202 lines
6.3 KiB
YAML
202 lines
6.3 KiB
YAML
name: Build and push docker images
|
|
|
|
concurrency:
|
|
group: docker-build-${{ github.event_name }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
on:
|
|
push:
|
|
tags:
|
|
- v*
|
|
- e*
|
|
- docker-latest-*
|
|
workflow_dispatch:
|
|
inputs:
|
|
branch_or_tag:
|
|
required: false
|
|
profile:
|
|
required: false
|
|
default: 'emqx'
|
|
is_latest:
|
|
required: false
|
|
default: false
|
|
|
|
jobs:
|
|
prepare:
|
|
runs-on: ubuntu-22.04
|
|
# prepare source with any OTP version, no need for a matrix
|
|
container: "ghcr.io/emqx/emqx-builder/5.0-34:1.13.4-24.3.4.2-3-ubuntu22.04"
|
|
|
|
outputs:
|
|
PROFILE: ${{ steps.get_profile.outputs.PROFILE }}
|
|
EDITION: ${{ steps.get_profile.outputs.EDITION }}
|
|
IS_LATEST: ${{ steps.get_profile.outputs.IS_LATEST }}
|
|
IS_EXACT_TAG: ${{ steps.get_profile.outputs.IS_EXACT_TAG }}
|
|
VERSION: ${{ steps.get_profile.outputs.VERSION }}
|
|
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
with:
|
|
ref: ${{ github.event.inputs.branch_or_tag }} # when input is not given, the event tag is used
|
|
path: source
|
|
fetch-depth: 0
|
|
|
|
- name: Get profiles to build
|
|
id: get_profile
|
|
env:
|
|
INPUTS_PROFILE: ${{ github.event.inputs.profile }}
|
|
run: |
|
|
cd source
|
|
# tag docker-latest-ce or docker-latest-ee
|
|
if git describe --tags --exact --match 'docker-latest-*' 2>/dev/null; then
|
|
echo 'is_latest=true due to docker-latest-* tag'
|
|
is_latest=true
|
|
elif [ "${{ inputs.is_latest }}" = "true" ]; then
|
|
echo 'is_latest=true due to manual input from workflow_dispatch'
|
|
is_latest=true
|
|
else
|
|
echo 'is_latest=false'
|
|
is_latest=false
|
|
fi
|
|
# resolve profile
|
|
if git describe --tags --match "v*" --exact; then
|
|
echo "This is an exact git tag, will publish images"
|
|
is_exact='true'
|
|
PROFILE=emqx
|
|
elif git describe --tags --match "e*" --exact; then
|
|
echo "This is an exact git tag, will publish images"
|
|
is_exact='true'
|
|
PROFILE=emqx-enterprise
|
|
else
|
|
echo "This is NOT an exact git tag, will not publish images"
|
|
is_exact='false'
|
|
fi
|
|
|
|
case "${PROFILE:-$INPUTS_PROFILE}" in
|
|
emqx)
|
|
EDITION='Opensource'
|
|
;;
|
|
emqx-enterprise)
|
|
EDITION='Enterprise'
|
|
;;
|
|
*)
|
|
echo "ERROR: Failed to resolve build profile"
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
VSN="$(./pkg-vsn.sh "$PROFILE")"
|
|
echo "Building emqx/$PROFILE:$VSN image (latest=$is_latest)"
|
|
echo "Push = $is_exact"
|
|
echo "IS_LATEST=$is_latest" >> $GITHUB_OUTPUT
|
|
echo "IS_EXACT_TAG=$is_exact" >> $GITHUB_OUTPUT
|
|
echo "PROFILE=$PROFILE" >> $GITHUB_OUTPUT
|
|
echo "EDITION=$EDITION" >> $GITHUB_OUTPUT
|
|
echo "VERSION=$VSN" >> $GITHUB_OUTPUT
|
|
- name: get_all_deps
|
|
env:
|
|
PROFILE: ${{ steps.get_profile.outputs.PROFILE }}
|
|
run: |
|
|
PROFILE=$PROFILE make -C source deps-$PROFILE
|
|
zip -ryq source.zip source/* source/.[^.]*
|
|
- uses: actions/upload-artifact@v3
|
|
with:
|
|
name: source
|
|
path: source.zip
|
|
|
|
docker:
|
|
runs-on: ubuntu-22.04
|
|
needs: prepare
|
|
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
profile:
|
|
- "${{ needs.prepare.outputs.PROFILE }}"
|
|
registry:
|
|
- 'docker.io'
|
|
- 'public.ecr.aws'
|
|
os:
|
|
- [debian11, "debian:11-slim", "deploy/docker/Dockerfile"]
|
|
# NOTE: 'otp' and 'elixir' are to configure emqx-builder image
|
|
# only support latest otp and elixir, not a matrix
|
|
builder:
|
|
- 5.0-34 # update to latest
|
|
otp:
|
|
- 24.3.4.2-3 # switch to 25 once ready to release 5.1
|
|
elixir:
|
|
- 'no_elixir'
|
|
- '1.13.4' # update to latest
|
|
exclude: # TODO: publish enterprise to ecr too?
