feat: CI/CD speed-up and cache improvements (#23) #48
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Push Docker Image | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| pull_request: | |
| branches: [ "main" ] | |
| workflow_dispatch: | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| # Job for AMD64 architecture - runs on all events | |
| build-amd64: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| id: buildx | |
| - name: Log in to the Container registry | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=sha,format=long | |
| - name: Build and push AMD64 Docker image | |
| id: build | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }}-amd64 | |
| labels: ${{ steps.meta.outputs.labels }} | |
| platforms: linux/amd64 | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| builder: ${{ steps.buildx.outputs.name }} | |
| outputs: type=image,name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true,push=${{ github.event_name != 'pull_request' }} | |
| - name: Export AMD64 digest | |
| if: github.event_name != 'pull_request' | |
| run: | | |
| mkdir -p /tmp/digests | |
| digest="${{ steps.build.outputs.digest }}" | |
| touch "/tmp/digests/${digest#sha256:}" | |
| echo "AMD64_DIGEST=${digest}" >> $GITHUB_ENV | |
| - name: Upload AMD64 digest | |
| if: github.event_name != 'pull_request' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: amd64-digest | |
| path: /tmp/digests/* | |
| if-no-files-found: error | |
| retention-days: 1 | |
| # Job for ARM64 architecture - only runs on main branch | |
| build-arm64: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| # Only run this job for pushes to main, not for PRs | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| id: buildx | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=ref,event=branch | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=sha,format=long | |
| - name: Build and push ARM64 Docker image | |
| id: build | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }}-arm64 | |
| labels: ${{ steps.meta.outputs.labels }} | |
| platforms: linux/arm64 | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| builder: ${{ steps.buildx.outputs.name }} | |
| outputs: type=image,name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true,push=true | |
| - name: Export ARM64 digest | |
| run: | | |
| mkdir -p /tmp/digests | |
| digest="${{ steps.build.outputs.digest }}" | |
| touch "/tmp/digests/${digest#sha256:}" | |
| echo "ARM64_DIGEST=${digest}" >> $GITHUB_ENV | |
| - name: Upload ARM64 digest | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: arm64-digest | |
| path: /tmp/digests/* | |
| if-no-files-found: error | |
| retention-days: 1 | |
| # Job to create multi-architecture manifest | |
| create-manifest: | |
| runs-on: ubuntu-latest | |
| needs: [build-amd64, build-arm64] | |
| # This job only runs if at least build-amd64 completed successfully | |
| # build-arm64 might be skipped for PRs, so we don't require it | |
| if: github.event_name != 'pull_request' && always() && needs.build-amd64.result == 'success' | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Download AMD64 digest | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: amd64-digest | |
| path: /tmp/digests/amd64 | |
| - name: Download ARM64 digest | |
| # Only try to download ARM64 digest if the job ran | |
| if: needs.build-arm64.result == 'success' | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: arm64-digest | |
| path: /tmp/digests/arm64 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=ref,event=branch | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=sha,format=long | |
| - name: Create manifest list and push | |
| run: | | |
| # Get the first tag from meta outputs | |
| FIRST_TAG=$(echo "${{ steps.meta.outputs.tags }}" | cut -d, -f1) | |
| # If ARM64 build was skipped, only use AMD64 digest | |
| if [ "${{ needs.build-arm64.result }}" != "success" ]; then | |
| AMD64_DIGEST=$(cat /tmp/digests/amd64/*) | |
| docker buildx imagetools create \ | |
| --tag ${FIRST_TAG} \ | |
| ${AMD64_DIGEST} | |
| else | |
| # Otherwise use both digests | |
| AMD64_DIGEST=$(cat /tmp/digests/amd64/*) | |
| ARM64_DIGEST=$(cat /tmp/digests/arm64/*) | |
| docker buildx imagetools create \ | |
| --tag ${FIRST_TAG} \ | |
| ${AMD64_DIGEST} ${ARM64_DIGEST} | |
| fi | |
| - name: Inspect image | |
| run: | | |
| FIRST_TAG=$(echo "${{ steps.meta.outputs.tags }}" | cut -d, -f1) | |
| docker buildx imagetools inspect ${FIRST_TAG} |