From 865557a838017932188ee8f4df715c0756f4e86f Mon Sep 17 00:00:00 2001 From: CrazyMax <1951866+crazy-max@users.noreply.github.com> Date: Fri, 28 Feb 2025 10:09:19 +0100 Subject: [PATCH 1/3] build: use tags input for distributed builds workflow Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com> --- .../build/ci/github-actions/multi-platform.md | 39 +++++-------------- 1 file changed, 9 insertions(+), 30 deletions(-) diff --git a/content/manuals/build/ci/github-actions/multi-platform.md b/content/manuals/build/ci/github-actions/multi-platform.md index 71b48d32267e..813db98233cc 100644 --- a/content/manuals/build/ci/github-actions/multi-platform.md +++ b/content/manuals/build/ci/github-actions/multi-platform.md @@ -124,8 +124,7 @@ on: push: env: - DOCKERHUB_REPO: docker-user/my-app - GHCR_REPO: ghcr.io/gh-user/my-app + REGISTRY_IMAGE: user/app jobs: build: @@ -146,9 +145,7 @@ jobs: id: meta uses: docker/metadata-action@v5 with: - images: | - ${{ env.DOCKERHUB_REPO }} - ${{ env.GHCR_REPO }} + images: ${{ env.REGISTRY_IMAGE }} - name: Login to Docker Hub uses: docker/login-action@v3 @@ -156,13 +153,6 @@ jobs: username: ${{ vars.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Login to GHCR - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Set up QEMU uses: docker/setup-qemu-action@v3 @@ -175,7 +165,8 @@ jobs: with: platforms: ${{ matrix.platform }} labels: ${{ steps.meta.outputs.labels }} - outputs: type=image,"name=${{ env.DOCKERHUB_REPO }},${{ env.GHCR_REPO }}",push-by-digest=true,name-canonical=true,push=true + tags: ${{ env.REGISTRY_IMAGE }} + outputs: type=image,push-by-digest=true,name-canonical=true,push=true - name: Export digest run: | @@ -209,13 +200,6 @@ jobs: username: ${{ vars.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Login to GHCR - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 @@ -223,9 +207,7 @@ jobs: id: meta uses: docker/metadata-action@v5 with: - images: | - ${{ env.DOCKERHUB_REPO }} - ${{ env.GHCR_REPO }} + images: ${{ env.REGISTRY_IMAGE }} tags: | type=ref,event=branch type=ref,event=pr @@ -236,14 +218,11 @@ jobs: working-directory: ${{ runner.temp }}/digests run: | docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ - $(printf '${{ env.DOCKERHUB_REPO }}@sha256:%s ' *) - docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ - $(printf '${{ env.GHCR_REPO }}@sha256:%s ' *) + $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *) - name: Inspect image run: | - docker buildx imagetools inspect ${{ env.DOCKERHUB_REPO }}:${{ steps.meta.outputs.version }} - docker buildx imagetools inspect ${{ env.GHCR_REPO }}:${{ steps.meta.outputs.version }} + docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} ``` ### With Bake @@ -377,9 +356,9 @@ jobs: cwd://${{ runner.temp }}/bake-meta.json targets: image set: | - *.tags= + *.tags=${{ env.REGISTRY_IMAGE }} *.platform=${{ matrix.platform }} - *.output=type=image,"name=${{ env.REGISTRY_IMAGE }}",push-by-digest=true,name-canonical=true,push=true + *.output=type=image,push-by-digest=true,name-canonical=true,push=true - name: Export digest run: | From dfd752e2bf4ca2b6b4f06d9c44304417b36ca5e8 Mon Sep 17 00:00:00 2001 From: Nicolas Beck Date: Fri, 28 Feb 2025 12:08:25 +0100 Subject: [PATCH 2/3] Share image build cloud (#22127) ## Description Added Docker Build Cloud as a way to share image between GHA jobs ## Related issues or tickets ## Reviews - [ ] Technical review - [ ] Editorial review - [ ] Product review --- content/manuals/build/ci/github-actions/share-image-jobs.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/manuals/build/ci/github-actions/share-image-jobs.md b/content/manuals/build/ci/github-actions/share-image-jobs.md index 747dfe591bd7..0fb11c219575 100644 --- a/content/manuals/build/ci/github-actions/share-image-jobs.md +++ b/content/manuals/build/ci/github-actions/share-image-jobs.md @@ -7,6 +7,7 @@ keywords: ci, github actions, gha, buildkit, buildx As each job is isolated in its own runner, you can't use your built image between jobs, except if you're using [self-hosted runners](https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners) +or [Docker Build Cloud](/build-cloud). However, you can [pass data between jobs](https://docs.github.com/en/actions/using-workflows/storing-workflow-data-as-artifacts#passing-data-between-jobs-in-a-workflow) in a workflow using the [actions/upload-artifact](https://github.com/actions/upload-artifact) and [actions/download-artifact](https://github.com/actions/download-artifact) From 8db8f5f2edeac9f6a34dc30afb1c305a4b3dbad5 Mon Sep 17 00:00:00 2001 From: Nicolas Beck Date: Fri, 28 Feb 2025 12:42:08 +0100 Subject: [PATCH 3/3] Update Docker Build Cloud permissions table for the DSoP plans (#22128) ## Description Update Docker Build Cloud permissions table for the DSoP plans ## Related issues or tickets ## Reviews - [ ] Technical review - [ ] Editorial review - [ ] Product review --- content/manuals/build-cloud/_index.md | 2 +- .../manuals/security/for-admins/roles-and-permissions.md | 8 ++------ 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/content/manuals/build-cloud/_index.md b/content/manuals/build-cloud/_index.md index a9072b04a963..f07c4bc1ed4e 100644 --- a/content/manuals/build-cloud/_index.md +++ b/content/manuals/build-cloud/_index.md @@ -69,4 +69,4 @@ Once you've signed up and created a builder, continue by [setting up the builder in your local environment](./setup.md). For information about roles and permissions related to Docker Build Cloud, see -[Roles and Permissions](/manuals/security/for-admins/roles-and-permissions.md#docker-build-cloud). +[Roles and Permissions](/manuals/security/for-admins/roles-and-permissions.md#docker-build-cloud-permissions). diff --git a/content/manuals/security/for-admins/roles-and-permissions.md b/content/manuals/security/for-admins/roles-and-permissions.md index 7b5295b52597..f2464db71f09 100644 --- a/content/manuals/security/for-admins/roles-and-permissions.md +++ b/content/manuals/security/for-admins/roles-and-permissions.md @@ -110,12 +110,8 @@ The following table outlines Docker Build Cloud management permissions for membe | Permission | Member | Editor | Organization owner | | ---------------------------- | :----- | :----- | :----------------- | -| Sign up for starter plan | ✅ | ✅ | ✅ | -| Use a cloud builder | ✅ \* | ✅ \* | ✅ \* | -| Manage seat allocation | ✅ | ✅ | ✅ | +| Use a cloud builder | ✅ | ✅ | ✅ | | Create and remove builders | ✅ | ✅ | ✅ | -| Buy seats or reduce seat cap | ❌ | ❌ | ✅ | +| Configure builder settings | ✅ | ✅ | ✅ | | Buy minutes | ❌ | ❌ | ✅ | | Manage subscription | ❌ | ❌ | ✅ | - -_\* Requires a Docker Build Cloud seat allocation_