# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json name: "Main" on: push: tags: ["*"] branches: ["*"] pull_request: branches: ["*"] workflow_dispatch: permissions: {} jobs: build-common-stages: name: "Build common stages" runs-on: "ubuntu-latest" permissions: contents: "read" strategy: matrix: stage: ["build"] steps: - name: "Checkout project" uses: "actions/checkout@v4" - name: "Build and save image" run: | make \ IMAGE_REGISTRY="localhost" IMAGE_NAMESPACE="stage" IMAGE_PROJECT="${{ matrix.stage }}" \ IMAGE_BUILD_OPTS="--pull --target ${{ matrix.stage }} --build-arg BUILDKIT_INLINE_CACHE=1" \ build-native-image save-native-image - name: "Upload artifacts" uses: "actions/upload-artifact@v4" with: name: "dist-common-stages" path: "./dist/" retention-days: 1 build: name: "Build ${{ matrix.arch }} image" needs: ["build-common-stages"] runs-on: "ubuntu-latest" permissions: contents: "read" strategy: matrix: arch: ["native", "amd64", "arm64v8"] steps: - name: "Checkout project" uses: "actions/checkout@v4" - name: "Download artifacts" uses: "actions/download-artifact@v4" with: name: "dist-common-stages" path: "./dist/" - name: "Load common stages" run: | docker system prune --all --force make IMAGE_REGISTRY="localhost" IMAGE_NAMESPACE="stage" IMAGE_PROJECT="build" load-native-image clean - name: "Register binfmt entries" if: "matrix.arch != 'native'" run: | make binfmt-register - name: "Build and save image" run: | make \ IMAGE_BUILD_OPTS="--cache-from localhost/stage/build:latest" \ "build-${{ matrix.arch }}-image" "save-${{ matrix.arch }}-image" - name: "Upload artifacts" if: "startsWith(github.ref, 'refs/tags/v') && matrix.arch != 'native'" uses: "actions/upload-artifact@v4" with: name: "dist-${{ matrix.arch }}" path: "./dist/" retention-days: 1 push: name: "Push ${{ matrix.arch }} image" if: "startsWith(github.ref, 'refs/tags/v')" needs: ["build"] runs-on: "ubuntu-latest" permissions: contents: "read" strategy: matrix: arch: ["amd64", "arm64v8"] steps: - name: "Checkout project" uses: "actions/checkout@v4" - name: "Download artifacts" uses: "actions/download-artifact@v4" with: name: "dist-${{ matrix.arch }}" path: "./dist/" - name: "Login to Docker Hub" uses: "docker/login-action@v3" with: registry: "docker.io" username: "${{ secrets.DOCKERHUB_USERNAME }}" password: "${{ secrets.DOCKERHUB_TOKEN }}" - name: "Load and push image" run: | make "load-${{ matrix.arch }}-image" "push-${{ matrix.arch }}-image" push-manifest: name: "Push manifest" if: "startsWith(github.ref, 'refs/tags/v')" needs: ["push"] runs-on: "ubuntu-latest" permissions: contents: "read" steps: - name: "Checkout project" uses: "actions/checkout@v4" - name: "Login to Docker Hub" uses: "docker/login-action@v3" with: registry: "docker.io" username: "${{ secrets.DOCKERHUB_USERNAME }}" password: "${{ secrets.DOCKERHUB_TOKEN }}" - name: "Push manifest" run: | make push-cross-manifest release-github: name: "Create GitHub release" if: "startsWith(github.ref, 'refs/tags/v')" needs: ["push-manifest"] runs-on: "ubuntu-latest" permissions: contents: "write" steps: - name: "Create release" env: GITHUB_PAT: "${{ secrets.GITHUB_TOKEN }}" run: | RELEASE_STATUS="$(curl -fs --proto '=https' --tlsv1.3 --globoff \ --url "https://api.github.com/repos/${GITHUB_REPOSITORY:?}/releases/tags/${GITHUB_REF_NAME:?}" \ --header "Authorization: Bearer ${GITHUB_PAT:?}" \ --header 'Accept: application/vnd.github.v3+json' \ --header 'Content-Type: application/json' \ --write-out '%{http_code}' --output /dev/null ||:)" if [ "${RELEASE_STATUS:?}" = '200' ]; then exit 0; fi RELEASE_ID="$(curl -fsS --proto '=https' --tlsv1.3 --globoff \ --url "https://api.github.com/repos/${GITHUB_REPOSITORY:?}/releases" \ --header "Authorization: Bearer ${GITHUB_PAT:?}" \ --header 'Accept: application/vnd.github.v3+json' \ --header 'Content-Type: application/json' \ --data "$(jq -rn --arg tag "${GITHUB_REF_NAME:?}" '{"name": $tag, "tag_name": $tag, "generate_release_notes": true}')" | jq -r '.id')" if [ -z "${RELEASE_ID-}" ] || [ "${RELEASE_ID:?}" = 'null' ]; then exit 1; fi