add leng-image to flake outputs and push on CI rather than docker build #160
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - 'master' | |
| - 'fix-actions-artefact' | |
| tags: | |
| - 'v*' | |
| env: | |
| # Use docker.io for Docker Hub if empty | |
| REGISTRY: ghcr.io | |
| # github.repository as <account>/<repo> | |
| IMAGE_NAME: ${{ github.repository }} | |
| REGISTRY_IMAGE: "ghcr.io/cottand/leng" | |
| jobs: | |
| publish-nix-container: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| system: | |
| - aarch64-linux | |
| - x86_64-linux | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/[email protected] | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: cachix/install-nix-action@v29 | |
| with: | |
| github_access_token: ${{ secrets.GITHUB_TOKEN }} | |
| extra_nix_config: | | |
| extra-platforms = ${{ matrix.system }} | |
| - uses: DeterminateSystems/magic-nix-cache-action@main | |
| - uses: docker/setup-qemu-action@v1 | |
| # build in parallel | |
| - run: nix build .#packages.${{ matrix.system }}.leng-container-image -L | |
| - name: Tag and push image | |
| run: | | |
| git_sha=$(git rev-parse --short "$GITHUB_SHA") | |
| label=$git_sha-${{ matrix.system }} | |
| docker load < result | |
| docker tag leng:nix ${{ env.REGISTRY_IMAGE }}:$label | |
| docker push ${{ env.REGISTRY_IMAGE }}:$label | |
| # export digest | |
| docker pull ${{ env.REGISTRY_IMAGE }}:$label | |
| full=$(docker image inspect ${{ env.REGISTRY_IMAGE }}:$label --format "{{index .RepoDigests 0}}") | |
| digest=${full#${{ env.REGISTRY_IMAGE }}@} | |
| mkdir -p /tmp/digests | |
| merge-docker: | |
| runs-on: ubuntu-latest | |
| needs: [publish-nix-container] | |
| steps: | |
| - name: Login to GitHub Container Registry | |
| uses: docker/[email protected] | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: digest for x86 | |
| run: | | |
| system=x86_64-linux | |
| git_sha=${GITHUB_SHA::7} | |
| label="${git_sha}-${system}" | |
| # export digest x86 | |
| docker pull ${{ env.REGISTRY_IMAGE }}:$label | |
| full=$(docker image inspect ${{ env.REGISTRY_IMAGE }}:$label --format "{{index .RepoDigests 0}}") | |
| digest=${full#${{ env.REGISTRY_IMAGE }}@} | |
| mkdir -p /tmp/digests | |
| touch "/tmp/digests/${digest#sha256:}" | |
| - name: digest for aarch64 | |
| run: | | |
| system=aarch64-linux | |
| git_sha=${GITHUB_SHA::7} | |
| label="${git_sha}-${system}" | |
| # export digest x86 | |
| docker pull ${{ env.REGISTRY_IMAGE }}:$label | |
| full=$(docker image inspect ${{ env.REGISTRY_IMAGE }}:$label --format "{{index .RepoDigests 0}}") | |
| digest=${full#${{ env.REGISTRY_IMAGE }}@} | |
| mkdir -p /tmp/digests | |
| touch "/tmp/digests/${digest#sha256:}" | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| # list of Docker images to use as base name for tags | |
| images: ${{ env.REGISTRY_IMAGE }} | |
| tags: | | |
| type=sha,event=push | |
| - name: Create manifest list and push | |
| working-directory: /tmp/digests | |
| run: | | |
| docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | |
| $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *) | |
| - name: Inspect image | |
| run: | | |
| docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} | |
| - name: Summary | |
| run: | | |
| echo "# Published \`${{ steps.meta.outputs.tags }}\`" >> $GITHUB_STEP_SUMMARY |