|
|
- registry: 'public.ecr.aws'
|
|
profile: emqx-enterprise
|
|
|
|
steps:
|
|
- uses: actions/download-artifact@v3
|
|
with:
|
|
name: source
|
|
path: .
|
|
- name: unzip source code
|
|
run: unzip -q source.zip
|
|
|
|
- uses: docker/setup-qemu-action@v2
|
|
- uses: docker/setup-buildx-action@v2
|
|
|
|
- name: Login to hub.docker.com
|
|
uses: docker/login-action@v2
|
|
if: matrix.registry == 'docker.io'
|
|
with:
|
|
username: ${{ secrets.DOCKER_HUB_USER }}
|
|
password: ${{ secrets.DOCKER_HUB_TOKEN }}
|
|
|
|
- name: Login to AWS ECR
|
|
uses: docker/login-action@v2
|
|
if: matrix.registry == 'public.ecr.aws'
|
|
with:
|
|
registry: public.ecr.aws
|
|
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
|
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
|
ecr: true
|
|
|
|
- name: prepare for docker/metadata-action
|
|
id: pre-meta
|
|
shell: bash
|
|
run: |
|
|
extra_labels=
|
|
img_suffix=
|
|
if [ "${{ matrix.elixir }}" != 'no_elixir' ]; then
|
|
img_suffix="-elixir"
|
|
extra_labels="org.opencontainers.image.elixir.version=${{ matrix.elixir }}"
|
|
fi
|
|
|
|
echo "img_suffix=$img_suffix" >> $GITHUB_OUTPUT
|
|
echo "extra_labels=$extra_labels" >> $GITHUB_OUTPUT
|
|
|
|
- uses: docker/metadata-action@v4
|
|
id: meta
|
|
with:
|
|
images: |
|
|
${{ matrix.registry }}/${{ github.repository_owner }}/${{ matrix.profile }}
|
|
flavor: |
|
|
suffix=${{ steps.pre-meta.outputs.img_suffix }}
|
|
tags: |
|
|
type=raw,value=${{ needs.prepare.outputs.VERSION }}
|
|
type=raw,value=latest,enable=${{ needs.prepare.outputs.IS_LATEST }}
|
|
labels: |
|
|
org.opencontainers.image.otp.version=${{ matrix.otp }}
|
|
org.opencontainers.image.edition=${{ needs.prepare.outputs.EDITION }}
|
|
${{ steps.pre-meta.outputs.extra_labels }}
|
|
|
|
- uses: docker/build-push-action@v3
|
|
with:
|
|
push: ${{ needs.prepare.outputs.IS_EXACT_TAG == 'true' || github.repository_owner != 'emqx' }}
|
|
pull: true
|
|
no-cache: true
|
|
platforms: linux/amd64,linux/arm64
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
labels: ${{ steps.meta.outputs.labels }}
|
|
build-args: |
|
|
EMQX_NAME=${{ matrix.profile }}${{ steps.pre-meta.outputs.img_suffix }}
|
|
file: source/${{ matrix.os[2] }}
|
|
context: source
|