mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 12:37:00 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Refactor docker_build_kanidm to be more isolated (v13) (#1872)

Browse source
This commit is contained in:
micolous 2023-07-18 09:03:04 +10:00 committed by GitHub
parent 60a1cdf9d8
commit 73e6e11cd2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 114 additions and 72 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

59
.github/workflows/docker_build_kanidm.yml vendored
View file

@ -1,46 +1,59 @@
--- ---
name: Container - Kanidm name: Container - Kanidm
# this will build regardless, # This is always built and uploads an OCI image as a build artifact, but only
# but only push to the container registry # pushes to "ghcr.io/kanidm/kanidm:devel" when on "kanidm/kanidm@master".
# when you're committing on the master branch. on:
"on":
pull_request: pull_request:
push: push:
branches:
- master
concurrency: concurrency:
group: ${{ github.workflow }}-${{ github.ref }} group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true cancel-in-progress: true
jobs: jobs:
kanidm_build: kanidm_build:
name: Build kanidm Docker image
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2 uses: docker/setup-buildx-action@v2
- # https://github.com/docker/login-action/#github-container-registry - name: Build kanidm
name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
# don't log in if we're not going to push!
if: ${{ github.ref == 'refs/heads/master' }} && ${{ github.repository == 'kanidm/kanidm' }}
- name: Build and push kanidmd
id: docker_build_kanidm
uses: docker/build-push-action@v4 uses: docker/build-push-action@v4
with: with:
push: ${{ github.ref == 'refs/heads/master' && github.repository == 'kanidm/kanidm' }}
platforms: "linux/amd64" platforms: "linux/amd64"
# https://github.com/docker/build-push-action/issues/254 tags: ghcr.io/${{ github.repository_owner }}/kanidm:devel
tags: ghcr.io/kanidm/kanidm:devel
build-args: | build-args: |
"KANIDM_FEATURES=" "KANIDM_FEATURES="
# "KANIDM_BUILD_OPTIONS=-j1" # "KANIDM_BUILD_OPTIONS=-j1"
file: tools/Dockerfile file: tools/Dockerfile
# Must use OCI exporter for multi-arch: https://github.com/docker/buildx/pull/1813
outputs: type=oci,dest=/tmp/kanidm-docker.tar
- name: Upload artifact
uses: actions/upload-artifact@v3
with:
name: kanidm-docker
path: /tmp/kanidm-docker.tar
kanidm_push:
name: Push kanidm Docker image
# This step is split so that we don't apply "packages: write" permission
# except when uploading the final Docker image to GHCR.
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/master' && github.repository == 'kanidm/kanidm'
needs: kanidm_build
permissions:
packages: write
steps:
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: kanidm-docker
path: /tmp
- name: Push image to GHCR
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | oras login -u "${{ github.actor }}" --password-stdin ghcr.io
oras copy --from-oci-layout "/tmp/kanidm-docker.tar:devel" "ghcr.io/${{ github.repository_owner }}/kanidm:devel"

