Deploy #30
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy | |
| on: | |
| push: | |
| branches: [main] | |
| schedule: | |
| - cron: "0 00,12 * * *" # Twice a day | |
| workflow_dispatch: | |
| inputs: | |
| force: | |
| description: Force rebuild and republish all image tags | |
| required: false | |
| default: true | |
| type: boolean | |
| image_name: | |
| description: Override image name for this manual run | |
| required: false | |
| default: "" | |
| type: string | |
| max_versions: | |
| description: Maximum number of version tags to build for this manual run | |
| required: false | |
| default: "1" | |
| type: string | |
| env: | |
| IMAGE_NAME: ${{ inputs.image_name || vars.IMAGE_NAME || 'nikolaik/python-nodejs' }} | |
| jobs: | |
| generate-matrix: | |
| name: Generate build matrix | |
| runs-on: ubuntu-latest | |
| needs: [test] | |
| outputs: | |
| version_matrix: ${{ steps.filter-matrix.outputs.version_matrix }} | |
| arch_matrix: ${{ steps.filter-matrix.outputs.arch_matrix }} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| fetch-depth: 2 | |
| - uses: astral-sh/setup-uv@e06108dd0aef18192324c70427afc47652e63a82 # v7 | |
| with: | |
| enable-cache: true | |
| - name: Generate build matrix | |
| id: set-matrix | |
| run: | | |
| FORCE=$(if [[ "${{ github.event_name }}" == "workflow_dispatch" && "${{ inputs.force }}" == "true" ]]; then echo "--force"; elif git log --pretty=format:"%s" HEAD^..HEAD | grep -q '\[force\]'; then echo "--force"; else echo ""; fi) | |
| uv run dpn $FORCE build-matrix --event ${{ github.event_name }} | |
| - name: Filter build matrix for manual runs | |
| id: filter-matrix | |
| run: | | |
| version_matrix='${{ steps.set-matrix.outputs.matrix }}' | |
| arch_matrix='${{ steps.set-matrix.outputs.arch_matrix }}' | |
| max_versions='${{ github.event_name == 'workflow_dispatch' && inputs.max_versions || '0' }}' | |
| if [[ -z "${version_matrix}" ]]; then | |
| echo "version_matrix=" >> "$GITHUB_OUTPUT" | |
| echo "arch_matrix=" >> "$GITHUB_OUTPUT" | |
| exit 0 | |
| fi | |
| filtered_version_matrix="$(jq -cn \ | |
| --argjson matrix "${version_matrix}" \ | |
| --arg max_versions "${max_versions}" ' | |
| ($matrix.include | |
| | if ($max_versions | tonumber) > 0 then .[:($max_versions | tonumber)] else . end | |
| ) as $include | |
| | if ($include | length) == 0 then empty else {include: $include} end | |
| ')" | |
| if [[ -z "${filtered_version_matrix}" ]]; then | |
| echo "version_matrix=" >> "$GITHUB_OUTPUT" | |
| echo "arch_matrix=" >> "$GITHUB_OUTPUT" | |
| exit 0 | |
| fi | |
| filtered_arch_matrix="$(jq -cn \ | |
| --argjson matrix "${arch_matrix}" \ | |
| --argjson selected "${filtered_version_matrix}" ' | |
| ($selected.include | map(.key)) as $keys | |
| | {include: ($matrix.include | map(select(.key as $key | $keys | index($key))))} | |
| ')" | |
| echo "version_matrix=${filtered_version_matrix}" >> "$GITHUB_OUTPUT" | |
| echo "arch_matrix=${filtered_arch_matrix}" >> "$GITHUB_OUTPUT" | |
| build-arch: | |
| name: ${{ matrix.key }} (${{ matrix.arch }}) | |
| runs-on: ${{ matrix.runner }} | |
| if: needs.generate-matrix.outputs.arch_matrix != '' | |
| needs: [generate-matrix] | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{ fromJSON(needs.generate-matrix.outputs.arch_matrix) }} | |
| steps: | |
| # Setup | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| - uses: astral-sh/setup-uv@e06108dd0aef18192324c70427afc47652e63a82 # v7 | |
| with: | |
| enable-cache: true | |
| - name: Generate Dockerfile from config | |
| run: | | |
| context="$(echo '${{ toJSON(matrix) }}' | jq -c '{key, python, python_canonical, python_image, nodejs, nodejs_canonical, distro, platforms, digest}')" | |
| uv run dpn dockerfile --context "${context}" | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 | |
| # Build | |
| - name: Build image | |
| uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 | |
| with: | |
| context: . | |
| file: dockerfiles/${{ matrix.key }}.Dockerfile | |
