From 0da11fdbaa4ddcf3c1113ad91e6f8774b0d6c7c1 Mon Sep 17 00:00:00 2001 From: Kai Salmen Date: Fri, 23 Aug 2024 10:50:17 +0200 Subject: [PATCH] WIP: Build containers with GHA --- .editorconfig | 3 + .github/workflows/images.yml | 142 +++++++++++++++++++++++++++++++++++ 2 files changed, 145 insertions(+) create mode 100644 .github/workflows/images.yml diff --git a/.editorconfig b/.editorconfig index b9c69ddd1..14039a4e7 100644 --- a/.editorconfig +++ b/.editorconfig @@ -13,3 +13,6 @@ indent_size = 2 [*.md] indent_size = 2 + +[*.yml] +indent_size = 2 diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml new file mode 100644 index 000000000..51c73cbb8 --- /dev/null +++ b/.github/workflows/images.yml @@ -0,0 +1,142 @@ +name: Build container images + +on: + push: + branches: + - 'clangd-example' + workflow_dispatch: + +env: + REGISTRY: ghcr.io + REPO_NAME: ${{ github.repository }} + +jobs: + images-simple: + name: Images Build & Deploy + runs-on: ubuntu-latest + + permissions: + contents: read + packages: write + attestations: write + id-token: write + + strategy: + matrix: + image_names: [ eclipse.jdt.ls, groovy, clangd ] + + timeout-minutes: 15 + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ${{ env.REGISTRY }}/${{ env.REPO_NAME }}/${{ matrix.image_names }} + # enforce latest tag for now + tags: | + type=raw,value=latest + + - name: Build & Push + id: push + uses: docker/build-push-action@v6 + with: + context: ./packages/examples/resources/${{ matrix.image_names }} + file: ./packages/examples/resources/${{ matrix.image_names }}/Dockerfile + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + - name: Attest + uses: actions/attest-build-provenance@v1 + with: + subject-name: ${{ env.REGISTRY }}/${{ env.REPO_NAME }}/${{ matrix.image_names }} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true + + + images-clangd: + name: Clangd Build & Deploy + runs-on: ubuntu-latest + + permissions: + contents: read + packages: write + attestations: write + id-token: write + + timeout-minutes: 60 + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (configure) + id: meta_configure + uses: docker/metadata-action@v5 + with: + images: | + ${{ env.REGISTRY }}/${{ env.REPO_NAME }}/clangd-configure + # enforce latest tag for now + tags: | + type=raw,value=latest + + - name: Extract metadata (build) + id: meta_build + uses: docker/metadata-action@v5 + with: + images: | + ${{ env.REGISTRY }}/${{ env.REPO_NAME }}/clangd-build + # enforce latest tag for now + tags: | + type=raw,value=latest + + - name: Build & Push (configure) + id: push_configure + uses: docker/build-push-action@v6 + with: + context: ./packages/examples/resources/clangd + file: ./packages/examples/resources/clangd/configure.Dockerfile + push: true + tags: ${{ steps.meta_configure.outputs.tags }} + labels: ${{ steps.meta_configure.outputs.labels }} + + - name: Build & Push (build) + id: push_build + uses: docker/build-push-action@v6 + with: + context: ./packages/examples/resources/clangd + file: ./packages/examples/resources/clangd/build.Dockerfile + push: true + tags: ${{ steps.meta_build.outputs.tags }} + labels: ${{ steps.meta_build.outputs.labels }} + + - name: Attest (configure) + uses: actions/attest-build-provenance@v1 + with: + subject-name: ${{ env.REGISTRY }}/${{ env.REPO_NAME }}//clangd-configure + subject-digest: ${{ steps.push_configure.outputs.digest }} + push-to-registry: true + + - name: Attest (configure) + uses: actions/attest-build-provenance@v1 + with: + subject-name: ${{ env.REGISTRY }}/${{ env.REPO_NAME }}/clangd-build + subject-digest: ${{ steps.push_build.outputs.digest }} + push-to-registry: true