forked from zyclonite/zerotier-docker
-
Notifications
You must be signed in to change notification settings - Fork 0
141 lines (124 loc) · 5.58 KB
/
multiarch.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
name: Multiarch build
on:
push:
branches:
- main
pull_request:
branches:
- main
release:
types:
- created
workflow_dispatch:
env:
IMAGE_NAME: zerotier
STORAGE_DRIVER: overlay
DOCKER_REGISTRY: docker://docker.io/derskythe
GHCR_REGISTRY: docker://ghcr.io/derskythe
jobs:
build:
name: Build images
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
platform: [
{name: "linux/amd64", tag: "amd64"},
{name: "linux/386", tag: "i386"},
{name: "linux/arm64/v8", tag: "arm64v8"},
{name: "linux/arm/v7", tag: "arm32v7"},
{name: "linux/arm/v6", tag: "arm32v6"},
{name: "linux/riscv64", tag: "riscv64"},
{name: "linux/ppc64le", tag: "ppc64le"},
{name: "linux/s390x", tag: "s390x"}
]
steps:
- name: Checkout zerotier-docker
uses: actions/checkout@v4
- name: Install qemu dependency
run: |
sudo apt-get update
sudo apt-get install -y qemu-user-static
- name: Build Image
run: buildah bud --platform ${{ matrix.platform.name }} --build-arg ALPINE_IMAGE=docker.io/alpine -f ./Dockerfile -t ${{ env.IMAGE_NAME }}:${{ matrix.platform.tag }} .
- name: Check images created
run: buildah images | grep '${{ env.IMAGE_NAME }}'
- name: Check image metadata
run: buildah inspect ${{ env.IMAGE_NAME }}:${{ matrix.platform.tag }} | jq ".OCIv1.architecture"
- name: Export image
run: podman save -o /tmp/image.tar ${{ env.IMAGE_NAME }}:${{ matrix.platform.tag }}
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: image-${{ matrix.platform.tag }}
path: /tmp/image.tar
push:
name: Publish images
runs-on: ubuntu-22.04
needs: build
environment: production
permissions:
id-token: write
packages: write
contents: read
attestations: write
steps:
- name: Download artifacts
uses: actions/download-artifact@v4
- name: Setup podman and buildah
uses: zyclonite/setup-podman@v1
- name: Import images
run: |
podman load -i ./image-amd64/image.tar
podman load -i ./image-i386/image.tar
podman load -i ./image-arm64v8/image.tar
podman load -i ./image-arm32v7/image.tar
podman load -i ./image-arm32v6/image.tar
podman load -i ./image-riscv64/image.tar
podman load -i ./image-ppc64le/image.tar
podman load -i ./image-s390x/image.tar
- name: Create multi-arch manifest
run: |
buildah manifest create ${{ env.IMAGE_NAME }}:latest
buildah manifest add --arch amd64 ${{ env.IMAGE_NAME }}:latest ${{ env.IMAGE_NAME }}:amd64
buildah manifest add --arch 386 ${{ env.IMAGE_NAME }}:latest ${{ env.IMAGE_NAME }}:i386
buildah manifest add --arch arm64 --variant v8 ${{ env.IMAGE_NAME }}:latest ${{ env.IMAGE_NAME }}:arm64v8
buildah manifest add --arch arm --variant v7 ${{ env.IMAGE_NAME }}:latest ${{ env.IMAGE_NAME }}:arm32v7
buildah manifest add --arch arm --variant v6 ${{ env.IMAGE_NAME }}:latest ${{ env.IMAGE_NAME }}:arm32v6
buildah manifest add --arch riscv64 ${{ env.IMAGE_NAME }}:latest ${{ env.IMAGE_NAME }}:riscv64
buildah manifest add --arch ppc64le ${{ env.IMAGE_NAME }}:latest ${{ env.IMAGE_NAME }}:ppc64le
buildah manifest add --arch s390x ${{ env.IMAGE_NAME }}:latest ${{ env.IMAGE_NAME }}:s390x
- name: Push unstable images
if: ${{ github.event_name == 'push' }}
run: |
buildah manifest push --all --format v2s2 --creds ${{ github.actor }}:${{ secrets.DOCKER_PASS }} ${{ env.IMAGE_NAME }}:latest ${{ env.DOCKER_REGISTRY }}/${{ env.IMAGE_NAME }}:main
buildah manifest push --all --creds ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} ${{ env.IMAGE_NAME }}:latest ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}:main
- name: Push stable images
if: ${{ github.event_name == 'release' }}
run: |
buildah manifest push --all --format v2s2 --creds ${{ github.actor }}:${{ secrets.DOCKER_PASS }} ${{ env.IMAGE_NAME }}:latest ${{ env.DOCKER_REGISTRY }}/${{ env.IMAGE_NAME }}:latest
buildah manifest push --all --format v2s2 --creds ${{ github.actor }}:${{ secrets.DOCKER_PASS }} ${{ env.IMAGE_NAME }}:latest ${{ env.DOCKER_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.event.release.tag_name }}
buildah manifest push --all --creds ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} ${{ env.IMAGE_NAME }}:latest ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}:latest
buildah manifest push --all --creds ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} ${{ env.IMAGE_NAME }}:latest ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.event.release.tag_name }}
- name: Generate SBOM
uses: anchore/sbom-action@v0
with:
image: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}:latest
format: 'cyclonedx-json'
output-file: 'sbom.cyclonedx.json'
- name: Attest
uses: actions/attest-sbom@v1
id: attest
with:
subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}
sbom-path: 'sbom.cyclonedx.json'
push-to-registry: true
router:
uses: ./.github/workflows/router.yml
needs: push
with:
tag: ${{ github.event.release.tag_name }}
event: ${{ github.event_name }}
secrets:
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }}