mirror of
https://github.com/neondatabase/neon.git
synced 2026-01-08 22:12:56 +00:00
913b5b7027
## Problem We call `check-build-tools-image` twice for each workflow whenever we use it, along with `build-build-tools-image`, once as a workflow itself, and the second time from `build-build-tools-image`. This is not necessary. ## Summary of changes - Inline `check-build-tools-image` into `build-build-tools-image` - Remove separate `check-build-tools-image` workflow
133 lines
4.6 KiB
YAML
133 lines
4.6 KiB
YAML
name: Build build-tools image
|
|
|
|
on:
|
|
workflow_call:
|
|
outputs:
|
|
image-tag:
|
|
description: "build-tools tag"
|
|
value: ${{ jobs.check-image.outputs.tag }}
|
|
image:
|
|
description: "build-tools image"
|
|
value: neondatabase/build-tools:${{ jobs.check-image.outputs.tag }}
|
|
|
|
defaults:
|
|
run:
|
|
shell: bash -euo pipefail {0}
|
|
|
|
# The initial idea was to prevent the waste of resources by not re-building the `build-tools` image
|
|
# for the same tag in parallel workflow runs, and queue them to be skipped once we have
|
|
# the first image pushed to Docker registry, but GitHub's concurrency mechanism is not working as expected.
|
|
# GitHub can't have more than 1 job in a queue and removes the previous one, it causes failures if the dependent jobs.
|
|
#
|
|
# Ref https://github.com/orgs/community/discussions/41518
|
|
#
|
|
# concurrency:
|
|
# group: build-build-tools-image-${{ inputs.image-tag }}
|
|
# cancel-in-progress: false
|
|
|
|
# No permission for GITHUB_TOKEN by default; the **minimal required** set of permissions should be granted in each job.
|
|
permissions: {}
|
|
|
|
jobs:
|
|
check-image:
|
|
runs-on: ubuntu-22.04
|
|
outputs:
|
|
tag: ${{ steps.get-build-tools-tag.outputs.image-tag }}
|
|
found: ${{ steps.check-image.outputs.found }}
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Get build-tools image tag for the current commit
|
|
id: get-build-tools-tag
|
|
env:
|
|
IMAGE_TAG: |
|
|
${{ hashFiles('build-tools.Dockerfile',
|
|
'.github/workflows/build-build-tools-image.yml') }}
|
|
run: |
|
|
echo "image-tag=${IMAGE_TAG}" | tee -a $GITHUB_OUTPUT
|
|
|
|
- name: Check if such tag found in the registry
|
|
id: check-image
|
|
env:
|
|
IMAGE_TAG: ${{ steps.get-build-tools-tag.outputs.image-tag }}
|
|
run: |
|
|
if docker manifest inspect neondatabase/build-tools:${IMAGE_TAG}; then
|
|
found=true
|
|
else
|
|
found=false
|
|
fi
|
|
|
|
echo "found=${found}" | tee -a $GITHUB_OUTPUT
|
|
|
|
|
|
build-image:
|
|
needs: [ check-image ]
|
|
if: needs.check-image.outputs.found == 'false'
|
|
|
|
strategy:
|
|
matrix:
|
|
debian-version: [ bullseye, bookworm ]
|
|
arch: [ x64, arm64 ]
|
|
|
|
runs-on: ${{ fromJson(format('["self-hosted", "{0}"]', matrix.arch == 'arm64' && 'large-arm64' || 'large')) }}
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- uses: neondatabase/dev-actions/set-docker-config-dir@6094485bf440001c94a94a3f9e221e81ff6b6193
|
|
- uses: docker/setup-buildx-action@v3
|
|
with:
|
|
cache-binary: false
|
|
|
|
- uses: docker/login-action@v3
|
|
with:
|
|
username: ${{ secrets.NEON_DOCKERHUB_USERNAME }}
|
|
password: ${{ secrets.NEON_DOCKERHUB_PASSWORD }}
|
|
|
|
- uses: docker/login-action@v3
|
|
with:
|
|
registry: cache.neon.build
|
|
username: ${{ secrets.NEON_CI_DOCKERCACHE_USERNAME }}
|
|
password: ${{ secrets.NEON_CI_DOCKERCACHE_PASSWORD }}
|
|
|
|
- uses: docker/build-push-action@v6
|
|
with:
|
|
file: build-tools.Dockerfile
|
|
context: .
|
|
provenance: false
|
|
push: true
|
|
pull: true
|
|
build-args: |
|
|
DEBIAN_VERSION=${{ matrix.debian-version }}
|
|
cache-from: type=registry,ref=cache.neon.build/build-tools:cache-${{ matrix.debian-version }}-${{ matrix.arch }}
|
|
cache-to: ${{ github.ref_name == 'main' && format('type=registry,ref=cache.neon.build/build-tools:cache-{0}-{1},mode=max', matrix.debian-version, matrix.arch) || '' }}
|
|
tags: |
|
|
neondatabase/build-tools:${{ needs.check-image.outputs.tag }}-${{ matrix.debian-version }}-${{ matrix.arch }}
|
|
|
|
merge-images:
|
|
needs: [ check-image, build-image ]
|
|
runs-on: ubuntu-22.04
|
|
|
|
steps:
|
|
- uses: docker/login-action@v3
|
|
with:
|
|
username: ${{ secrets.NEON_DOCKERHUB_USERNAME }}
|
|
password: ${{ secrets.NEON_DOCKERHUB_PASSWORD }}
|
|
|
|
- name: Create multi-arch image
|
|
env:
|
|
DEFAULT_DEBIAN_VERSION: bullseye
|
|
IMAGE_TAG: ${{ needs.check-image.outputs.tag }}
|
|
run: |
|
|
for debian_version in bullseye bookworm; do
|
|
tags=("-t" "neondatabase/build-tools:${IMAGE_TAG}-${debian_version}")
|
|
if [ "${debian_version}" == "${DEFAULT_DEBIAN_VERSION}" ]; then
|
|
tags+=("-t" "neondatabase/build-tools:${IMAGE_TAG}")
|
|
fi
|
|
|
|
docker buildx imagetools create "${tags[@]}" \
|
|
neondatabase/build-tools:${IMAGE_TAG}-${debian_version}-x64 \
|
|
neondatabase/build-tools:${IMAGE_TAG}-${debian_version}-arm64
|
|
done
|