name: Build and push docker images concurrency: group: docker-build-${{ github.event_name }}-${{ github.ref }} cancel-in-progress: true on: push: tags: - v* - e* - docker-latest-* workflow_dispatch: inputs: branch_or_tag: required: false profile: required: false default: 'emqx' is_latest: required: false default: false jobs: prepare: runs-on: ubuntu-22.04 # prepare source with any OTP version, no need for a matrix container: "ghcr.io/emqx/emqx-builder/5.0-34:1.13.4-24.3.4.2-3-ubuntu22.04" outputs: PROFILE: ${{ steps.get_profile.outputs.PROFILE }} EDITION: ${{ steps.get_profile.outputs.EDITION }} IS_LATEST: ${{ steps.get_profile.outputs.IS_LATEST }} IS_EXACT_TAG: ${{ steps.get_profile.outputs.IS_EXACT_TAG }} VERSION: ${{ steps.get_profile.outputs.VERSION }} steps: - uses: actions/checkout@v3 with: ref: ${{ github.event.inputs.branch_or_tag }} # when input is not given, the event tag is used path: source fetch-depth: 0 - name: Get profiles to build id: get_profile env: INPUTS_PROFILE: ${{ github.event.inputs.profile }} run: | cd source # tag docker-latest-ce or docker-latest-ee if git describe --tags --exact --match 'docker-latest-*' 2>/dev/null; then echo 'is_latest=true due to docker-latest-* tag' is_latest=true elif [ "${{ inputs.is_latest }}" = "true" ]; then echo 'is_latest=true due to manual input from workflow_dispatch' is_latest=true else echo 'is_latest=false' is_latest=false fi # resolve profile if git describe --tags --match "v*" --exact; then echo "This is an exact git tag, will publish images" is_exact='true' PROFILE=emqx elif git describe --tags --match "e*" --exact; then echo "This is an exact git tag, will publish images" is_exact='true' PROFILE=emqx-enterprise else echo "This is NOT an exact git tag, will not publish images" is_exact='false' fi case "${PROFILE:-$INPUTS_PROFILE}" in emqx) EDITION='Opensource' ;; emqx-enterprise) EDITION='Enterprise' ;; *) echo "ERROR: Failed to resolve build profile" exit 1 ;; esac VSN="$(./pkg-vsn.sh "$PROFILE")" echo "Building emqx/$PROFILE:$VSN image (latest=$is_latest)" echo "Push = $is_exact" echo "IS_LATEST=$is_latest" >> $GITHUB_OUTPUT echo "IS_EXACT_TAG=$is_exact" >> $GITHUB_OUTPUT echo "PROFILE=$PROFILE" >> $GITHUB_OUTPUT echo "EDITION=$EDITION" >> $GITHUB_OUTPUT echo "VERSION=$VSN" >> $GITHUB_OUTPUT - name: get_all_deps env: PROFILE: ${{ steps.get_profile.outputs.PROFILE }} run: | PROFILE=$PROFILE make -C source deps-$PROFILE zip -ryq source.zip source/* source/.[^.]* - uses: actions/upload-artifact@v3 with: name: source path: source.zip docker: runs-on: ubuntu-22.04 needs: prepare strategy: fail-fast: false matrix: profile: - "${{ needs.prepare.outputs.PROFILE }}" registry: - 'docker.io' - 'public.ecr.aws' os: - [debian11, "debian:11-slim", "deploy/docker/Dockerfile"] # NOTE: 'otp' and 'elixir' are to configure emqx-builder image # only support latest otp and elixir, not a matrix builder: - 5.0-34 # update to latest otp: - 24.3.4.2-3 # switch to 25 once ready to release 5.1 elixir: - 'no_elixir' - '1.13.4' # update to latest exclude: # TODO: publish enterprise to ecr too? - registry: 'public.ecr.aws' profile: emqx-enterprise steps: - uses: actions/download-artifact@v3 with: name: source path: . - name: unzip source code run: unzip -q source.zip - uses: docker/setup-qemu-action@v2 - uses: docker/setup-buildx-action@v2 - name: Login to hub.docker.com uses: docker/login-action@v2 if: matrix.registry == 'docker.io' with: username: ${{ secrets.DOCKER_HUB_USER }} password: ${{ secrets.DOCKER_HUB_TOKEN }} - name: Login to AWS ECR uses: docker/login-action@v2 if: matrix.registry == 'public.ecr.aws' with: registry: public.ecr.aws username: ${{ secrets.AWS_ACCESS_KEY_ID }} password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} ecr: true - name: prepare for docker/metadata-action id: pre-meta shell: bash run: | extra_labels= img_suffix= if [ "${{ matrix.elixir }}" != 'no_elixir' ]; then img_suffix="-elixir" extra_labels="org.opencontainers.image.elixir.version=${{ matrix.elixir }}" fi echo "img_suffix=$img_suffix" >> $GITHUB_OUTPUT echo "extra_labels=$extra_labels" >> $GITHUB_OUTPUT - uses: docker/metadata-action@v4 id: meta with: images: | ${{ matrix.registry }}/${{ github.repository_owner }}/${{ matrix.profile }} flavor: | suffix=${{ steps.pre-meta.outputs.img_suffix }} tags: | type=raw,value=${{ needs.prepare.outputs.VERSION }} type=raw,value=latest,enable=${{ needs.prepare.outputs.IS_LATEST }} labels: | org.opencontainers.image.otp.version=${{ matrix.otp }} org.opencontainers.image.edition=${{ needs.prepare.outputs.EDITION }} ${{ steps.pre-meta.outputs.extra_labels }} - uses: docker/build-push-action@v3 with: push: ${{ needs.prepare.outputs.IS_EXACT_TAG == 'true' || github.repository_owner != 'emqx' }} pull: true no-cache: true platforms: linux/amd64,linux/arm64 tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} build-args: | EMQX_NAME=${{ matrix.profile }}${{ steps.pre-meta.outputs.img_suffix }} file: source/${{ matrix.os[2] }} context: source