A .github/workflows/build-container-image.yml => .github/workflows/build-container-image.yml +94 -0
@@ 0,0 1,94 @@
+on:
+ workflow_call:
+ inputs:
+ platforms:
+ required: true
+ type: string
+ use_native_arm64_builder:
+ type: boolean
+ push_to_images:
+ type: string
+ version_suffix:
+ type: string
+ flavor:
+ type: string
+ tags:
+ type: string
+ labels:
+ type: string
+
+jobs:
+ build-image:
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v3
+
+ - uses: docker/setup-qemu-action@v2
+ if: contains(inputs.platforms, 'linux/arm64') && !inputs.use_native_arm64_builder
+
+ - uses: docker/setup-buildx-action@v2
+ id: buildx
+ if: ${{ !(inputs.use_native_arm64_builder && contains(inputs.platforms, 'linux/arm64')) }}
+
+ - name: Start a local Docker Builder
+ if: inputs.use_native_arm64_builder && contains(inputs.platforms, 'linux/arm64')
+ run: |
+ docker run --rm -d --name buildkitd -p 1234:1234 --privileged moby/buildkit:latest --addr tcp://0.0.0.0:1234
+
+ - uses: docker/setup-buildx-action@v2
+ id: buildx-native
+ if: inputs.use_native_arm64_builder && contains(inputs.platforms, 'linux/arm64')
+ with:
+ driver: remote
+ endpoint: tcp://localhost:1234
+ platforms: linux/amd64
+ append: |
+ - endpoint: tcp://${{ vars.DOCKER_BUILDER_HETZNER_ARM64_01_HOST }}:13865
+ platforms: linux/arm64
+ name: mastodon-docker-builder-arm64-01
+ driver-opts:
+ - servername=mastodon-docker-builder-arm64-01
+ env:
+ BUILDER_NODE_1_AUTH_TLS_CACERT: ${{ secrets.DOCKER_BUILDER_HETZNER_ARM64_01_CACERT }}
+ BUILDER_NODE_1_AUTH_TLS_CERT: ${{ secrets.DOCKER_BUILDER_HETZNER_ARM64_01_CERT }}
+ BUILDER_NODE_1_AUTH_TLS_KEY: ${{ secrets.DOCKER_BUILDER_HETZNER_ARM64_01_KEY }}
+
+ - name: Log in to Docker Hub
+ if: contains(inputs.push_to_images, 'tootsuite')
+ uses: docker/login-action@v2
+ with:
+ username: ${{ secrets.DOCKERHUB_USERNAME }}
+ password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+ - name: Log in to the Github Container registry
+ if: contains(inputs.push_to_images, 'ghcr.io')
+ uses: docker/login-action@v2
+ with:
+ registry: ghcr.io
+ username: ${{ github.actor }}
+ password: ${{ secrets.GITHUB_TOKEN }}
+
+ - uses: docker/metadata-action@v4
+ id: meta
+ if: ${{ inputs.push_to_images != '' }}
+ with:
+ images: ${{ inputs.push_to_images }}
+ # Only tag with latest when ran against the latest stable branch
+ # This needs to be updated after each minor version release
+ flavor: ${{ inputs.flavor }}
+ tags: ${{ inputs.tags }}
+ labels: ${{ inputs.labels }}
+
+ - uses: docker/build-push-action@v4
+ with:
+ context: .