67
.github/workflows/docker_build_kanidmd.yml vendored
View file

@ -1,45 +1,58 @@
--- ---
name: Container - Kanidmd name: Container - Kanidmd
# this will build regardless, # This is always built and uploads an OCI image as a build artifact, but only
# but only push to the container registry # pushes to "ghcr.io/kanidm/kanidmd:devel" when on "kanidm/kanidm@master".
# when you're committing on the master branch. on:
"on":
pull_request: pull_request:
push: push:
branches:
- master
concurrency: concurrency:
group: ${{ github.workflow }}-${{ github.ref }} group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true cancel-in-progress: true
jobs: jobs:
kanidmd_build: kanidmd_build:
name: Build kanidmd Docker image
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
# don't need qemu/buildx if we're not building ARM - name: Set up Docker Buildx
# - name: Set up QEMU uses: docker/setup-buildx-action@v2
# uses: docker/setup-qemu-action@v2 - name: Build kanidmd
# - name: Set up Docker Buildx
# uses: docker/setup-buildx-action@v2
- # https://github.com/docker/login-action/#github-container-registry
name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
# don't log in if we're not going to push!
if: ${{ github.ref == 'refs/heads/master' }} && ${{ github.repository == 'kanidm/kanidm' }}
- name: Build and push kanidmd
id: docker_build_kanidmd
uses: docker/build-push-action@v4 uses: docker/build-push-action@v4
with: with:
push: ${{ github.ref == 'refs/heads/master' && github.repository == 'kanidm/kanidm' }} platforms: "linux/amd64"
platforms: linux/amd64 tags: ghcr.io/${{ github.repository_owner }}/kanidmd:devel
tags: ghcr.io/kanidm/kanidmd:devel
# build-args: | # build-args: |
# "KANIDM_BUILD_OPTIONS=-j1" # "KANIDM_BUILD_OPTIONS=-j1"
file: server/Dockerfile file: server/Dockerfile
# Must use OCI exporter for multi-arch: https://github.com/docker/buildx/pull/1813
outputs: type=oci,dest=/tmp/kanidmd-docker.tar
- name: Upload artifact
uses: actions/upload-artifact@v3
with:
name: kanidmd-docker
path: /tmp/kanidmd-docker.tar
kanidmd_push:
name: Push kanidmd Docker image
# This step is split so that we don't apply "packages: write" permission
# except when uploading the final Docker image to GHCR.
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/master' && github.repository == 'kanidm/kanidm'
needs: kanidmd_build
permissions:
packages: write
steps:
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: kanidmd-docker
path: /tmp
- name: Push image to GHCR
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | oras login -u "${{ github.actor }}" --password-stdin ghcr.io
oras copy --from-oci-layout "/tmp/kanidmd-docker.tar:devel" "ghcr.io/${{ github.repository_owner }}/kanidmd:devel"

60
.github/workflows/docker_build_radiusd.yml vendored
View file

@ -1,21 +1,19 @@
--- ---
name: Container - Radiusd name: Container - Radiusd
# this will build regardless, # This is always built and uploads an OCI image as a build artifact, but only
# but only push to the container registry # pushes to "ghcr.io/kanidm/radius:devel" when on "kanidm/kanidm@master".
# when you're committing on the master branch. on:
"on":
pull_request: pull_request:
push: push:
branches:
- master
concurrency: concurrency:
group: ${{ github.workflow }}-${{ github.ref }} group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true cancel-in-progress: true
jobs: jobs:
radius_build: radius_build:
name: Build radius Docker image
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
@ -23,22 +21,40 @@ jobs:
uses: docker/setup-qemu-action@v2 uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2 uses: docker/setup-buildx-action@v2
- # https://github.com/docker/login-action/#github-container-registry - name: Build radius
name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
# don't log in if we're not going to push!
if: ${{github.ref == 'refs/heads/master'}} && ${{ github.repository == 'kanidm/kanidm' }}
- name: Build and push radius
id: docker_build_radius
uses: docker/build-push-action@v4 uses: docker/build-push-action@v4
with: with:
push: ${{ github.ref == 'refs/heads/master' && github.repository == 'kanidm/kanidm' }}
platforms: linux/arm64,linux/amd64 platforms: linux/arm64,linux/amd64
# https://github.com/docker/build-push-action/issues/254 tags: ghcr.io/${{ github.repository_owner }}/radius:devel
tags: ghcr.io/kanidm/radius:devel
context: .
file: rlm_python/Dockerfile file: rlm_python/Dockerfile
# Must use OCI exporter for multi-arch: https://github.com/docker/buildx/pull/1813
outputs: type=oci,dest=/tmp/radius-docker.tar
- name: Upload artifact
uses: actions/upload-artifact@v3
with:
name: radius-docker
path: /tmp/radius-docker.tar
radius_push:
name: Push radius Docker image
# This step is split so that we don't apply "packages: write" permission
# except when uploading the final Docker image to GHCR.
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/master' && github.repository == 'kanidm/kanidm'
needs: radius_build
permissions:
packages: write
steps:
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: radius-docker
path: /tmp
# Docker won't directly import OCI images and keep their multi-arch
# features, but ORAS will: https://oras.land/docs/commands/oras_copy
- name: Push image to GHCR
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | oras login -u "${{ github.actor }}" --password-stdin ghcr.io
oras copy --from-oci-layout "/tmp/radius-docker.tar:devel" "ghcr.io/${{ github.repository_owner }}/radius:devel"