From b0de8c7c12441c5bef186ca39e838b470682eef1 Mon Sep 17 00:00:00 2001 From: Vito Date: Tue, 7 Jan 2025 17:11:47 +0000 Subject: [PATCH 1/4] refactor(ci): Optimize dockerfile script for production images Create a separate stage to download files and mount it as a volume later. Remove tini as it's not needed to run liquidsoap as main process. Use RUN syntax similar to that used for official images. Remove apt lists from the resulting Debian container images. --- .github/docker/Dockerfile.production | 37 ------------- .github/docker/Dockerfile.production-alpine | 18 ------ .github/docker/alpine.dockerfile | 20 +++++++ .github/docker/debian.dockerfile | 55 +++++++++++++++++++ ...{Dockerfile.website => website.dockerfile} | 0 .github/scripts/build-docker-alpine.sh | 2 +- .github/scripts/build-docker.sh | 2 +- .github/scripts/build-website.sh | 2 +- 8 files changed, 78 insertions(+), 58 deletions(-) delete mode 100644 .github/docker/Dockerfile.production delete mode 100644 .github/docker/Dockerfile.production-alpine create mode 100644 .github/docker/alpine.dockerfile create mode 100644 .github/docker/debian.dockerfile rename .github/docker/{Dockerfile.website => website.dockerfile} (100%) diff --git a/.github/docker/Dockerfile.production b/.github/docker/Dockerfile.production deleted file mode 100644 index 63b7d0654d..0000000000 --- a/.github/docker/Dockerfile.production +++ /dev/null @@ -1,37 +0,0 @@ -FROM debian:bookworm-slim - -ARG DEB_FILE -ARG DEB_DEBUG_FILE - -ENV DEBIAN_FRONTEND=noninteractive - -USER root - -RUN apt-get update && apt-get install adduser && apt-get clean - -RUN addgroup --gid 10001 --system liquidsoap && \ - adduser --system --disabled-password --disabled-login --uid 10000 \ - --home /var/cache/liquidsoap --ingroup liquidsoap liquidsoap && \ - usermod --append --groups audio liquidsoap - -# For ffmpeg with libfdk-aac -RUN apt-get update && apt install -y ca-certificates && \ - echo "deb https://www.deb-multimedia.org bookworm main non-free" >> /etc/apt/sources.list && \ - apt-get update -oAcquire::AllowInsecureRepositories=true && \ - apt-get install -y --allow-unauthenticated deb-multimedia-keyring - -COPY $DEB_FILE liquidsoap.deb -COPY $DEB_DEBUG_FILE liquidsoap-debug.deb - -RUN apt-get update && \ - apt-get dist-upgrade -y && \ - apt install -y ./liquidsoap.deb ./liquidsoap-debug.deb && \ - apt-get install -y tini && \ - apt-get clean && \ - rm -f ./liquidsoap.deb ./liquidsoap-debug.deb - -USER liquidsoap - -RUN liquidsoap --cache-stdlib - -ENTRYPOINT ["/usr/bin/tini", "--", "/usr/bin/liquidsoap"] diff --git a/.github/docker/Dockerfile.production-alpine b/.github/docker/Dockerfile.production-alpine deleted file mode 100644 index 4b39d3c727..0000000000 --- a/.github/docker/Dockerfile.production-alpine +++ /dev/null @@ -1,18 +0,0 @@ -FROM alpine:edge - -ARG APK_FILE - -USER root - -COPY $APK_FILE /tmp/liquidsoap.apk - -RUN apk add --allow-untrusted --no-cache \ - -X http://dl-cdn.alpinelinux.org/alpine/edge/testing \ - tini /tmp/liquidsoap.apk && \ - rm -rf /tmp/liquidsoap.apk - -USER liquidsoap - -RUN liquidsoap --cache-stdlib - -ENTRYPOINT ["/sbin/tini", "--", "/usr/bin/liquidsoap"] diff --git a/.github/docker/alpine.dockerfile b/.github/docker/alpine.dockerfile new file mode 100644 index 0000000000..91767fa6bb --- /dev/null +++ b/.github/docker/alpine.dockerfile @@ -0,0 +1,20 @@ +FROM alpine:edge AS downloader + +ARG APK_FILE + +COPY $APK_FILE /downloads/liquidsoap.apk + +FROM alpine:edge + +RUN --mount=type=bind,from=downloader,source=/downloads,target=/downloads \ + set -eux; \ + echo 'https://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories; \ + apk add --allow-untrusted --no-cache \ + /downloads/liquidsoap.apk \ + ; + +USER liquidsoap + +RUN liquidsoap --cache-stdlib + +ENTRYPOINT ["/usr/bin/liquidsoap"] diff --git a/.github/docker/debian.dockerfile b/.github/docker/debian.dockerfile new file mode 100644 index 0000000000..65cf8144d6 --- /dev/null +++ b/.github/docker/debian.dockerfile @@ -0,0 +1,55 @@ +FROM debian:12-slim AS downloader + +ARG DEB_FILE +ARG DEB_DEBUG_FILE +COPY $DEB_FILE /downloads/liquidsoap.deb +COPY $DEB_DEBUG_FILE /downloads/liquidsoap-debug.deb + +ARG DEB_MULTIMEDIA_KEYRING="https://www.deb-multimedia.org/pool/main/d/deb-multimedia-keyring/deb-multimedia-keyring_2024.9.1_all.deb" +ARG DEB_MULTIMEDIA_KEYRING_SHA256SUM="8dc6cbb266c701cfe58bd1d2eb9fe2245a1d6341c7110cfbfe3a5a975dcf97ca" + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + wget \ + ; \ + wget "$DEB_MULTIMEDIA_KEYRING" -O /downloads/deb-multimedia-keyring.deb; \ + echo "$DEB_MULTIMEDIA_KEYRING_SHA256SUM /downloads/deb-multimedia-keyring.deb" | sha256sum -c -; + +FROM debian:12-slim + +ARG DEBIAN_FRONTEND=noninteractive + +# For ffmpeg with libfdk-aac +RUN --mount=type=bind,from=downloader,source=/downloads,target=/downloads \ + set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + /downloads/deb-multimedia-keyring.deb \ + ca-certificates \ + ; \ + echo 'deb https://www.deb-multimedia.org bookworm main non-free' > \ + /etc/apt/sources.list.d/deb-multimedia.list; \ + rm -rf \ + /var/lib/apt/lists \ + /var/lib/dpkg/status-old \ + ; + +RUN --mount=type=bind,from=downloader,source=/downloads,target=/downloads \ + set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + /downloads/liquidsoap.deb \ + /downloads/liquidsoap-debug.deb \ + ; \ + rm -rf \ + /var/lib/apt/lists \ + /var/lib/dpkg/status-old \ + ; + +USER liquidsoap + +RUN liquidsoap --cache-stdlib + +ENTRYPOINT ["/usr/bin/liquidsoap"] diff --git a/.github/docker/Dockerfile.website b/.github/docker/website.dockerfile similarity index 100% rename from .github/docker/Dockerfile.website rename to .github/docker/website.dockerfile diff --git a/.github/scripts/build-docker-alpine.sh b/.github/scripts/build-docker-alpine.sh index 9b3888c1e0..54b8a25fa8 100755 --- a/.github/scripts/build-docker-alpine.sh +++ b/.github/scripts/build-docker-alpine.sh @@ -17,7 +17,7 @@ docker build \ --no-cache \ --provenance false \ --build-arg "APK_FILE=$APK_FILE" \ - --file .github/docker/Dockerfile.production-alpine \ + --file .github/docker/alpine.dockerfile \ --tag "savonet/liquidsoap-ci-build:${TAG}_alpine_${ARCHITECTURE}" \ --push \ . diff --git a/.github/scripts/build-docker.sh b/.github/scripts/build-docker.sh