+ build-args: MASTODON_VERSION_SUFFIX=${{ inputs.version_suffix }}
+ platforms: ${{ inputs.platforms }}
+ provenance: false
+ builder: ${{ steps.buildx.outputs.name || steps.buildx-native.outputs.name }}
+ push: ${{ inputs.push_to_images != '' }}
+ tags: ${{ steps.meta.outputs.tags }}
+ labels: ${{ steps.meta.outputs.labels }}
+ cache-from: type=gha
+ cache-to: type=gha,mode=max
D .github/workflows/build-image.yml => .github/workflows/build-image.yml +0 -79
@@ 1,79 0,0 @@
-name: Build container image
-on:
- workflow_dispatch:
- push:
- branches:
- - 'main'
- tags:
- - '*'
- pull_request:
- paths:
- - .github/workflows/build-image.yml
- - Dockerfile
-permissions:
- contents: read
- packages: write
-
-jobs:
- build-image:
- runs-on: ubuntu-latest
-
- concurrency:
- group: ${{ github.workflow }}-${{ github.ref }}
- cancel-in-progress: true
-
- steps:
- - uses: actions/checkout@v3
- - uses: hadolint/hadolint-action@v3.1.0
- - uses: docker/setup-qemu-action@v2
- - uses: docker/setup-buildx-action@v2
-
- - name: Log in to Docker Hub
- uses: docker/login-action@v2
- with:
- username: ${{ secrets.DOCKERHUB_USERNAME }}
- password: ${{ secrets.DOCKERHUB_TOKEN }}
- if: github.repository == 'mastodon/mastodon' && github.event_name != 'pull_request'
-
- - name: Log in to the Github Container registry
- uses: docker/login-action@v2
- with:
- registry: ghcr.io
- username: ${{ github.actor }}
- password: ${{ secrets.GITHUB_TOKEN }}
- if: github.repository == 'mastodon/mastodon' && github.event_name != 'pull_request'
-
- - uses: docker/metadata-action@v4
- id: meta
- with:
- images: |
- tootsuite/mastodon
- ghcr.io/mastodon/mastodon
- # Only tag with latest when ran against the latest stable branch
- # This needs to be updated after each minor version release
- flavor: |
- latest=${{ startsWith(github.ref, 'refs/tags/v4.1.') }}
- tags: |
- type=edge,branch=main
- type=pep440,pattern={{raw}}
- type=pep440,pattern=v{{major}}.{{minor}}
- type=ref,event=pr
-
- - name: Generate version suffix
- id: version_vars
- if: github.repository == 'mastodon/mastodon' && github.event_name == 'push' && github.ref_name == 'main'
- run: |
- echo mastodon_version_suffix=+edge-$(git rev-parse --short HEAD) >> $GITHUB_OUTPUT
-
- - uses: docker/build-push-action@v4
- with:
- context: .
- build-args: MASTODON_VERSION_SUFFIX=${{ steps.version_vars.outputs.mastodon_version_suffix }}
- platforms: linux/amd64,linux/arm64
- provenance: false
- builder: ${{ steps.buildx.outputs.name }}
- push: ${{ github.repository == 'mastodon/mastodon' && github.event_name != 'pull_request' }}
- tags: ${{ steps.meta.outputs.tags }}
- labels: ${{ steps.meta.outputs.labels }}
- cache-from: type=gha
- cache-to: type=gha,mode=max
M .github/workflows/build-nightly.yml => .github/workflows/build-nightly.yml +24 -45
@@ 3,58 3,37 @@ on:
workflow_dispatch:
schedule:
- cron: '0 2 * * *' # run at 2 AM UTC
+
permissions:
contents: read
packages: write
jobs:
- build-nightly-image:
+ compute-suffix:
runs-on: ubuntu-latest
-
- concurrency:
- group: ${{ github.workflow }}-${{ github.ref }}
- cancel-in-progress: true
-
steps:
- - uses: actions/checkout@v3
- - uses: hadolint/hadolint-action@v3.1.0
- - uses: docker/setup-qemu-action@v2
- - uses: docker/setup-buildx-action@v2
-
- - name: Log in to the Github Container registry
- uses: docker/login-action@v2
- with:
- registry: ghcr.io
- username: ${{ github.actor }}
- password: ${{ secrets.GITHUB_TOKEN }}
-
- - uses: docker/metadata-action@v4
- id: meta
- with:
- images: |
- ghcr.io/mastodon/mastodon
- flavor: |
- latest=auto
- tags: |
- type=raw,value=nightly
- type=schedule,pattern=nightly-{{date 'YYYY-MM-DD' tz='Etc/UTC'}}
- labels: |
- org.opencontainers.image.description=Nightly build image used for testing purposes
-
- - name: Generate version suffix
- id: version_vars
+ - id: version_vars
run: |
echo mastodon_version_suffix=+nightly-$(date +'%Y%m%d') >> $GITHUB_OUTPUT
+ outputs:
+ suffix: ${{ steps.version_vars.outputs.mastodon_version_suffix }}
- - uses: docker/build-push-action@v4
- with:
- context: .
