diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index cb10b99..05e6adc 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -7,10 +7,10 @@ jobs: env: CheckFiles: "bot.py musicbot/" steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Set up Python 3.10 - uses: actions/setup-python@v4.2.0 + uses: actions/setup-python@v4.5.0 with: python-version: 3.10.7 @@ -27,14 +27,14 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Set up Python 3.10 - uses: actions/setup-python@v4.2.0 + uses: actions/setup-python@v4.5.0 with: python-version: 3.10.7 - - name: Install dependencies + - name: Install dependencies run: | pip install pytest pip install -r requirements.txt @@ -45,57 +45,115 @@ jobs: build-and-push: needs: [lint, test] + strategy: + matrix: + architecture: [linux-arm-v7, linux-arm64, linux-amd64] runs-on: ubuntu-latest if: github.event_name != 'pull_request' && contains(github.ref, 'actions') != 'true' - env: - DOCKER_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2.1.0 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2.4.1 + with: + install: true + version: latest + driver-opts: image=moby/buildkit:master + + - name: Login to DockerHub + uses: docker/login-action@v2.1.0 + with: + username: roxedus + password: ${{ secrets.DOCKER_HUB_PASSWORD }} + + - name: Login to GitHub Container Registry + uses: docker/login-action@v2.1.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Create VARS - env: - _repo: rnorge/music - _username: roxedus - _ref: ${{github.ref}} id: vars run: | - echo "::set-output name=branch::$(echo ${_ref} | cut -d/ -f3)" - echo "::set-output name=username::$(echo ${_username} | cut -d/ -f1 | tr '[:upper:]' '[:lower:]')" - echo "::set-output name=repo::$(echo ${_repo} | tr '[:upper:]' '[:lower:]')" + echo "branch=$(echo ${{github.ref}} | cut -d/ -f3)" >> $GITHUB_OUTPUT + echo "repo=rnorge/music" >> $GITHUB_OUTPUT + echo "platform=${ARCHITECTURE//-/\/}" >> $GITHUB_OUTPUT + echo "ghcr=r-norge/shitemusicbot" >> $GITHUB_OUTPUT + echo "version=$(grep -i bot_version musicbot/utils/bot_version.py | cut -d" " -f3 | tr -d \")" >> $GITHUB_OUTPUT + + - name: Build and push + uses: docker/build-push-action@v4.0.0 + with: + push: true + attests: type=sbom,generator=docker/buildkit-syft-scanner + #sbom: true + provenance: true # https://github.com/docker/buildx/issues/1509 + platforms: ${{ steps.vars.outputs.platform }} + build-args: BUILDKIT_SBOM_SCAN_CONTEXT=true,BUILDKIT_SBOM_SCAN_STAGE=true + tags: | + ${{ steps.vars.outputs.repo }}:${{ steps.vars.outputs.branch }}-${{github.sha}}-${{ matrix.architecture }} + ghcr.io/${{ steps.vars.outputs.ghcr }}:${{ steps.vars.outputs.branch }}-${{github.sha}}-${{ matrix.architecture }} + + publish: + needs: [build-and-push] + runs-on: ubuntu-latest + if: github.event_name != 'pull_request' && contains(github.ref, 'actions') != 'true' - - name: Push changed files, and tags - if: github.ref == 'refs/heads/master' - uses: EndBug/add-and-commit@v4 + steps: + - uses: actions/checkout@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2.4.1 with: - add: musicbot/utils/bot_version.py - author_name: MarlinBotCode - message: Bump Version - tag: v${{ steps.tagger.outputs.tag }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + install: true + version: latest + driver-opts: image=moby/buildkit:master - - name: Build the Docker image - env: - REPO: ${{ steps.vars.outputs.repo }} - BRANCH: ${{ steps.vars.outputs.branch }} + - name: Login to DockerHub + uses: docker/login-action@v2.1.0 + with: + username: roxedus + password: ${{ secrets.DOCKER_HUB_PASSWORD }} + + - name: Login to GitHub Container Registry + uses: docker/login-action@v2.1.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Create VARS + id: vars run: | - docker build -t $REPO:$BRANCH -t $REPO:$BRANCH-${{github.sha}} . + echo "branch=$(echo ${{github.ref}} | cut -d/ -f3)" >> $GITHUB_OUTPUT + echo "repo=rnorge/music" >> $GITHUB_OUTPUT + echo "ghcr=r-norge/shitemusicbot" >> $GITHUB_OUTPUT + echo "version=$(grep -i bot_version musicbot/utils/bot_version.py | cut -d" " -f3 | tr -d \")" >> $GITHUB_OUTPUT - - name: Master tag - if: github.ref == 'refs/heads/master' + - name: Create manifests for DockerHub env: - REPO: ${{ steps.vars.outputs.repo }} - BRANCH: ${{ steps.vars.outputs.branch }} + DOCKER_CLI_EXPERIMENTAL: enabled run: | - docker tag $REPO:$BRANCH $REPO:${{ steps.tagger.outputs.tag }} - - - name: Login to registry - if: github.event_name != 'pull_request' - run: echo $DOCKER_PASSWORD | docker login -u ${{ steps.vars.outputs.username }} --password-stdin - - - name: Pushes the Docker image + IMAGE=${{ steps.vars.outputs.repo }} + TAG=${{ steps.vars.outputs.branch }}-${{github.sha}} + SOURCE=${IMAGE}:${TAG} + docker buildx imagetools create -t ${SOURCE} ${SOURCE}-linux-amd64 ${SOURCE}-linux-arm-v7 ${SOURCE}-linux-arm64 + if [[ ${GITHUB_REF//refs\/heads\//} == master ]]; then + docker buildx imagetools create -t ${IMAGE}:latest ${SOURCE}-linux-amd64 ${SOURCE}-linux-arm-v7 ${SOURCE}-linux-arm64 + fi + - name: Create manifests for GitHub Container Registry env: - REPO: ${{ steps.vars.outputs.repo }} - if: github.event_name != 'pull_request' - run: docker push -a $REPO + DOCKER_CLI_EXPERIMENTAL: enabled + run: | + IMAGE=ghcr.io/${{ steps.vars.outputs.ghcr }} + TAG=${{ steps.vars.outputs.branch }}-${{github.sha}} + SOURCE=${IMAGE}:${TAG} + docker buildx imagetools create -t ${SOURCE} ${SOURCE}-linux-amd64 ${SOURCE}-linux-arm-v7 ${SOURCE}-linux-arm64 + if [[ ${GITHUB_REF//refs\/heads\//} == master ]]; then + docker buildx imagetools create -t ${IMAGE}:latest ${SOURCE}-linux-amd64 ${SOURCE}-linux-arm-v7 ${SOURCE}-linux-arm64 + fi