index d1b241a5a7..4d39b8f7b6 100755 --- a/.github/scripts/build-docker.sh +++ b/.github/scripts/build-docker.sh @@ -11,7 +11,7 @@ ARCHITECTURE="$6" cp "$DEB_FILE" "$DEB_DEBUG_FILE" . -DOCKERFILE=.github/docker/Dockerfile.production +DOCKERFILE=.github/docker/debian.dockerfile docker login -u "$USER" -p "$PASSWORD" diff --git a/.github/scripts/build-website.sh b/.github/scripts/build-website.sh index 77174ea8f5..c46bffb548 100755 --- a/.github/scripts/build-website.sh +++ b/.github/scripts/build-website.sh @@ -7,7 +7,7 @@ BASE_DIR=$(cd "${PWD}/../.." && pwd) DOCKER_IMAGE=savonet/liquidsoap-github-actions-website -docker build --no-cache --tag "${DOCKER_IMAGE}" --file "${BASE_DIR}/.github/docker/Dockerfile.website" . +docker build --no-cache --tag "${DOCKER_IMAGE}" --file "${BASE_DIR}/.github/docker/website.dockerfile" . id="$(docker create "${DOCKER_IMAGE}")" docker cp "$id:/tmp/liquidsoap-full/website/html" html/ From babecb9b8befe17d435b11e079a7b93ae5bbb11e Mon Sep 17 00:00:00 2001 From: Romain Beauxis Date: Tue, 7 Jan 2025 12:29:04 -0600 Subject: [PATCH 2/4] refactor(ci): Allow docker build w/o docker push on forks --- .github/scripts/build-docker-alpine.sh | 13 +++++++++++-- .github/scripts/build-docker.sh | 13 +++++++++++-- .github/workflows/ci.yml | 21 +++++++++++++++------ 3 files changed, 37 insertions(+), 10 deletions(-) diff --git a/.github/scripts/build-docker-alpine.sh b/.github/scripts/build-docker-alpine.sh index 54b8a25fa8..ca7b9eadd3 100755 --- a/.github/scripts/build-docker-alpine.sh +++ b/.github/scripts/build-docker-alpine.sh @@ -10,8 +10,11 @@ ARCHITECTURE="$5" cp "$APK_FILE" . -docker login -u "$USER" -p "$PASSWORD" +if [ "${PUBLISH_DOCKER_IMAGE}" = "true" ]; then + PUSH_OPTION=--push +fi +# shellcheck disable=SC2086 docker build \ --pull \ --no-cache \ @@ -19,9 +22,15 @@ docker build \ --build-arg "APK_FILE=$APK_FILE" \ --file .github/docker/alpine.dockerfile \ --tag "savonet/liquidsoap-ci-build:${TAG}_alpine_${ARCHITECTURE}" \ - --push \ + ${PUSH_OPTION} \ . +if [ "${PUBLISH_DOCKER_IMAGE}" != "true" ]; then + exit 0 +fi + +docker login -u "$USER" -p "$PASSWORD" + docker pull "savonet/liquidsoap-ci-build:${TAG}_alpine_${ARCHITECTURE}" docker tag \ diff --git a/.github/scripts/build-docker.sh b/.github/scripts/build-docker.sh index 4d39b8f7b6..323766ef48 100755 --- a/.github/scripts/build-docker.sh +++ b/.github/scripts/build-docker.sh @@ -13,8 +13,11 @@ cp "$DEB_FILE" "$DEB_DEBUG_FILE" . DOCKERFILE=.github/docker/debian.dockerfile -docker login -u "$USER" -p "$PASSWORD" +if [ "${PUBLISH_DOCKER_IMAGE}" = "true" ]; then + PUSH_OPTION=--push +fi +# shellcheck disable=SC2086 docker build \ --pull \ --no-cache \ @@ -23,9 +26,15 @@ docker build \ --build-arg "DEB_DEBUG_FILE=$DEB_DEBUG_FILE" \ --file "${DOCKERFILE}" \ --tag "savonet/liquidsoap-ci-build:${TAG}_${ARCHITECTURE}" \ - --push \ + ${PUSH_OPTION} \ . +if [ "${PUBLISH_DOCKER_IMAGE}" != "true" ]; then + exit 0 +fi + +docker login -u "$USER" -p "$PASSWORD" + docker pull "savonet/liquidsoap-ci-build:${TAG}_${ARCHITECTURE}" docker tag \ diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b3322b0370..2dce4353a0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,6 +31,7 @@ jobs: is_release: ${{ steps.build_details.outputs.is_release }} is_rolling_release: ${{ steps.build_details.outputs.is_rolling_release }} is_fork: ${{ steps.build_details.outputs.is_fork }} + publish_docker_image: ${{ steps.build_details.outputs.is_fork != 'true' && github.event_name != 'merge_group' }} build_os: ${{ steps.build_details.outputs.build_os }} build_platform: ${{ steps.build_details.outputs.build_platform }} build_include: ${{ steps.build_details.outputs.build_include }} @@ -615,7 +616,6 @@ jobs: build_docker: runs-on: ${{ matrix.runs-on }} needs: [build_details, build_posix, fetch_s3_artifacts] - if: needs.build_details.outputs.is_fork != 'true' && github.event_name != 'merge_group' strategy: fail-fast: false matrix: @@ -639,14 +639,17 @@ jobs: echo "deb-file=$(find artifacts/${{ needs.build_details.outputs.sha }} -type f | grep ${{ matrix.docker-debian-os }} | grep -v minimal | grep '${{ matrix.platform }}\.deb$' | grep dbgsym | grep deb)" >> "${GITHUB_OUTPUT}" id: debian_debug_package - name: Log in to the github registry + if: needs.build_details.outputs.publish_docker_image == 'true' run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin - name: Build docker image + env: + PUBLISH_DOCKER_IMAGE: ${{ needs.build_details.outputs.publish_docker_image }} run: .github/scripts/build-docker.sh ${{ steps.debian_package.outputs.deb-file }} ${{ steps.debian_debug_package.outputs.deb-file }} ${{ needs.build_details.outputs.branch }} ${{ secrets.DOCKERHUB_USER }} ${{ secrets.DOCKERHUB_PASSWORD }} ${{ matrix.platform }} build_docker_alpine: runs-on: ${{ matrix.runs-on }} - needs: [build_details, run_tests, build_posix, fetch_s3_artifacts] - if: needs.build_details.outputs.is_fork != 'true' && github.event_name != 'merge_group' + needs: [build_details, build_posix, fetch_s3_artifacts] + if: needs.build_details.outputs.is_fork != 'true' strategy: fail-fast: false matrix: @@ -668,12 +671,13 @@ jobs: - name: Log in to the github registry run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin - name: Build docker image + env: + PUBLISH_DOCKER_IMAGE: ${{ needs.build_details.outputs.publish_docker_image }} run: .github/scripts/build-docker-alpine.sh ${{ steps.alpine_package.outputs.apk-file }} ${{ needs.build_details.outputs.branch }} ${{ secrets.DOCKERHUB_USER }} ${{ secrets.DOCKERHUB_PASSWORD }} ${{ matrix.platform }} build_docker_minimal: runs-on: ${{ matrix.runs-on }} - needs: [build_details, run_tests, build_posix, fetch_s3_artifacts] - if: needs.build_details.outputs.is_fork != 'true' && github.event_name != 'merge_group' + needs: [build_details, build_posix, fetch_s3_artifacts] strategy: fail-fast: false matrix: @@ -697,14 +701,17 @@ jobs: echo "deb-file=$(find artifacts/${{ needs.build_details.outputs.sha }} -type f | grep ${{ matrix.docker-debian-os }} | grep minimal | grep '${{ matrix.platform }}\.deb$' | grep dbgsym | grep deb)" >> "${GITHUB_OUTPUT}" id: debian_debug_package - name: Log in to the github registry + if: needs.build_details.outputs.publish_docker_image == 'true' run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin - name: Build docker image + env: + PUBLISH_DOCKER_IMAGE: ${{ needs.build_details.outputs.publish_docker_image }} run: .github/scripts/build-docker.sh ${{ steps.debian_package.outputs.deb-file }} ${{ steps.debian_debug_package.outputs.deb-file }} ${{ needs.build_details.outputs.branch }}-minimal ${{ secrets.DOCKERHUB_USER }} ${{ secrets.DOCKERHUB_PASSWORD }} ${{ matrix.platform }} build_docker_alpine_minimal: runs-on: ${{ matrix.runs-on }} needs: [build_details, run_tests, build_posix, fetch_s3_artifacts] - if: needs.build_details.outputs.is_fork != 'true' && github.event_name != 'merge_group' + if: needs.build_details.outputs.is_fork != 'true' strategy: fail-fast: false matrix: @@ -730,6 +737,8 @@ jobs: - name: Log in to the github registry run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin - name: Build docker image + env: + PUBLISH_DOCKER_IMAGE: ${{ needs.build_details.outputs.publish_docker_image }} run: .github/scripts/build-docker-alpine.sh ${{ steps.alpine_package.outputs.apk-file }} ${{ steps.alpine_dbg_package.outputs.apk-file }} ${{ needs.build_details.outputs.branch }}-minimal ${{ secrets.DOCKERHUB_USER }} ${{ secrets.DOCKERHUB_PASSWORD }} ${{ matrix.platform }} build_docker_release: From 0654c76d74bdc896ada9163a99c9fe4c05bc9e76 Mon Sep 17 00:00:00 2001 From: Vito Date: Wed, 8 Jan 2025 04:56:35 +0000 Subject: [PATCH 3/4] refactor(ci): Use docker/login-action to log in to container registries --- .github/scripts/build-docker-alpine.sh | 19 ++------ .github/scripts/build-docker.sh | 23 ++------- .github/workflows/ci.yml | 66 +++++++++++++++++++++----- 3 files changed, 61 insertions(+), 47 deletions(-) diff --git a/.github/scripts/build-docker-alpine.sh b/.github/scripts/build-docker-alpine.sh index ca7b9eadd3..8aa226ca64 100755 --- a/.github/scripts/build-docker-alpine.sh +++ b/.github/scripts/build-docker-alpine.sh @@ -1,20 +1,11 @@ #!/bin/sh -set -e +set -eux APK_FILE="$1" TAG="$2" -USER="$3" -PASSWORD="$4" -ARCHITECTURE="$5" +ARCHITECTURE="$3" -cp "$APK_FILE" . - -if [ "${PUBLISH_DOCKER_IMAGE}" = "true" ]; then - PUSH_OPTION=--push -fi - -# shellcheck disable=SC2086 docker build \ --pull \ --no-cache \ @@ -22,19 +13,15 @@ docker build \ --build-arg "APK_FILE=$APK_FILE" \ --file .github/docker/alpine.dockerfile \ --tag "savonet/liquidsoap-ci-build:${TAG}_alpine_${ARCHITECTURE}" \ - ${PUSH_OPTION} \ . if [ "${PUBLISH_DOCKER_IMAGE}" != "true" ]; then exit 0 fi -docker login -u "$USER" -p "$PASSWORD" - -docker pull "savonet/liquidsoap-ci-build:${TAG}_alpine_${ARCHITECTURE}" - docker tag \ "savonet/liquidsoap-ci-build:${TAG}_alpine_${ARCHITECTURE}" \ "ghcr.io/savonet/liquidsoap-ci-build:${TAG}_alpine_${ARCHITECTURE}" +docker push "savonet/liquidsoap-ci-build:${TAG}_alpine_${ARCHITECTURE}" docker push "ghcr.io/savonet/liquidsoap-ci-build:${TAG}_alpine_${ARCHITECTURE}" diff --git a/.github/scripts/build-docker.sh b/.github/scripts/build-docker.sh index 323766ef48..e312c47f86 100755 --- a/.github/scripts/build-docker.sh +++ b/.github/scripts/build-docker.sh @@ -1,44 +1,29 @@ #!