diff --git a/.github/workflows/ghcr-image-main-fork.yml b/.github/workflows/ghcr-image-main-fork.yml new file mode 100644 index 0000000000..6610cf1e82 --- /dev/null +++ b/.github/workflows/ghcr-image-main-fork.yml @@ -0,0 +1,188 @@ +name: ghcr-image-main + +on: + push: + branches: + - main + workflow_dispatch: + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + IMAGE_TAG: nightly + +jobs: + meta: + runs-on: ubuntu-latest + timeout-minutes: 5 + + outputs: + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + annotations: ${{ steps.meta.outputs.annotations }} + json: ${{ steps.meta.outputs.json }} + image-name: ${{ steps.custom-meta.outputs.image-name }} + + steps: + - name: Checkout current fork HEAD + uses: actions/checkout@v4.1.5 + with: + fetch-depth: 0 + show-progress: false + + - name: Set up upstream git remote + run: | + upstream="$(gh repo view "${{ github.repository }}" --json parent --jq '.parent.owner.login + "/" + .parent.name')" + echo "upstream=$upstream" + git remote add upstream "https://github.com/$upstream.git" + git fetch upstream "${{ github.event.repository.default_branch }}" + env: + GH_TOKEN: ${{ github.token }} + + - name: Determine number of commits on top of upstream + id: check-extra-commits + run: | + commit_count="$(git rev-list --count "upstream/${{ github.event.repository.default_branch }}..$GITHUB_REF_NAME")" + echo "commit-count=$commit_count" | tee -a "$GITHUB_OUTPUT" + + - name: Discard our commits + run: | + git reset --hard "HEAD~${{ steps.check-extra-commits.outputs.commit-count }}" + + - name: Docker meta + id: meta + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + with: + context: git + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=raw,value=${{ env.IMAGE_TAG }} + type=sha,format=long,priority=899 + type=sha,format=short + + - name: Extract image name + id: custom-meta + run: | + echo "image-name=${DOCKER_TAG%%:*}" | tee -a $GITHUB_OUTPUT + env: + DOCKER_TAG: ${{ fromJSON(steps.meta.outputs.json).tags[0] }} + + build: + runs-on: ubuntu-latest + timeout-minutes: 15 + + needs: + - meta + + strategy: + fail-fast: false + matrix: + platform: + - linux/amd64 + - linux/arm64 + + env: + REGISTRY_IMAGE: ${{ needs.meta.outputs.image-name }} + + steps: + - name: Prepare + id: meta + run: | + platform=${{ matrix.platform }} + echo "platform-pair=${platform//\//-}" | tee -a "$GITHUB_OUTPUT" + + - name: Set up QEMU + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + with: + platforms: arm64 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 + + - name: Log in to GHCR + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.1.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + # We can't build directly from git, as that will prevent .git from being available during the build process. + # lemmy-ui's Dockerfile requires the .git folder to set the version. + - name: Checkout git repository + uses: actions/checkout@v4.1.5 + with: + fetch-depth: 0 + show-progress: false + submodules: recursive + + - name: Build Docker image + id: build + uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.3.0 + with: + context: . + platforms: ${{ matrix.platform }} + labels: ${{ needs.meta.outputs.labels }} + annotations: ${{ needs.meta.outputs.annotations }} + outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true + cache-from: type=gha + cache-to: type=gha,mode=max + env: + SOURCE_DATE_EPOCH: 0 + + - name: Export image digest + run: | + mkdir -p /tmp/digests + digest="${{ steps.build.outputs.digest }}" + touch "/tmp/digests/${digest#sha256:}" + + - name: Upload digest + uses: actions/upload-artifact@v4.3.3 + with: + name: digests-${{ steps.meta.outputs.platform-pair }} + path: /tmp/digests/* + if-no-files-found: error + retention-days: 1 + + merge: + runs-on: ubuntu-latest + timeout-minutes: 5 + + needs: + - meta + - build + + permissions: + contents: read + packages: write + + env: + REGISTRY_IMAGE: ${{ needs.meta.outputs.image-name }} + + steps: + - name: Download digests + uses: actions/download-artifact@v4.1.7 + with: + path: /tmp/digests + pattern: digests-* + merge-multiple: true + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 + + - name: Log in to GHCR + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.1.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Create manifest list and push + working-directory: /tmp/digests + run: | + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *) + env: + DOCKER_METADATA_OUTPUT_JSON: ${{ needs.meta.outputs.json }} + + - name: Inspect image + run: | + docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ env.IMAGE_TAG }} diff --git a/.github/workflows/sync-fork.yml b/.github/workflows/sync-fork.yml index bdec70c322..fb6b79aa9c 100644 --- a/.github/workflows/sync-fork.yml +++ b/.github/workflows/sync-fork.yml @@ -11,6 +11,7 @@ jobs: permissions: contents: write + actions: write timeout-minutes: 5 @@ -46,3 +47,12 @@ jobs: git push --force if: >- fromJSON(steps.check-missing-commits.outputs.commit-count) > 0 + + # GitHub doesn't trigger push events when commits are pushed with github.token + - name: Trigger builds + uses: benc-uk/workflow-dispatch@25b02cc069be46d637e8fe2f1e8484008e9e9609 # v1.2.3 + with: + ref: ${{ github.event.repository.default_branch }} + workflow: ghcr-image-main-fork.yml + if: >- + fromJSON(steps.check-missing-commits.outputs.commit-count) > 0