From f106b5bf140b79e5a60fcb62b89783a95930bfb7 Mon Sep 17 00:00:00 2001 From: lucasdpt Date: Thu, 12 Mar 2026 12:26:41 +0100 Subject: [PATCH] feat: initial commit --- .gitea/workflows/arm64-amd64.yaml | 165 ++++++++++++++++++++++++++++++ build-and-push/action.yaml | 137 +++++++++++++++++++++++++ create-image-manifest/action.yaml | 87 ++++++++++++++++ 3 files changed, 389 insertions(+) create mode 100644 .gitea/workflows/arm64-amd64.yaml create mode 100644 build-and-push/action.yaml create mode 100644 create-image-manifest/action.yaml diff --git a/.gitea/workflows/arm64-amd64.yaml b/.gitea/workflows/arm64-amd64.yaml new file mode 100644 index 0000000..648ed80 --- /dev/null +++ b/.gitea/workflows/arm64-amd64.yaml @@ -0,0 +1,165 @@ +name: Docker build and push + +on: + workflow_call: + inputs: + job-name: + description: 'Job name to use for maven build' + default: 'build' + type: string + oci-registry: + description: 'OCI registry to push the image to' + default: '' + type: string + repository: + description: | + Repository name. + Example: `my-org/my-repo`. + See [Docker get-image-metadata action](../get-image-metadata/README.md). + default: ${{ github.repository }} + type: string + image: + description: | + Additional image name. + Example: `application`. + See [Docker get-image-metadata action](../get-image-metadata/README.md). + type: string + tag: + description: "Image tag to publish" + type: string + context: + description: | + Build's context is the set of files located in the specified PATH or URL. + See https://github.com/docker/build-push-action#inputs. + type: string + default: "." + dockerfile: + description: | + Location of Dockerfile (defaults to Dockerfile). + See https://github.com/docker/build-push-action#inputs. + type: string + default: "Dockerfile" + build-args: + description: | + List of build-time variables. + See https://github.com/docker/build-push-action#inputs. + type: string + required: false + target: + description: | + Sets the target stage to build. + See https://github.com/docker/build-push-action#inputs. + type: string + required: false + secrets: + description: | + List of secrets to expose to the build. + See https://docs.docker.com/build/ci/github-actions/secrets/. + type: string + required: false + secret-envs: + description: | + List of secret environment variables to expose to the build (e.g., `key=envname, MY_SECRET=MY_ENV_VAR`). + See https://docs.docker.com/build/ci/github-actions/secrets/. + type: string + required: false + artifact-name: + description: 'Name of the artifact to download before build' + type: string + required: false + artifact-path: + description: 'Path where to extract the artifact' + type: string + default: '.' + required: false + secrets: + OCI_REGISTRY_USERNAME: + description: 'Username for the OCI registry' + required: true + OCI_REGISTRY_PASSWORD: + description: 'Password for the OCI registry' + required: true + +jobs: + # build-amd64: + # runs-on: ubuntu-latest + # outputs: + # digest: ${{ steps.build.outputs.digest }} + # steps: + # - name: Check out code + # uses: actions/checkout@v6 + + # - name: Download artifact + # if: ${{ inputs.artifact-name != '' }} + # uses: actions/download-artifact@v7 + # with: + # name: ${{ inputs.artifact-name }} + # path: ${{ inputs.artifact-path }} + + # - name: Docker build + # id: build + # uses: ./build-and-push + # with: + # oci-registry: ${{ inputs.oci-registry }} + # oci-registry-username: ${{ secrets.OCI_REGISTRY_USERNAME }} + # oci-registry-password: ${{ secrets.OCI_REGISTRY_PASSWORD }} + # repository: ${{ inputs.repository }} + # image: ${{ inputs.image }} + # tag: ${{ inputs.tag }} + # platform: linux/amd64 + # context: ${{ inputs.context }} + # dockerfile: ${{ inputs.dockerfile }} + # build-args: ${{ inputs.build-args }} + # target: ${{ inputs.target }} + # secrets: ${{ inputs.secrets }} + # secret-envs: ${{ inputs.secret-envs }} + # push-by-digest: true + + build-arm64: + runs-on: ubuntu-24.04-arm + outputs: + digest: ${{ steps.build.outputs.digest }} + steps: + - name: Check out code + uses: actions/checkout@v6 + + - name: Download artifact + if: ${{ inputs.artifact-name != '' }} + uses: actions/download-artifact@v7 + with: + name: ${{ inputs.artifact-name }} + path: ${{ inputs.artifact-path }} + + - name: Docker build + id: build + uses: ./build-and-push + with: + oci-registry: ${{ inputs.oci-registry }} + oci-registry-username: ${{ secrets.OCI_REGISTRY_USERNAME }} + oci-registry-password: ${{ secrets.OCI_REGISTRY_PASSWORD }} + repository: ${{ inputs.repository }} + image: ${{ inputs.image }} + tag: ${{ inputs.tag }} + platform: linux/arm64 + context: ${{ inputs.context }} + dockerfile: ${{ inputs.dockerfile }} + build-args: ${{ inputs.build-args }} + target: ${{ inputs.target }} + secrets: ${{ inputs.secrets }} + secret-envs: ${{ inputs.secret-envs }} + #push-by-digest: true + + # create-image-manifest: + # runs-on: ubuntu-latest + # needs: [build-amd64, build-arm64] + # steps: + # - name: Create Manifest + # uses: ./create-image-manifest + # with: + # oci-registry: ${{ inputs.oci-registry }} + # oci-registry-username: ${{ secrets.OCI_REGISTRY_USERNAME }} + # oci-registry-password: ${{ secrets.OCI_REGISTRY_PASSWORD }} + # repository: ${{ inputs.repository }} + # tag: ${{ inputs.tag }} + # image: ${{ inputs.image }} + # digests: ${{ needs.build-amd64.outputs.digest }},${{ needs.build-arm64.outputs.digest }} \ No newline at end of file diff --git a/build-and-push/action.yaml b/build-and-push/action.yaml new file mode 100644 index 0000000..302745a --- /dev/null +++ b/build-and-push/action.yaml @@ -0,0 +1,137 @@ +name: Build and push Docker images +description: Build and push Docker images with Buildx +author: zertus +branding: + icon: 'anchor' + color: 'blue' +inputs: + oci-registry: + description: "OCI registry where to pull and push images" + required: true + oci-registry-username: + description: | + Username used to log against the OCI registry. + See https://github.com/docker/login-action#usage. + required: true + oci-registry-password: + description: | + Password or personal access token used to log against the OCI registry. + Can be passed in using `secrets.GITHUB_TOKEN`. + See https://github.com/docker/login-action#usage. + required: true + repository: + description: | + Repository name. + Example: `my-org/my-repo`. + See [Docker get-image-metadata action](../get-image-metadata/README.md). + default: ${{ github.repository }} + required: false + image: + description: | + Additional image name. + Example: `application`. + See [Docker get-image-metadata action](../get-image-metadata/README.md). + required: false + tag: + description: "Image tag to publish" + required: false + platform: + description: | + Platform to build for. Example: `linux/amd64`. + See https://github.com/docker/build-push-action#inputs. + required: true + context: + description: | + Build's context is the set of files located in the specified PATH or URL. + See https://github.com/docker/build-push-action#inputs. + default: "." + required: false + dockerfile: + description: | + Location of Dockerfile (defaults to Dockerfile). + See https://github.com/docker/build-push-action#inputs. + default: "Dockerfile" + required: false + build-args: + description: | + List of build-time variables. + See https://github.com/docker/build-push-action#inputs. + required: false + target: + description: | + Sets the target stage to build. + See https://github.com/docker/build-push-action#inputs. + required: false + secrets: + description: | + List of secrets to expose to the build. + See https://docs.docker.com/build/ci/github-actions/secrets/. + required: false + secret-envs: + description: | + List of secret environment variables to expose to the build (e.g., `key=envname, MY_SECRET=MY_ENV_VAR`). + See https://docs.docker.com/build/ci/github-actions/secrets/. + required: false + push-by-digest: + default: "false" + description: | + Whether to push the image only when built by digest. + Useful for multi-platform builds. + required: false +outputs: + digest: + description: "The image digest" + value: ${{ steps.build.outputs.digest }} + image-name: + description: "The image name without tag" + value: ${{ steps.get-image-name.outputs.image-name }} + fqin: + description: "The fully qualified image name with tag" + value: ${{ steps.get-image-name.outputs.fully-qualified-image-name }} +runs: + using: "composite" + steps: + - id: get-image-name + shell: bash + run: | + IMAGE_NAME="${{ inputs.repository }}" + + if [ -n "${{ inputs.image }}" ]; then + IMAGE_NAME="${IMAGE_NAME}/${{ inputs.image }}" + fi + + IMAGE_NAME="${{ inputs.oci-registry }}/${IMAGE_NAME}" + + echo "image-name=$IMAGE_NAME" >> "$GITHUB_OUTPUT" + + if [ -n "${{ inputs.tag }}" ]; then + IMAGE_NAME="${IMAGE_NAME}:${{ inputs.tag }}" + fi + + echo "fully-qualified-image-name=$IMAGE_NAME" >> "$GITHUB_OUTPUT" + - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + with: + registry: ${{ inputs.oci-registry }} + username: ${{ inputs.oci-registry-username }} + password: ${{ inputs.oci-registry-password }} + - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 + id: setup-buildx + with: + version: v0.30.1 + driver-opts: | + image=moby/buildkit:v0.26.3 + - id: build + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + with: + context: ${{ inputs.context }} + file: ${{ inputs.dockerfile }} + build-args: ${{ inputs.build-args }} + target: ${{ inputs.target }} + secrets: ${{ inputs.secrets }} + secret-envs: ${{ inputs.secret-envs }} + platforms: ${{ inputs.platform }} + outputs: | + ${{ inputs.push-by-digest == 'true' && 'type=image,push-by-digest=true,name-canonical=true,push=true' || 'type=image,push=true' }} + tags: ${{ inputs.push-by-digest == 'true' && steps.get-image-name.outputs.image-name || steps.get-image-name.outputs.fully-qualified-image-name }} + provenance: false + sbom: false \ No newline at end of file diff --git a/create-image-manifest/action.yaml b/create-image-manifest/action.yaml new file mode 100644 index 0000000..69983b1 --- /dev/null +++ b/create-image-manifest/action.yaml @@ -0,0 +1,87 @@ +name: Docker Create image manifest +description: Build and push Docker images with Buildx +author: zertus +branding: + icon: 'anchor' + color: 'blue' +inputs: + oci-registry: + description: "OCI registry where to pull and push images" + required: true + oci-registry-username: + description: | + Username used to log against the OCI registry. + See https://github.com/docker/login-action#usage. + required: true + oci-registry-password: + description: | + Password or personal access token used to log against the OCI registry. + Can be passed in using `secrets.GITHUB_TOKEN`. + See https://github.com/docker/login-action#usage. + required: true + repository: + description: | + Repository name. + Example: `my-org/my-repo`. + See [Docker get-image-metadata action](../get-image-metadata/README.md). + default: ${{ github.repository }} + required: false + image: + description: | + Additional image name. + Example: `application`. + See [Docker get-image-metadata action](../get-image-metadata/README.md). + required: false + tag: + description: "Image tag to publish" + required: false + digests: + description: | + Comma-separated list of image digests to include in the manifest list. + Example: `sha256:abc123...,sha256:def456...`. + required: true +runs: + using: "composite" + steps: + - id: get-image-name + shell: bash + run: | + IMAGE_NAME="${{ inputs.repository }}" + + if [ -n "${{ inputs.image }}" ]; then + IMAGE_NAME="${IMAGE_NAME}/${{ inputs.image }}" + fi + + IMAGE_NAME="${{ inputs.oci-registry }}/${IMAGE_NAME}" + + echo "image-name=$IMAGE_NAME" >> "$GITHUB_OUTPUT" + + if [ -n "${{ inputs.tag }}" ]; then + IMAGE_NAME="${IMAGE_NAME}:${{ inputs.tag }}" + fi + + echo "fully-qualified-image-name=$IMAGE_NAME" >> "$GITHUB_OUTPUT" + - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + with: + registry: ${{ inputs.oci-registry }} + username: ${{ inputs.oci-registry-username }} + password: ${{ inputs.oci-registry-password }} + - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 + id: setup-buildx + with: + version: v0.30.1 + driver-opts: | + image=moby/buildkit:v0.26.3 + - id: create-image-manifest + shell: bash + run: | + BASE_IMAGE="${{ steps.get-image-name.outputs.image-name }}" + + SOURCES="" + IFS=',' read -ra ADDR <<< "${{ inputs.digests }}" + for digest in "${ADDR[@]}"; do + digest=$(echo "$digest" | xargs) + SOURCES="$SOURCES ${BASE_IMAGE}@${digest}" + done + + docker buildx imagetools create -t "${{ steps.get-image-name.outputs.fully-qualified-image-name }}" $SOURCES \ No newline at end of file