name: Reusable - Docker on: workflow_call: inputs: docker_file: default: docker/Dockerfile description: Dockerfile required: false type: string docker_repo: default: codexstorage/cs-codex-dist-tests description: DockerHub repository required: false type: string tag_latest: default: true description: Set latest tag for Docker images required: false type: boolean tag_sha: default: true description: Set Git short commit as Docker tag required: false type: boolean tag_suffix: default: '' description: Suffix for Docker images tag required: false type: string env: DOCKER_FILE: ${{ inputs.docker_file }} DOCKER_REPO: ${{ inputs.docker_repo }} TAG_LATEST: ${{ inputs.tag_latest }} TAG_SHA: ${{ inputs.tag_sha }} TAG_SUFFIX: ${{ inputs.tag_suffix }} jobs: # Build platform specific image build: strategy: fail-fast: true matrix: target: - os: linux arch: amd64 - os: linux arch: arm64 include: - target: os: linux arch: amd64 builder: ubuntu-22.04 - target: os: linux arch: arm64 builder: buildjet-4vcpu-ubuntu-2204-arm name: Build ${{ matrix.target.os }}/${{ matrix.target.arch }} runs-on: ${{ matrix.builder }} env: PLATFORM: ${{ format('{0}/{1}', 'linux', matrix.target.arch) }} steps: - name: Checkout uses: actions/checkout@v4 - name: Docker - Meta id: meta uses: docker/metadata-action@v5 with: images: ${{ env.DOCKER_REPO }} - name: Docker - Set up Buildx uses: docker/setup-buildx-action@v3 - name: Docker - Login to Docker Hub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Docker - Build and Push by digest id: build uses: docker/build-push-action@v5 with: context: . file: ${{ env.DOCKER_FILE }} platforms: ${{ env.PLATFORM }} push: true labels: ${{ steps.meta.outputs.labels }} outputs: type=image,name=${{ env.DOCKER_REPO }},push-by-digest=true,name-canonical=true,push=true - name: Docker - Export digest run: | mkdir -p /tmp/digests digest="${{ steps.build.outputs.digest }}" touch "/tmp/digests/${digest#sha256:}" - name: Docker - Upload digest uses: actions/upload-artifact@v4 with: name: digests-${{ matrix.target.arch }} path: /tmp/digests if-no-files-found: error retention-days: 1 # Publish multi-platform image publish: name: Publish multi-platform image runs-on: ubuntu-latest needs: build steps: - name: Docker - Variables run: | # Adjust custom suffix when set and if [[ -n "${{ env.TAG_SUFFIX }}" ]]; then echo "TAG_SUFFIX=-${{ env.TAG_SUFFIX }}" >>$GITHUB_ENV fi # Disable SHA tags on tagged release if [[ ${{ startsWith(github.ref, 'refs/tags/') }} == "true" ]]; then echo "TAG_SHA=false" >>$GITHUB_ENV fi # Handle latest and latest-custom using raw if [[ ${{ env.TAG_SHA }} == "false" ]]; then echo "TAG_LATEST=false" >>$GITHUB_ENV echo "TAG_RAW=true" >>$GITHUB_ENV if [[ -z "${{ env.TAG_SUFFIX }}" ]]; then echo "TAG_RAW_VALUE=latest" >>$GITHUB_ENV else echo "TAG_RAW_VALUE=latest-{{ env.TAG_SUFFIX }}" >>$GITHUB_ENV fi else echo "TAG_RAW=false" >>$GITHUB_ENV fi - name: Docker - Download digests uses: actions/download-artifact@v4 with: pattern: digests-* merge-multiple: true path: /tmp/digests - name: Docker - Set up Buildx uses: docker/setup-buildx-action@v3 - name: Docker - Meta id: meta uses: docker/metadata-action@v5 with: images: ${{ env.DOCKER_REPO }} flavor: | latest=${{ env.TAG_LATEST }} suffix=${{ env.TAG_SUFFIX }},onlatest=true tags: | type=semver,pattern={{version}} type=raw,enable=${{ env.TAG_RAW }},value=latest type=sha,enable=${{ env.TAG_SHA }} - name: Docker - Login to Docker Hub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Docker - Create manifest list and push working-directory: /tmp/digests run: | docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ $(printf '${{ env.DOCKER_REPO }}@sha256:%s ' *) - name: Docker - Inspect image run: | docker buildx imagetools inspect ${{ env.DOCKER_REPO }}:${{ steps.meta.outputs.version }}