Deploy #17
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy | |
| on: | |
| push: | |
| branches: [main] | |
| schedule: | |
| - cron: "0 00,12 * * *" # Twice a day | |
| workflow_dispatch: | |
| inputs: | |
| force: | |
| description: Force rebuild and republish all image tags | |
| required: false | |
| default: true | |
| type: boolean | |
| env: | |
| IMAGE_NAME: ${{ vars.IMAGE_NAME || 'nikolaik/python-nodejs' }} | |
| jobs: | |
| generate-matrix: | |
| name: Generate build matrix | |
| runs-on: ubuntu-latest | |
| needs: [test] | |
| outputs: | |
| version_matrix: ${{ steps.set-matrix.outputs.matrix }} | |
| arch_matrix: ${{ steps.set-matrix.outputs.arch_matrix }} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| fetch-depth: 2 | |
| - uses: astral-sh/setup-uv@e06108dd0aef18192324c70427afc47652e63a82 # v7 | |
| with: | |
| enable-cache: true | |
| - name: Generate build matrix | |
| id: set-matrix | |
| run: | | |
| FORCE=$(if [[ "${{ github.event_name }}" == "workflow_dispatch" && "${{ inputs.force }}" == "true" ]]; then echo "--force"; elif git log --pretty=format:"%s" HEAD^..HEAD | grep -q '\[force\]'; then echo "--force"; else echo ""; fi) | |
| uv run dpn $FORCE build-matrix --event ${{ github.event_name }} | |
| build-arch: | |
| name: ${{ matrix.key }} (${{ matrix.arch }}) | |
| runs-on: ${{ matrix.runner }} | |
| if: needs.generate-matrix.outputs.arch_matrix != '' | |
| needs: [generate-matrix] | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{ fromJSON(needs.generate-matrix.outputs.arch_matrix) }} | |
| steps: | |
| # Setup | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| - uses: astral-sh/setup-uv@e06108dd0aef18192324c70427afc47652e63a82 # v7 | |
| with: | |
| enable-cache: true | |
| - name: Generate Dockerfile from config | |
| run: | | |
| context="$(echo '${{ toJSON(matrix) }}' | jq -c '{key, python, python_canonical, python_image, nodejs, nodejs_canonical, distro, platforms, digest}')" | |
| uv run dpn dockerfile --context "${context}" | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 | |
| # Build | |
| - name: Build image | |
| uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 | |
| with: | |
| context: . | |
| file: dockerfiles/${{ matrix.key }}.Dockerfile | |
| platforms: ${{ matrix.platform }} | |
| load: true | |
| tags: ${{ env.IMAGE_NAME }}:${{ matrix.key }}-${{ matrix.arch }} | |
| # Test | |
| - name: Run smoke tests | |
| run: | | |
| docker run --rm ${{ env.IMAGE_NAME }}:${{ matrix.key }}-${{ matrix.arch }} sh -c "node --version && npm --version && yarn --version && python --version && pip --version && pipenv --version && poetry --version && uv --version" | |
| # Push | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Push image | |
| run: docker push "${IMAGE_NAME}:${{ matrix.key }}-${{ matrix.arch }}" | |
| deploy: | |
| name: Publish ${{ matrix.key }} | |
| runs-on: ubuntu-latest | |
| if: needs.generate-matrix.outputs.version_matrix != '' | |
| needs: [generate-matrix, build-arch] | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{ fromJSON(needs.generate-matrix.outputs.version_matrix) }} | |
| steps: | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Publish multi-arch manifest | |
| run: | | |
| tags=("${IMAGE_NAME}:${{ matrix.key }}-amd64") | |
| if echo '${{ toJSON(matrix.platforms) }}' | jq -e '.[] == "linux/arm64"' > /dev/null; then | |
| tags+=("${IMAGE_NAME}:${{ matrix.key }}-arm64") | |
| fi | |
| docker buildx imagetools create --tag "${IMAGE_NAME}:${{ matrix.key }}" "${tags[@]}" | |
| - name: Add digest to build context | |
| run: | | |
| mkdir builds/ | |
| digest="$(docker buildx imagetools inspect "${IMAGE_NAME}:${{ matrix.key }}" | awk '/^Digest:/ {print $2}')" | |
| echo '${{ toJSON(matrix) }}' | jq --arg digest "$digest" '. +={"digest": $digest}' >> "builds/${{ matrix.key }}.json" | |
| - name: Upload build context | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| with: | |
| name: build-${{ matrix.key }} | |
| path: builds/* | |
| if-no-files-found: error | |
| retention-days: 1 | |
| tag-latest: | |
| name: Point latest at canonical build | |
| runs-on: ubuntu-latest | |
| needs: [deploy] | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| - uses: astral-sh/setup-uv@e06108dd0aef18192324c70427afc47652e63a82 # v7 | |
| with: | |
| enable-cache: true | |
| - name: Download metadata for builds | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 | |
| with: | |
| path: builds | |
| pattern: build-* | |
| merge-multiple: true | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Point latest to canonical image | |
| run: | | |
| latest_tag="$(uv run dpn latest-key --builds-dir builds/)" | |
| docker buildx imagetools create --tag "${IMAGE_NAME}:latest" "${IMAGE_NAME}:${latest_tag}" | |
| release: | |
| name: Update versions.json and README.md | |
| runs-on: ubuntu-latest | |
| needs: [deploy, tag-latest] | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| - uses: astral-sh/setup-uv@e06108dd0aef18192324c70427afc47652e63a82 # v7 | |
| with: | |
| enable-cache: true | |
| - name: Download metadata for builds | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 | |
| with: | |
| path: builds | |
| pattern: build-* | |
| merge-multiple: true | |
| - name: Update versions.json and README.md, then commit and push changes (if any) | |
| run: | | |
| uv run dpn --verbose release --builds-dir builds/ | |
| clean_checkout=$(git status --porcelain) | |
| if [[ -n "${clean_checkout}" ]]; then | |
| git config --global user.name "Nikolai Kristiansen" > /dev/null 2>&1 | |
| git config --global user.email nikolaik@users.noreply.github.com > /dev/null 2>&1 | |
| # Update README.md | |
| today=$(date +%Y-%m-%d) | |
| sed -i -E "s/Last updated by bot: .*/Last updated by bot: ${today}/" README.md | |
| git add versions.json README.md | |
| git commit -m '🗃 Updated python/node versions [skip ci]' | |
| git push --quiet origin main | |
| else | |
| echo "Nothing changed, nothing to archive." | |
| fi | |
| test: | |
| uses: ./.github/workflows/tests.yaml |