mirrors/attic
1
0
Fork 0
mirror of https://github.com/zhaofengli/attic.git synced 2024-12-14 11:57:30 +00:00
Code Activity

Build and push multi-arch images

Browse source 
Fixes #147.
This commit is contained in:
Zhaofeng Li 2024-09-11 09:59:49 -04:00
parent 444ea808d5
commit b45885e67b
3 changed files with 141 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

60
.ci/build-and-push-images.sh Executable file
View file

@ -0,0 +1,60 @@
#!/usr/bin/env bash
set -euo pipefail
if [[ "$#" -lt "2" ]]; then
>&2 echo "Usage: $0 <image name> <tag1> ..."
>&2 echo "Example: $0 ghcr.io/zhaofengli/attic main abcd123"
exit 1
fi
cleanup() {
if [[ -f "${manifest_spec}" ]]; then
rm "${manifest_spec}"
fi
}
trap cleanup EXIT
image_name="$1"
tags=("${@:2}")
manifest_spec="$(mktemp -t attic-manifest-spec.XXXXXXXXXX)"
declare -a digests
emit_header() {
echo "image: ${image_name}"
echo "tags:"
for tag in "${tags[@]}"; do
echo "- ${tag}"
done
echo "manifests:"
}
push_digest() {
source_image="docker-archive:$1"
digest="$(skopeo inspect "${source_image}" | jq -r .Digest)"
target_image="docker://${image_name}@${digest}"
>&2 echo "${source_image}${target_image}"
>&2 skopeo copy --insecure-policy "${source_image}" "${target_image}"
echo -n "- "
skopeo inspect "${source_image}" | \
jq '{platform: {architecture: .Architecture, os: .Os}, image: ($image_name + "@" + .Digest)}' \
--arg image_name "${image_name}"
}
>>"${manifest_spec}" emit_header
nix build .#attic-server-image .#attic-server-image-aarch64 -L --print-out-paths | \
while read -r output; do
>>"${manifest_spec}" push_digest "${output}"
done
>&2 echo "----------"
>&2 echo "Generated manifest-tool spec:"
>&2 echo "----------"
cat "${manifest_spec}"
>&2 echo "----------"
manifest-tool push from-spec "${manifest_spec}"

98
.github/workflows/build.yml vendored
View file

@ -4,7 +4,7 @@ on:
push:
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
IMAGE_NAME: ghcr.io/${{ github.repository }}
jobs:
tests:
strategy:
@ -17,9 +17,6 @@ jobs:
- "2.24"
- "default"
runs-on: ${{ matrix.os }}
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v4.1.1
@ -38,6 +35,7 @@ jobs:
fi
- name: Configure Attic
continue-on-error: true
run: |
: "${ATTIC_SERVER:=https://staging.attic.rs/}"
: "${ATTIC_CACHE:=attic-ci}"
@ -75,30 +73,88 @@ jobs:
.#internalMatrix."$system".\"${{ matrix.nix }}\".cargoArtifacts \
| xargs attic push "ci:$ATTIC_CACHE"
fi
image:
runs-on: ubuntu-latest
if: github.event_name == 'push'
needs:
- tests
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v4.1.1
- name: Install current Bash on macOS
if: runner.os == 'macOS'
run: |
command -v brew && brew install bash || true
- uses: DeterminateSystems/nix-installer-action@v9
continue-on-error: true # Self-hosted runners already have Nix installed
- name: Install Attic
run: |
if ! command -v attic &> /dev/null; then
./.github/install-attic-ci.sh
fi
- name: Configure Attic
continue-on-error: true
run: |
: "${ATTIC_SERVER:=https://staging.attic.rs/}"
: "${ATTIC_CACHE:=attic-ci}"
echo ATTIC_CACHE=$ATTIC_CACHE >>$GITHUB_ENV
export PATH=$HOME/.nix-profile/bin:$PATH # FIXME
attic login --set-default ci "$ATTIC_SERVER" "$ATTIC_TOKEN"
attic use "$ATTIC_CACHE"
env:
ATTIC_SERVER: ${{ secrets.ATTIC_SERVER }}
ATTIC_CACHE: ${{ secrets.ATTIC_CACHE }}
ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }}
- name: Cache dev shell
run: |
.ci/cache-shell.sh
system=$(nix-instantiate --eval -E 'builtins.currentSystem')
echo system=$system >>$GITHUB_ENV
- name: Log in to the Container registry
uses: docker/login-action@v3.0.0
if: runner.os == 'Linux' && github.event_name == 'push' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch)
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Push build container image
if: runner.os == 'Linux' && github.event_name == 'push' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch)
- name: Build and push container images
continue-on-error: true
run: |
IMAGE_ID=ghcr.io/${IMAGE_NAME}
TARBALL=$(nix build --json .#attic-server-image | jq -r '.[].outputs.out')
BRANCH=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
TAG="${{ github.sha }}"
[[ "${{ github.ref }}" == "refs/tags/"* ]] && TAG=$(echo $BRANCH | sed -e 's/^v//')
docker load < ${TARBALL}
echo IMAGE_ID=$IMAGE_ID
echo TAG=$TAG
docker tag attic-server:main "${IMAGE_ID}:${TAG}"
docker push ${IMAGE_ID}:${TAG}
if [ "$BRANCH" == "main" ]; then
TAG="latest"
docker tag attic-server:main "${IMAGE_ID}:${TAG}"
docker push ${IMAGE_ID}:${TAG}
declare -a tags
tags+=("${{ github.sha }}")
branch=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
if [[ "${{ github.ref }}" == "refs/tags/"* ]]; then
tags+=("$(echo $branch | sed -e 's/^v//')")
else
tags+=("${branch}")
fi
if [ "$branch" == "${{ github.event.repository.default_branch }}" ]; then
tags+=("latest")
fi
>&2 echo "Image: ${IMAGE_NAME}"
>&2 echo "Tags: ${tags[@]}"
.ci/run just ci-build-and-push-images "${IMAGE_NAME}" "${tags[@]}"
# TODO: Just take a diff of the list of store paths, also abstract all of this out
- name: Push build artifacts
run: |
export PATH=$HOME/.nix-profile/bin:$PATH # FIXME
if [ -n "$ATTIC_TOKEN" ]; then
nix build --no-link --print-out-paths -L \
.#attic-server-image \
.#attic-server-image-aarch64 \
| xargs attic push "ci:$ATTIC_CACHE"
fi

4
justfile
View file

@ -45,3 +45,7 @@ ci-unit-tests matrix:
# (CI) Run rustfmt check
ci-rustfmt:
cargo fmt --check
# (CI) Build and push images
ci-build-and-push-images *args:
.ci/build-and-push-images.sh {{ args }}