- build-args: MASTODON_VERSION_SUFFIX=${{ steps.version_vars.outputs.mastodon_version_suffix }}
- platforms: linux/amd64,linux/arm64
- provenance: false
- builder: ${{ steps.buildx.outputs.name }}
- push: ${{ github.repository == 'mastodon/mastodon' && github.event_name != 'pull_request' }}
- tags: ${{ steps.meta.outputs.tags }}
- labels: ${{ steps.meta.outputs.labels }}
- cache-from: type=gha
- cache-to: type=gha,mode=max
+ build-image:
+ needs: compute-suffix
+ uses: ./.github/workflows/build-container-image.yml
+ with:
+ platforms: linux/amd64,linux/arm64
+ use_native_arm64_builder: true
+ push_to_images: |
+ tootsuite/mastodon
+ ghcr.io/mastodon/mastodon
+ version_suffix: ${{ needs.compute-suffix.outputs.suffix }}
+ labels: |
+ org.opencontainers.image.description=Nightly build image used for testing purposes
+ flavor: |
+ latest=auto
+ tags: |
+ type=raw,value=edge
+ type=raw,value=nightly
+ type=schedule,pattern=nightly-{{date 'YYYY-MM-DD' tz='Etc/UTC'}}
+ secrets: inherit
A .github/workflows/build-push-pr.yml => .github/workflows/build-push-pr.yml +34 -0
@@ 0,0 1,34 @@
+name: Build container image for PR
+on:
+ pull_request:
+ types: [labeled, synchronize, reopened, ready_for_review, opened]
+
+permissions:
+ contents: read
+ packages: write
+
+jobs:
+ compute-suffix:
+ runs-on: ubuntu-latest
+ if: ${{ !github.event.pull_request.draft && contains(github.event.pull_request.labels.*.name, 'build-image') }}
+ steps:
+ - id: version_vars
+ run: |
+ echo mastodon_version_suffix=+pr-${{ github.event.pull_request.number }}-$(git rev-parse --short HEAD) >> $GITHUB_OUTPUT
+ outputs:
+ suffix: ${{ steps.version_vars.outputs.mastodon_version_suffix }}
+
+ build-image:
+ needs: compute-suffix
+ uses: ./.github/workflows/build-container-image.yml
+ with:
+ platforms: linux/amd64,linux/arm64
+ use_native_arm64_builder: true
+ push_to_images: |
+ ghcr.io/mastodon/mastodon
+ version_suffix: ${{ needs.compute-suffix.outputs.suffix }}
+ flavor: |
+ latest=auto
+ tags: |
+ type=ref,event=pr
+ secrets: inherit
A .github/workflows/build-releases.yml => .github/workflows/build-releases.yml +25 -0
@@ 0,0 1,25 @@
+name: Build container release images
+on:
+ push:
+ tags:
+ - '*'
+
+permissions:
+ contents: read
+ packages: write
+
+jobs:
+ build-image:
+ uses: ./.github/workflows/build-container-image.yml
+ with:
+ platforms: linux/amd64,linux/arm64
+ use_native_arm64_builder: true
+ push_to_images: |
+ tootsuite/mastodon
+ ghcr.io/mastodon/mastodon
+ flavor: |
+ latest=${{ startsWith(github.ref, 'refs/tags/v4.1.') }}
+ tags: |
+ type=pep440,pattern={{raw}}
+ type=pep440,pattern=v{{major}}.{{minor}}
+ secrets: inherit
A .github/workflows/test-image-build.yml => .github/workflows/test-image-build.yml +21 -0
@@ 0,0 1,21 @@
+name: Test container image build
+on:
+ pull_request:
+ paths:
+ - .github/workflows/build-nightly.yml
+ - .github/workflows/build-push-pr.yml
+ - .github/workflows/build-releases.yml
+ - .github/workflows/test-image-build.yml
+ - Dockerfile
+permissions:
+ contents: read
+
+jobs:
+ build-image:
+ concurrency:
+ group: ${{ github.workflow }}-${{ github.ref }}
+ cancel-in-progress: true
+
+ uses: ./.github/workflows/build-container-image.yml
+ with:
+ platforms: linux/amd64 # Testing only on native platform so it is performant