name: Docker
on:
pull_request:
release:
types: [created]
permissions:
contents: read
packages: write
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository_owner }}/fynd
jobs:
build:
name: Build Docker image (${{ matrix.platform }})
runs-on: ${{ matrix.runner }}
timeout-minutes: 30
strategy:
matrix:
include:
- platform: linux/amd64
runner: ubuntu-latest
- platform: linux/arm64
runner: ubuntu-24.04-arm
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd
- name: Log in to GitHub Container Registry
if: github.event_name == 'release'
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Docker metadata
id: meta
uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Build and push digest
id: build
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 with:
context: .
platforms: ${{ matrix.platform }}
push: ${{ github.event_name == 'release' }}
labels: ${{ steps.meta.outputs.labels }}
outputs: type=image,push-by-digest=true,name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }},push=${{ github.event_name == 'release' }}
cache-from: type=gha,scope=${{ matrix.platform }}
cache-to: type=gha,mode=max,scope=${{ matrix.platform }}
- name: Export digest
if: github.event_name == 'release'
run: |
mkdir -p /tmp/digests
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
- name: Upload digest
if: github.event_name == 'release'
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 with:
name: digest-${{ matrix.runner }}
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1
merge:
name: Merge multi-arch manifest
runs-on: ubuntu-latest
timeout-minutes: 10
needs: build
if: github.event_name == 'release'
steps:
- name: Download digests
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 with:
path: /tmp/digests
pattern: digest-*
merge-multiple: true
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd
- name: Log in to GitHub Container Registry
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Docker metadata
id: meta
uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=raw,value=latest
type=sha,prefix=sha-
- name: Create and push manifest
working-directory: /tmp/digests
run: |
# shellcheck disable=SC2046
# Word splitting is intentional: expands "-t tag1 -t tag2 ..." and each digest as separate args.
docker buildx imagetools create \
$(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s ' *)