Skip to content

Commit

Permalink
[PIMINT-171] Restructure image cleanup
Browse files Browse the repository at this point in the history
  • Loading branch information
@astehlik
astehlik committed Jul 16, 2024
1 parent bbfa933 commit c5ce3f1
Show file tree
Hide file tree
Showing 3 changed files with 84 additions and 35 deletions.
67 changes: 42 additions & 25 deletions .github/workflows/build-and-push-image.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,19 +3,33 @@ name: 'Build and push image'
on:
workflow_call:
inputs:
php_image:
image_registry:
type: string
description: 'PHP image type'
description: 'Image registry'
required: true
php_version:
image_url_path:
type: string
description: 'PHP version'
description: 'Image registry'
required: true
image_identifier:
type: string
description: 'Image identifier'
required: true
image_name:
type: string
description: 'Image name'
required: true
image_tag:
type: string
description: 'Image tag'
required: true
image_directory:
type: string
description: 'Image directory'
required: true

env:
REGISTRY: ghcr.io
# Hardcode for now to get it in lowercase format.
REGISTRY_IMAGE: ghcr.io/basecom/pimcore-docker-image/php
REGISTRY_IMAGE: ${{ inputs.image_registry }}/${{ inputs.image_url_path }}/${{ inputs.image_name }}

jobs:
build-and-push-php:
Expand All @@ -41,10 +55,10 @@ jobs:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Log into registry ${{ env.REGISTRY }}
- name: Log into registry ${{ inputs.image_registry }}
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
registry: ${{ inputs.image_registry }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

Expand All @@ -53,31 +67,34 @@ jobs:
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY_IMAGE }}
tags: ${{ inputs.php_version }}-${{ inputs.php_image }}-pimcore
tags: ${{ inputs.image_tag }}

- name: Build and push by digest
id: build
uses: docker/build-push-action@v6
with:
context: dist/images/php/${{ steps.meta.outputs.version }}
context: ${{ inputs.image_directory }}
platforms: ${{ matrix.architecture.platform }}
labels: ${{ steps.meta.outputs.labels }}
outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true
cache-from: type=gha,scope=php-${{inputs.php_image}}-${{ inputs.php_version }}-${{ matrix.architecture.identifier }}
cache-to: type=gha,mode=max,scope=php-${{inputs.php_image}}-${{ inputs.php_version }}-${{ matrix.architecture.identifier }}
cache-from: type=gha,scope=${{ inputs.image_identifier }}-${{ matrix.architecture.identifier }}
cache-to: type=gha,mode=max,scope=${{ inputs.image_identifier }}-${{ matrix.architecture.identifier }}
github-token: ${{ secrets.GITHUB_TOKEN }}

- name: Export digest
- name: Export digest and tag
run: |
mkdir -p /tmp/digests
mkdir -p /tmp/build-metadata//digests
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
touch "/tmp/build-metadata/digests/${digest#sha256:}"
mkdir -p /tmp/build-metadata/image-tags/${{ inputs.image_name }}
touch /tmp/build-metadata/image-tags/${{ inputs.image_name }}/${{ inputs.image_tag }}
- name: Upload digest
- name: Upload build metadata
uses: actions/upload-artifact@v4
with:
name: digests-${{inputs.php_image}}-${{ inputs.php_version }}-${{ matrix.architecture.identifier }}
path: /tmp/digests/*
name: build-metadata-${{ inputs.image_identifier }}-${{ matrix.architecture.identifier }}
path: /tmp/build-metadata/*
if-no-files-found: error
retention-days: 1

Expand All @@ -97,17 +114,17 @@ jobs:
- name: Download digests
uses: actions/download-artifact@v4
with:
path: /tmp/digests
pattern: digests-*
path: /tmp/build-metadata
pattern: build-metadata-${{ inputs.image_identifier }}-*
merge-multiple: true

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Log into registry ${{ env.REGISTRY }}
- name: Log into registry ${{ inputs.image_registry }}
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
registry: ${{ inputs.image_registry }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

Expand All @@ -116,10 +133,10 @@ jobs:
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY_IMAGE }}
tags: ${{ inputs.php_version }}-${{ inputs.php_image }}-pimcore
tags: ${{ inputs.image_tag }}

- name: Create manifest list and push
working-directory: /tmp/digests
working-directory: /tmp/build-metadata/digests
run: |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)
Expand Down
19 changes: 14 additions & 5 deletions .github/workflows/build-and-push.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ on:
push:
branches:
- main
- gh-build
# Rebuild every other day
schedule:
- cron: '0 0 */2 * *'
Expand All @@ -12,9 +13,6 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

env:
REGISTRY: ghcr.io

jobs:
build-and-push-php:
name: Build and push PHP
Expand All @@ -29,5 +27,16 @@ jobs:
- fpm
uses: ./.github/workflows/build-and-push-image.yaml
with:
php_version: ${{ matrix.php_version }}
php_image: ${{ matrix.php_image }}
image_identifier: "php-${{ matrix.php_image }}-${{ matrix.php_version }}"
image_registry: ghcr.io
image_url_path: basecom/pimcore-docker-image
image_name: php
image_tag: ${{ matrix.php_version }}-${{ matrix.php_image }}-pimcore
image_directory: dist/images/php/${{ matrix.php_version }}-${{ matrix.php_image }}-pimcore

clean:
name: Cleanup registry
uses: ./.github/workflows/docker-registry-cleanup.yaml
with:
image_registry: ghcr.io
image_url_path: basecom/pimcore-docker-image
33 changes: 28 additions & 5 deletions .github/workflows/docker-registry-cleanup.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,15 @@ name: 'Cleanup Docker registry'

on:
workflow_call:
workflow_dispatch:
push:
branches:
- gh-build
inputs:
image_registry:
type: string
description: 'Image registry'
required: true
image_url_path:
type: string
description: 'Image registry'
required: true

env:
REGISTRY: ghcr.io
Expand All @@ -21,6 +26,13 @@ jobs:
packages: write
id-token: write
steps:
- name: Download digests
uses: actions/download-artifact@v4
with:
path: /tmp/build-metadata
pattern: build-metadata-*
merge-multiple: true

- name: Log into registry ${{ env.REGISTRY }}
uses: docker/login-action@v3
with:
Expand All @@ -31,14 +43,25 @@ jobs:
- name: Fetch multi-platform package version SHAs
id: multi-arch-digests
run: |
digests=""
imageNames=""
for imageName in /tmp/build-metadata/image-tags/*; do
for imageTag in /tmp/build-metadata/image-tags/"${imageName}"/*; do
imageUrl="${{ inputs.image_registry }}/${{ inputs.image_url_path }}/${imageName}:${imageTag}"
imageDigests=$(docker manifest inspect ${imageUrl} | jq -r '.manifests.[] | .digest' | paste -s -d ' ' -)
imageNames="$images $imageName"
digests="$digests $imageDigests"
done
done
digests=$(docker manifest inspect ${{ env.REGISTRY_IMAGE }} | jq -r '.manifests.[] | .digest' | paste -s -d ' ' -)
echo "multi-arch-digests=$digests" >> $GITHUB_OUTPUT
echo "image-names=$imageNames" >> $GITHUB_OUTPUT
- uses: snok/[email protected]
with:
account: basecom
token: ${{ secrets.GITHUB_TOKEN }}
image-names: php
image-names: ${{ steps.multi-arch-digests.outputs.image-names }}
cut-off: 0s
tag-selection: untagged
dry-run: true
Expand Down

0 comments on commit c5ce3f1

Please sign in to comment.