| platforms: ${{ matrix.platform }} | |
| load: true | |
| tags: ${{ env.IMAGE_NAME }}:${{ matrix.key }}-${{ matrix.arch }} | |
| # Test | |
| - name: Run smoke tests | |
| run: | | |
| docker run --rm ${{ env.IMAGE_NAME }}:${{ matrix.key }}-${{ matrix.arch }} sh -c "node --version && npm --version && yarn --version && python --version && pip --version && pipenv --version && poetry --version && uv --version" | |
| # Push | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Push image | |
| run: docker push "${IMAGE_NAME}:${{ matrix.key }}-${{ matrix.arch }}" | |
| deploy: | |
| name: Publish ${{ matrix.key }} | |
| runs-on: ubuntu-latest | |
| if: needs.generate-matrix.outputs.version_matrix != '' | |
| needs: [generate-matrix, build-arch] | |
| strategy: | |
| fail-fast: false | |
| max-parallel: 1 | |
| matrix: ${{ fromJSON(needs.generate-matrix.outputs.version_matrix) }} | |
| steps: | |
| - name: Create local multi-arch manifest | |
| run: | | |
| refs=("${IMAGE_NAME}:${{ matrix.key }}-amd64") | |
| if echo '${{ toJSON(matrix.platforms) }}' | jq -e '.[] == "linux/arm64"' > /dev/null; then | |
| refs+=("${IMAGE_NAME}:${{ matrix.key }}-arm64") | |
| fi | |
| docker manifest create "${IMAGE_NAME}:${{ matrix.key }}" "${refs[@]}" | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Push multi-arch manifest | |
| run: docker manifest push "${IMAGE_NAME}:${{ matrix.key }}" | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 | |
| - name: Add digest to build context | |
| run: | | |
| mkdir builds/ | |
| digest="$(docker buildx imagetools inspect "${IMAGE_NAME}:${{ matrix.key }}" | awk '/^Digest:/ {print $2}')" | |
| echo '${{ toJSON(matrix) }}' | jq --arg digest "$digest" '. +={"digest": $digest}' >> "builds/${{ matrix.key }}.json" | |
| - name: Upload build context | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| with: | |
| name: build-${{ matrix.key }} | |
| path: builds/* | |
| if-no-files-found: error | |
| retention-days: 1 | |
| tag-latest: | |
| name: Point latest at canonical build | |
| runs-on: ubuntu-latest | |
| needs: [deploy] | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| - uses: astral-sh/setup-uv@e06108dd0aef18192324c70427afc47652e63a82 # v7 | |
| with: | |
| enable-cache: true | |
| - name: Download metadata for builds | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 | |
| with: | |
| path: builds | |
| pattern: build-* | |
| merge-multiple: true | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Point latest to canonical image | |
| run: | | |
| latest_tag="$(uv run dpn latest-key --builds-dir builds/)" | |
| docker buildx imagetools create --tag "${IMAGE_NAME}:latest" "${IMAGE_NAME}:${latest_tag}" | |
| release: | |
| name: Update versions.json and README.md | |
| runs-on: ubuntu-latest | |
| needs: [deploy, tag-latest] | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| - uses: astral-sh/setup-uv@e06108dd0aef18192324c70427afc47652e63a82 # v7 | |
| with: | |
| enable-cache: true | |
| - name: Download metadata for builds | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 | |
| with: | |
| path: builds | |
| pattern: build-* | |
| merge-multiple: true | |
| - name: Update versions.json and README.md, then commit and push changes (if any) | |
| run: | | |
| uv run dpn --verbose release --builds-dir builds/ | |
| clean_checkout=$(git status --porcelain) | |
| if [[ -n "${clean_checkout}" ]]; then | |
| git config --global user.name "Nikolai Kristiansen" > /dev/null 2>&1 | |
| git config --global user.email nikolaik@users.noreply.github.com > /dev/null 2>&1 | |
| # Update README.md | |
| today=$(date +%Y-%m-%d) | |
| sed -i -E "s/Last updated by bot: .*/Last updated by bot: ${today}/" README.md | |
| git add versions.json README.md | |
| git commit -m 'π Updated python/node versions [skip ci]' | |
| git push --quiet origin main | |
| else | |
| echo "Nothing changed, nothing to archive." | |
| fi | |
| test: | |
| uses: ./.github/workflows/tests.yaml |