From e03100a059f86270d1d5c7a73def3bf77b22c80b Mon Sep 17 00:00:00 2001 From: Xuan Hu Date: Tue, 7 May 2024 01:33:49 +0000 Subject: [PATCH 1/3] ci: unify docker behavior --- .github/workflows/devcontainer.yml | 36 +++++++---------- .github/workflows/release.yml | 65 +++++++++++++----------------- 2 files changed, 42 insertions(+), 59 deletions(-) diff --git a/.github/workflows/devcontainer.yml b/.github/workflows/devcontainer.yml index e1fea79c..7c21e452 100644 --- a/.github/workflows/devcontainer.yml +++ b/.github/workflows/devcontainer.yml @@ -8,27 +8,21 @@ jobs: packages: write runs-on: ubuntu-22.04 steps: - - uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 - - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 - with: - password: ${{ secrets.GITHUB_TOKEN }} - registry: ghcr.io - username: ${{ github.actor }} - - name: Build and push dev container - env: - SOURCE_DATE_EPOCH: 0 - uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 - with: - build-args: | - PYTHON_VERSION=${{ matrix.python-version }} - cache-from: type=registry,ref=ghcr.io/${{ github.repository }}/dev-cache:py${{ matrix.python-version }} - cache-to: type=registry,ref=ghcr.io/${{ github.repository }}/dev-cache:py${{ matrix.python-version }},mode=max - file: .devcontainer/Dockerfile - provenance: false - push: true - tags: | - ghcr.io/${{ github.repository }}/dev:py${{ matrix.python-version }} - target: dev + - run: docker login -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} ghcr.io + - run: | + docker context create builder + docker buildx create builder --name container --driver docker-container --use + docker buildx inspect --bootstrap --builder container + - run: | + docker buildx build . \ + --build-arg PYTHON_VERSION=${{ matrix.python-version }} \ + --cache-from type=registry,ref=ghcr.io/${{ github.repository }}/dev-cache:py${{ matrix.python-version }} \ + --cache-to type=registry,ref=ghcr.io/${{ github.repository }}/dev-cache:py${{ matrix.python-version }},mode=max \ + --file .devcontainer/Dockerfile \ + --provenance false \ + --push \ + --tag ghcr.io/${{ github.repository }}/dev:py${{ matrix.python-version }} \ + --target dev strategy: matrix: python-version: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d29b029a..86ad8c7f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -59,44 +59,33 @@ jobs: packages: write runs-on: ubuntu-22.04 steps: - - uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 - - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 - with: - password: ${{ secrets.GITHUB_TOKEN }} - registry: ghcr.io - username: ${{ github.actor }} - - name: Build and push dev container - env: - SOURCE_DATE_EPOCH: 0 - uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 - with: - build-args: | - PYTHON_VERSION=${{ matrix.python-version }} - cache-from: type=registry,ref=ghcr.io/${{ github.repository }}/dev-cache:py${{ matrix.python-version }} - cache-to: type=registry,ref=ghcr.io/${{ github.repository }}/dev-cache:py${{ matrix.python-version }},mode=max - file: .devcontainer/Dockerfile - provenance: false - push: true - tags: | - ghcr.io/${{ github.repository }}/dev:py${{ matrix.python-version }} - ghcr.io/${{ github.repository }}/dev:py${{ matrix.python-version }}-${{ github.ref_name }} - target: dev - - name: Build and push prod container - env: - SOURCE_DATE_EPOCH: 0 - uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 - with: - build-args: | - PYTHON_VERSION=${{ matrix.python-version }} - PDM_BUILD_SCM_VERSION=${{ github.ref_name }} - cache-from: type=registry,ref=ghcr.io/${{ github.repository }}/dev-cache:py${{ matrix.python-version }} - file: .devcontainer/Dockerfile - provenance: false - push: true - tags: | - ghcr.io/${{ github.repository }}:py${{ matrix.python-version }} - ghcr.io/${{ github.repository }}:py${{ matrix.python-version }}-${{ github.ref_name }} - target: prod + - run: docker login -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} ghcr.io + - run: | + docker context create builder + docker buildx create builder --name container --driver docker-container --use + docker buildx inspect --bootstrap --builder container + - run: | + docker buildx build . \ + --build-arg PYTHON_VERSION=${{ matrix.python-version }} \ + --cache-from type=registry,ref=ghcr.io/${{ github.repository }}/dev-cache:py${{ matrix.python-version }} \ + --cache-to type=registry,ref=ghcr.io/${{ github.repository }}/dev-cache:py${{ matrix.python-version }},mode=max \ + --file .devcontainer/Dockerfile \ + --provenance false \ + --push \ + --tag ghcr.io/${{ github.repository }}/dev:py${{ matrix.python-version }} \ + --tag ghcr.io/${{ github.repository }}/dev:py${{ matrix.python-version }}-${{ github.ref_name }} \ + --target dev + - run: | + docker buildx build . \ + --build-arg PDM_BUILD_SCM_VERSION=${{ github.ref_name }} \ + --build-arg PYTHON_VERSION=${{ matrix.python-version }} \ + --cache-from type=registry,ref=ghcr.io/${{ github.repository }}/dev-cache:py${{ matrix.python-version }} \ + --file .devcontainer/Dockerfile \ + --provenance false \ + --push \ + --tag ghcr.io/${{ github.repository }}:py${{ matrix.python-version }} \ + --tag ghcr.io/${{ github.repository }}:py${{ matrix.python-version }}-${{ github.ref_name }} \ + --target prod strategy: matrix: python-version: From dc6011173c35f8e95d6a07d33a3d7527d117e92b Mon Sep 17 00:00:00 2001 From: Xuan Hu Date: Tue, 7 May 2024 01:36:27 +0000 Subject: [PATCH 2/3] update template --- .../workflows/devcontainer.yml.jinja | 36 +++++----- .../workflows/release.yml.jinja | 65 ++++++++----------- 2 files changed, 42 insertions(+), 59 deletions(-) diff --git a/template/[% if repo_host_type == 'github.com' %].github[% endif %]/workflows/devcontainer.yml.jinja b/template/[% if repo_host_type == 'github.com' %].github[% endif %]/workflows/devcontainer.yml.jinja index 79818440..31d3ac66 100644 --- a/template/[% if repo_host_type == 'github.com' %].github[% endif %]/workflows/devcontainer.yml.jinja +++ b/template/[% if repo_host_type == 'github.com' %].github[% endif %]/workflows/devcontainer.yml.jinja @@ -9,27 +9,21 @@ jobs: packages: write runs-on: ubuntu-22.04 steps: - - uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 - - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 - with: - password: {{ '${{ secrets.GITHUB_TOKEN }}' }} - registry: ghcr.io - username: {{ '${{ github.actor }}' }} - - name: Build and push dev container - env: - SOURCE_DATE_EPOCH: 0 - uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 - with: - build-args: | - PYTHON_VERSION={{ '${{ matrix.python-version }}' }} - cache-from: type=registry,ref=ghcr.io/{{ '${{ github.repository }}' }}/dev-cache:py{{ '${{ matrix.python-version }}' }} - cache-to: type=registry,ref=ghcr.io/{{ '${{ github.repository }}' }}/dev-cache:py{{ '${{ matrix.python-version }}' }},mode=max - file: .devcontainer/Dockerfile - provenance: false - push: true - tags: | - ghcr.io/{{ '${{ github.repository }}' }}/dev:py{{ '${{ matrix.python-version }}' }} - target: dev + - run: docker login -u {{ '${{ github.actor }}' }} -p {{ '${{ secrets.GITHUB_TOKEN }}' }} ghcr.io + - run: | + docker context create builder + docker buildx create builder --name container --driver docker-container --use + docker buildx inspect --bootstrap --builder container + - run: | + docker buildx build . \ + --build-arg PYTHON_VERSION={{ '${{ matrix.python-version }}' }} \ + --cache-from type=registry,ref=ghcr.io/{{ '${{ github.repository }}' }}/dev-cache:py{{ '${{ matrix.python-version }}' }} \ + --cache-to type=registry,ref=ghcr.io/{{ '${{ github.repository }}' }}/dev-cache:py{{ '${{ matrix.python-version }}' }},mode=max \ + --file .devcontainer/Dockerfile \ + --provenance false \ + --push \ + --tag ghcr.io/{{ '${{ github.repository }}' }}/dev:py{{ '${{ matrix.python-version }}' }} \ + --target dev strategy: matrix: python-version: diff --git a/template/[% if repo_host_type == 'github.com' %].github[% endif %]/workflows/release.yml.jinja b/template/[% if repo_host_type == 'github.com' %].github[% endif %]/workflows/release.yml.jinja index 703a1cfe..6a386d9d 100644 --- a/template/[% if repo_host_type == 'github.com' %].github[% endif %]/workflows/release.yml.jinja +++ b/template/[% if repo_host_type == 'github.com' %].github[% endif %]/workflows/release.yml.jinja @@ -60,44 +60,33 @@ jobs: packages: write runs-on: ubuntu-22.04 steps: - - uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 - - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 - with: - password: {{ '${{ secrets.GITHUB_TOKEN }}' }} - registry: ghcr.io - username: {{ '${{ github.actor }}' }} - - name: Build and push dev container - env: - SOURCE_DATE_EPOCH: 0 - uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 - with: - build-args: | - PYTHON_VERSION={{ '${{ matrix.python-version }}' }} - cache-from: type=registry,ref=ghcr.io/{{ '${{ github.repository }}' }}/dev-cache:py{{ '${{ matrix.python-version }}' }} - cache-to: type=registry,ref=ghcr.io/{{ '${{ github.repository }}' }}/dev-cache:py{{ '${{ matrix.python-version }}' }},mode=max - file: .devcontainer/Dockerfile - provenance: false - push: true - tags: | - ghcr.io/{{ '${{ github.repository }}' }}/dev:py{{ '${{ matrix.python-version }}' }} - ghcr.io/{{ '${{ github.repository }}' }}/dev:py{{ '${{ matrix.python-version }}' }}-{{ '${{ github.ref_name }}' }} - target: dev - - name: Build and push prod container - env: - SOURCE_DATE_EPOCH: 0 - uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 - with: - build-args: | - PYTHON_VERSION={{ '${{ matrix.python-version }}' }} - PDM_BUILD_SCM_VERSION={{ '${{ github.ref_name }}' }} - cache-from: type=registry,ref=ghcr.io/{{ '${{ github.repository }}' }}/dev-cache:py{{ '${{ matrix.python-version }}' }} - file: .devcontainer/Dockerfile - provenance: false - push: true - tags: | - ghcr.io/{{ '${{ github.repository }}' }}:py{{ '${{ matrix.python-version }}' }} - ghcr.io/{{ '${{ github.repository }}' }}:py{{ '${{ matrix.python-version }}' }}-{{ '${{ github.ref_name }}' }} - target: prod + - run: docker login -u {{ '${{ github.actor }}' }} -p {{ '${{ secrets.GITHUB_TOKEN }}' }} ghcr.io + - run: | + docker context create builder + docker buildx create builder --name container --driver docker-container --use + docker buildx inspect --bootstrap --builder container + - run: | + docker buildx build . \ + --build-arg PYTHON_VERSION={{ '${{ matrix.python-version }}' }} \ + --cache-from type=registry,ref=ghcr.io/{{ '${{ github.repository }}' }}/dev-cache:py{{ '${{ matrix.python-version }}' }} \ + --cache-to type=registry,ref=ghcr.io/{{ '${{ github.repository }}' }}/dev-cache:py{{ '${{ matrix.python-version }}' }},mode=max \ + --file .devcontainer/Dockerfile \ + --provenance false \ + --push \ + --tag ghcr.io/{{ '${{ github.repository }}' }}/dev:py{{ '${{ matrix.python-version }}' }} \ + --tag ghcr.io/{{ '${{ github.repository }}' }}/dev:py{{ '${{ matrix.python-version }}' }}-{{ '${{ github.ref_name }}' }} \ + --target dev + - run: | + docker buildx build . \ + --build-arg PDM_BUILD_SCM_VERSION={{ '${{ github.ref_name }}' }} \ + --build-arg PYTHON_VERSION={{ '${{ matrix.python-version }}' }} \ + --cache-from type=registry,ref=ghcr.io/{{ '${{ github.repository }}' }}/dev-cache:py{{ '${{ matrix.python-version }}' }} \ + --file .devcontainer/Dockerfile \ + --provenance false \ + --push \ + --tag ghcr.io/{{ '${{ github.repository }}' }}:py{{ '${{ matrix.python-version }}' }} \ + --tag ghcr.io/{{ '${{ github.repository }}' }}:py{{ '${{ matrix.python-version }}' }}-{{ '${{ github.ref_name }}' }} \ + --target prod strategy: matrix: python-version: From cb14ad8ffba5bb36460a34a9e6dffad3e7ad05d1 Mon Sep 17 00:00:00 2001 From: Xuan Hu Date: Tue, 7 May 2024 02:04:48 +0000 Subject: [PATCH 3/3] checkout code manually --- .github/workflows/devcontainer.yml | 1 + .github/workflows/release.yml | 1 + .../workflows/devcontainer.yml.jinja | 1 + .../workflows/release.yml.jinja | 1 + 4 files changed, 4 insertions(+) diff --git a/.github/workflows/devcontainer.yml b/.github/workflows/devcontainer.yml index 7c21e452..bb29be2c 100644 --- a/.github/workflows/devcontainer.yml +++ b/.github/workflows/devcontainer.yml @@ -8,6 +8,7 @@ jobs: packages: write runs-on: ubuntu-22.04 steps: + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - run: docker login -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} ghcr.io - run: | docker context create builder diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 86ad8c7f..4b01a2c0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -59,6 +59,7 @@ jobs: packages: write runs-on: ubuntu-22.04 steps: + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - run: docker login -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} ghcr.io - run: | docker context create builder diff --git a/template/[% if repo_host_type == 'github.com' %].github[% endif %]/workflows/devcontainer.yml.jinja b/template/[% if repo_host_type == 'github.com' %].github[% endif %]/workflows/devcontainer.yml.jinja index 31d3ac66..5bb5a774 100644 --- a/template/[% if repo_host_type == 'github.com' %].github[% endif %]/workflows/devcontainer.yml.jinja +++ b/template/[% if repo_host_type == 'github.com' %].github[% endif %]/workflows/devcontainer.yml.jinja @@ -9,6 +9,7 @@ jobs: packages: write runs-on: ubuntu-22.04 steps: + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - run: docker login -u {{ '${{ github.actor }}' }} -p {{ '${{ secrets.GITHUB_TOKEN }}' }} ghcr.io - run: | docker context create builder diff --git a/template/[% if repo_host_type == 'github.com' %].github[% endif %]/workflows/release.yml.jinja b/template/[% if repo_host_type == 'github.com' %].github[% endif %]/workflows/release.yml.jinja index 6a386d9d..67f7f14a 100644 --- a/template/[% if repo_host_type == 'github.com' %].github[% endif %]/workflows/release.yml.jinja +++ b/template/[% if repo_host_type == 'github.com' %].github[% endif %]/workflows/release.yml.jinja @@ -60,6 +60,7 @@ jobs: packages: write runs-on: ubuntu-22.04 steps: + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - run: docker login -u {{ '${{ github.actor }}' }} -p {{ '${{ secrets.GITHUB_TOKEN }}' }} ghcr.io - run: | docker context create builder