx + - bleeding + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3.2.0 + with: + platforms: all + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3.6.1 + with: + # renovate: datasource=github-releases depName=docker/buildx + version: v0.16.2 + - name: Cache Docker layers + uses: actions/cache@v4 + id: cache-arm64 + with: + path: /tmp/.buildx-cache/linux/arm64 + key: ${{ runner.os }}-bleeding-${{ github.run_id }}-linux/arm64 + - name: Cache Docker layers + uses: actions/cache@v4 + id: cache-amd64 + with: + path: /tmp/.buildx-cache/linux/amd64 + key: ${{ runner.os }}-bleeding-${{ github.run_id }}-linux/amd64 + - name: Adjust bleeding edge image + run: .github/bin/bleeding ${{needs.bleeding.outputs.weblate_sha}} ${{needs.bleeding.outputs.weblate_date}} + - name: Configure Docker build + run: .github/bin/get-buildx-args + - name: Merge the Docker images + run: .github/bin/docker-build + push_dockerhub: runs-on: ubuntu-22.04 name: Publish to Docker Hub, stable @@ -688,6 +726,7 @@ jobs: - buildx - anchore - trivy + - merge - bleeding if: ${{ (startsWith(github.ref, 'refs/tags/') || (github.ref == 'refs/heads/main')) && github.repository == 'WeblateOrg/docker' }} steps: @@ -737,6 +776,7 @@ jobs: - buildx - anchore - trivy + - merge - bleeding if: ${{ (startsWith(github.ref, 'refs/tags/') || (github.ref == 'refs/heads/main')) && github.repository == 'WeblateOrg/docker' }} env: diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index c33d9ad42..bd081311d 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -705,6 +705,41 @@ jobs: name: Trivy scan SARIF path: trivy-results.sarif + merge: + runs-on: ubuntu-22.04 + name: Merge images + needs: + - build + - buildx + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3.2.0 + with: + platforms: all + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3.6.1 + with: + # renovate: datasource=github-releases depName=docker/buildx + version: v0.16.2 + - name: Cache Docker layers + uses: actions/cache@v4 + id: cache-arm64 + with: + path: /tmp/.buildx-cache/linux/arm64 + key: ${{ runner.os }}-buildx-${{ github.sha }}-linux/arm64 + - name: Cache Docker layers + uses: actions/cache@v4 + id: cache-amd64 + with: + path: /tmp/.buildx-cache/linux/amd64 + key: ${{ runner.os }}-buildx-${{ github.sha }}-linux/amd64 + - name: Configure Docker build + run: .github/bin/get-buildx-args + - name: Merge the Docker images + run: .github/bin/docker-build + push_dockerhub: runs-on: ubuntu-22.04 name: Publish to Docker Hub, stable @@ -717,6 +752,7 @@ jobs: - buildx - anchore - trivy + - merge if: ${{ (startsWith(github.ref, 'refs/tags/') || (github.ref == 'refs/heads/main')) && github.repository == 'WeblateOrg/docker' }} steps: - name: Checkout @@ -763,6 +799,7 @@ jobs: - buildx - anchore - trivy + - merge if: ${{ (startsWith(github.ref, 'refs/tags/') || (github.ref == 'refs/heads/main')) && github.repository == 'WeblateOrg/docker' }} env: DOCKER_IMAGE: ghcr.io/weblateorg/weblate