diff --git a/.github/workflows/extension_ci.yml b/.github/workflows/extension_ci.yml index f924549..79df542 100644 --- a/.github/workflows/extension_ci.yml +++ b/.github/workflows/extension_ci.yml @@ -9,17 +9,15 @@ on: pull_request: branches: - main - paths-ignore: - - "README.md" - - docs/** - - ".github/workflows/server_ci.yml" + paths: + - ".github/workflows/extension_ci.yml" + - "extension/**" push: branches: - main - paths-ignore: - - "README.md" - - docs/** - - ".github/workflows/server_ci.yml" + paths: + - ".github/workflows/extension_ci.yml" + - "extension/**" release: types: - created diff --git a/.github/workflows/pg-image-build.yml b/.github/workflows/pg-image-build.yml index 9668f34..75021f3 100644 --- a/.github/workflows/pg-image-build.yml +++ b/.github/workflows/pg-image-build.yml @@ -19,9 +19,7 @@ on: - "extension/**" - "images/vectorize-pg/**" - ".github/workflows/pg-image-build.yml" - release: - types: - - created + tags: ['extension-v[0-9]+.[0-9]+.[0-9]+'] jobs: build_and_push_amd64: name: Build and push AMD64 images diff --git a/.github/workflows/pgxn-release.yml b/.github/workflows/pgxn-release.yml index 5af8fe6..e466e01 100644 --- a/.github/workflows/pgxn-release.yml +++ b/.github/workflows/pgxn-release.yml @@ -1,8 +1,9 @@ name: 🚀 Release on PGXN on: push: - # Release on semantic version tag. - tags: ['v[0-9]+.[0-9]+.[0-9]+'] + # Release only when the pushed tag is a semantic extension release like + # `extension-v1.2.3`. Keep the numeric pattern in the event trigger. + tags: ['extension-v[0-9]+.[0-9]+.[0-9]+'] jobs: release: name: Release on PGXN diff --git a/.github/workflows/server_ci.yml b/.github/workflows/server_ci.yml index 5557d29..cd099f0 100644 --- a/.github/workflows/server_ci.yml +++ b/.github/workflows/server_ci.yml @@ -4,9 +4,19 @@ on: pull_request: branches: - main + paths: + - "server/**" + - "worker/**" + - "core/**" + - ".github/workflows/server_ci.yml" push: branches: - main + paths: + - "server/**" + - "worker/**" + - "core/**" + - ".github/workflows/server_ci.yml" jobs: lint: @@ -70,30 +80,30 @@ jobs: - name: Set version strings id: versions run: echo "SHORT_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Login to GHCR - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push -- Commit - run: | - docker build \ - -f ./server/Dockerfile \ - -t ghcr.io/chuckhend/vectorize-server:${{ steps.versions.outputs.SHORT_SHA }}-amd64 . - docker push ghcr.io/chuckhend/vectorize-server:${{ steps.versions.outputs.SHORT_SHA }}-amd64 - - - name: Build and push -- Release - if: github.ref == 'refs/heads/main' - run: | - docker build \ - -f ./server/Dockerfile \ - -t ghcr.io/chuckhend/vectorize-server:latest-amd64 . - docker push ghcr.io/chuckhend/vectorize-server:latest-amd64 + uses: docker/build-push-action@v6 + with: + context: . + file: ./server/Dockerfile + platforms: linux/amd64 + push: true + tags: | + ghcr.io/chuckhend/vectorize-server:${{ steps.versions.outputs.SHORT_SHA }}-amd64 + cache-from: type=gha + cache-to: type=gha,mode=max + provenance: true + sbom: true build_and_push_arm64: name: Build and push ARM64 images @@ -112,28 +122,23 @@ jobs: uses: docker/setup-buildx-action@v3 - name: Login to GHCR - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push -- Commit - run: | - docker build \ - -f ./server/Dockerfile \ - --platform linux/arm64 \ - -t ghcr.io/chuckhend/vectorize-server:${{ steps.versions.outputs.SHORT_SHA }}-arm64 . - docker push ghcr.io/chuckhend/vectorize-server:${{ steps.versions.outputs.SHORT_SHA }}-arm64 - - - name: Build and push -- Release - if: github.ref == 'refs/heads/main' - run: | - docker build \ - -f ./server/Dockerfile \ - --platform linux/arm64 \ - -t ghcr.io/chuckhend/vectorize-server:latest-arm64 . - docker push ghcr.io/chuckhend/vectorize-server:latest-arm64 + uses: docker/build-push-action@v6 + with: + context: . + file: ./server/Dockerfile + platforms: linux/arm64 + push: true + tags: | + ghcr.io/chuckhend/vectorize-server:${{ steps.versions.outputs.SHORT_SHA }}-arm64 + provenance: true + sbom: true create_manifest: name: Create and Push Manifest @@ -147,39 +152,26 @@ jobs: uses: actions/checkout@v4 - name: Login to GHCR - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: Set version string id: versions run: echo "SHORT_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Create and push Docker manifest -- Commit run: | - docker manifest create \ - ghcr.io/chuckhend/vectorize-server:${{ steps.versions.outputs.SHORT_SHA }} \ + # Create a multi-arch image manifest from the two architecture-specific tags + docker buildx imagetools create \ + --tag ghcr.io/chuckhend/vectorize-server:${{ steps.versions.outputs.SHORT_SHA }} \ ghcr.io/chuckhend/vectorize-server:${{ steps.versions.outputs.SHORT_SHA }}-arm64 \ ghcr.io/chuckhend/vectorize-server:${{ steps.versions.outputs.SHORT_SHA }}-amd64 - docker manifest annotate ghcr.io/chuckhend/vectorize-server:${{ steps.versions.outputs.SHORT_SHA }} ghcr.io/chuckhend/vectorize-server:${{ steps.versions.outputs.SHORT_SHA }}-arm64 --arch arm64 --os linux - docker manifest annotate ghcr.io/chuckhend/vectorize-server:${{ steps.versions.outputs.SHORT_SHA }} ghcr.io/chuckhend/vectorize-server:${{ steps.versions.outputs.SHORT_SHA }}-amd64 --arch amd64 --os linux - docker manifest push ghcr.io/chuckhend/vectorize-server:${{ steps.versions.outputs.SHORT_SHA }} - - - name: Create and push Docker manifest -- latest (main) - # only push latest off main - if: github.ref == 'refs/heads/main' - run: | - docker manifest create \ - ghcr.io/chuckhend/vectorize-server:latest \ - ghcr.io/chuckhend/vectorize-server:latest-arm64 \ - ghcr.io/chuckhend/vectorize-server:latest-amd64 - - docker manifest annotate ghcr.io/chuckhend/vectorize-server:latest ghcr.io/chuckhend/vectorize-server:latest-arm64 --arch arm64 --os linux - docker manifest annotate ghcr.io/chuckhend/vectorize-server:latest ghcr.io/chuckhend/vectorize-server:latest-amd64 --arch amd64 --os linux - docker manifest push ghcr.io/chuckhend/vectorize-server:latest \ No newline at end of file + # Inspect the created manifest to ensure it's correct + docker buildx imagetools inspect ghcr.io/chuckhend/vectorize-server:${{ steps.versions.outputs.SHORT_SHA }} diff --git a/.github/workflows/server_release.yml b/.github/workflows/server_release.yml new file mode 100644 index 0000000..9f91c18 --- /dev/null +++ b/.github/workflows/server_release.yml @@ -0,0 +1,119 @@ +name: Vectorize Server Release (tag) + +on: + push: + tags: ['v[0-9]+.[0-9]+.[0-9]+'] + +jobs: + build_and_push_amd64: + name: Build and push AMD64 images (tag) + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Extract tag + id: tag + run: echo "TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to GHCR + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push -- Tag + uses: docker/build-push-action@v6 + with: + context: . + file: ./server/Dockerfile + platforms: linux/amd64 + push: true + tags: | + ghcr.io/chuckhend/vectorize-server:${{ steps.tag.outputs.TAG }}-amd64 + ghcr.io/chuckhend/vectorize-server:latest-amd64 + cache-from: type=gha + cache-to: type=gha,mode=max + provenance: true + sbom: true + + build_and_push_arm64: + name: Build and push ARM64 images (tag) + runs-on: ubicloud-standard-2-arm-ubuntu-2204 + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Extract tag + id: tag + run: echo "TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to GHCR + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push -- Tag + uses: docker/build-push-action@v6 + with: + context: . + file: ./server/Dockerfile + platforms: linux/arm64 + push: true + tags: | + ghcr.io/chuckhend/vectorize-server:${{ steps.tag.outputs.TAG }}-arm64 + ghcr.io/chuckhend/vectorize-server:latest-arm64 + provenance: true + sbom: true + + create_manifest: + name: Create and Push Manifest (tag) + runs-on: ubuntu-latest + needs: [build_and_push_arm64, build_and_push_amd64] + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Login to GHCR + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract tag + id: tag + run: echo "TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT + + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Create and push Docker manifest — Version and latest + run: | + # Create a multi-arch image manifest for the version tag + docker buildx imagetools create \ + --tag ghcr.io/chuckhend/vectorize-server:${{ steps.tag.outputs.TAG }} \ + ghcr.io/chuckhend/vectorize-server:${{ steps.tag.outputs.TAG }}-arm64 \ + ghcr.io/chuckhend/vectorize-server:${{ steps.tag.outputs.TAG }}-amd64 + + # Inspect the created version manifest to ensure it's correct + docker buildx imagetools inspect ghcr.io/chuckhend/vectorize-server:${{ steps.tag.outputs.TAG }} + + # Create/update the 'latest' multi-arch manifest pointing to the architecture-specific latest tags + docker buildx imagetools create \ + --tag ghcr.io/chuckhend/vectorize-server:latest \ + ghcr.io/chuckhend/vectorize-server:latest-arm64 \ + ghcr.io/chuckhend/vectorize-server:latest-amd64 + + # Inspect the created latest manifest + docker buildx imagetools inspect ghcr.io/chuckhend/vectorize-server:latest