/bin/sh -set -e +set -eux DEB_FILE="$1" DEB_DEBUG_FILE="$2" TAG="$3" -USER="$4" -PASSWORD="$5" -ARCHITECTURE="$6" +ARCHITECTURE="$4" -cp "$DEB_FILE" "$DEB_DEBUG_FILE" . - -DOCKERFILE=.github/docker/debian.dockerfile - -if [ "${PUBLISH_DOCKER_IMAGE}" = "true" ]; then - PUSH_OPTION=--push -fi - -# shellcheck disable=SC2086 docker build \ --pull \ --no-cache \ --provenance false \ --build-arg "DEB_FILE=$DEB_FILE" \ --build-arg "DEB_DEBUG_FILE=$DEB_DEBUG_FILE" \ - --file "${DOCKERFILE}" \ + --file .github/docker/debian.dockerfile \ --tag "savonet/liquidsoap-ci-build:${TAG}_${ARCHITECTURE}" \ - ${PUSH_OPTION} \ . if [ "${PUBLISH_DOCKER_IMAGE}" != "true" ]; then exit 0 fi -docker login -u "$USER" -p "$PASSWORD" - -docker pull "savonet/liquidsoap-ci-build:${TAG}_${ARCHITECTURE}" - docker tag \ "savonet/liquidsoap-ci-build:${TAG}_${ARCHITECTURE}" \ "ghcr.io/savonet/liquidsoap-ci-build:${TAG}_${ARCHITECTURE}" +docker push "savonet/liquidsoap-ci-build:${TAG}_${ARCHITECTURE}" docker push "ghcr.io/savonet/liquidsoap-ci-build:${TAG}_${ARCHITECTURE}" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2dce4353a0..a1ff92e14e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -638,13 +638,23 @@ jobs: run: | echo "deb-file=$(find artifacts/${{ needs.build_details.outputs.sha }} -type f | grep ${{ matrix.docker-debian-os }} | grep -v minimal | grep '${{ matrix.platform }}\.deb$' | grep dbgsym | grep deb)" >> "${GITHUB_OUTPUT}" id: debian_debug_package - - name: Log in to the github registry + - name: Login to Docker Hub if: needs.build_details.outputs.publish_docker_image == 'true' - run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + - name: Login to GitHub Container Registry + if: needs.build_details.outputs.publish_docker_image == 'true' + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Build docker image env: PUBLISH_DOCKER_IMAGE: ${{ needs.build_details.outputs.publish_docker_image }} - run: .github/scripts/build-docker.sh ${{ steps.debian_package.outputs.deb-file }} ${{ steps.debian_debug_package.outputs.deb-file }} ${{ needs.build_details.outputs.branch }} ${{ secrets.DOCKERHUB_USER }} ${{ secrets.DOCKERHUB_PASSWORD }} ${{ matrix.platform }} + run: .github/scripts/build-docker.sh "${{ steps.debian_package.outputs.deb-file }}" "${{ steps.debian_debug_package.outputs.deb-file }}" "${{ needs.build_details.outputs.branch }}" "${{ matrix.platform }}" build_docker_alpine: runs-on: ${{ matrix.runs-on }} @@ -668,12 +678,23 @@ jobs: run: | echo "apk-file=$(find artifacts/${{ needs.build_details.outputs.sha }} -type f | grep -v minimal | grep 'apk$' | grep -v dbg | grep ${{ matrix.alpine-arch }})" >> "${GITHUB_OUTPUT}" id: alpine_package - - name: Log in to the github registry - run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin + - name: Login to Docker Hub + if: needs.build_details.outputs.publish_docker_image == 'true' + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + - name: Login to GitHub Container Registry + if: needs.build_details.outputs.publish_docker_image == 'true' + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Build docker image env: PUBLISH_DOCKER_IMAGE: ${{ needs.build_details.outputs.publish_docker_image }} - run: .github/scripts/build-docker-alpine.sh ${{ steps.alpine_package.outputs.apk-file }} ${{ needs.build_details.outputs.branch }} ${{ secrets.DOCKERHUB_USER }} ${{ secrets.DOCKERHUB_PASSWORD }} ${{ matrix.platform }} + run: .github/scripts/build-docker-alpine.sh "${{ steps.alpine_package.outputs.apk-file }}" "${{ needs.build_details.outputs.branch }}" "${{ matrix.platform }}" build_docker_minimal: runs-on: ${{ matrix.runs-on }} @@ -700,13 +721,23 @@ jobs: run: | echo "deb-file=$(find artifacts/${{ needs.build_details.outputs.sha }} -type f | grep ${{ matrix.docker-debian-os }} | grep minimal | grep '${{ matrix.platform }}\.deb$' | grep dbgsym | grep deb)" >> "${GITHUB_OUTPUT}" id: debian_debug_package - - name: Log in to the github registry + - name: Login to Docker Hub if: needs.build_details.outputs.publish_docker_image == 'true' - run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + - name: Login to GitHub Container Registry + if: needs.build_details.outputs.publish_docker_image == 'true' + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Build docker image env: PUBLISH_DOCKER_IMAGE: ${{ needs.build_details.outputs.publish_docker_image }} - run: .github/scripts/build-docker.sh ${{ steps.debian_package.outputs.deb-file }} ${{ steps.debian_debug_package.outputs.deb-file }} ${{ needs.build_details.outputs.branch }}-minimal ${{ secrets.DOCKERHUB_USER }} ${{ secrets.DOCKERHUB_PASSWORD }} ${{ matrix.platform }} + run: .github/scripts/build-docker.sh "${{ steps.debian_package.outputs.deb-file }}" "${{ steps.debian_debug_package.outputs.deb-file }}" "${{ needs.build_details.outputs.branch }}-minimal" "${{ matrix.platform }}" build_docker_alpine_minimal: runs-on: ${{ matrix.runs-on }} @@ -734,12 +765,23 @@ jobs: run: | echo "apk-file=$(find artifacts/${{ needs.build_details.outputs.sha }} -type f | grep minimal | grep 'apk$' | grep dbg | grep ${{ matrix.alpine-arch }})" >> "${GITHUB_OUTPUT}" id: alpine_dbg_package - - name: Log in to the github registry - run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin + - name: Login to Docker Hub + if: needs.build_details.outputs.publish_docker_image == 'true' + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + - name: Login to GitHub Container Registry + if: needs.build_details.outputs.publish_docker_image == 'true' + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Build docker image env: PUBLISH_DOCKER_IMAGE: ${{ needs.build_details.outputs.publish_docker_image }} - run: .github/scripts/build-docker-alpine.sh ${{ steps.alpine_package.outputs.apk-file }} ${{ steps.alpine_dbg_package.outputs.apk-file }} ${{ needs.build_details.outputs.branch }}-minimal ${{ secrets.DOCKERHUB_USER }} ${{ secrets.DOCKERHUB_PASSWORD }} ${{ matrix.platform }} + run: .github/scripts/build-docker-alpine.sh "${{ steps.alpine_package.outputs.apk-file }}" "${{ steps.alpine_dbg_package.outputs.apk-file }}" "${{ needs.build_details.outputs.branch }}-minimal" "${{ matrix.platform }}" build_docker_release: runs-on: ubuntu-latest From 6204a1ed1ed01e97d31dd294b97244c64a003825 Mon Sep 17 00:00:00 2001 From: Vito Date: Wed, 8 Jan 2025 07:00:10 +0000 Subject: [PATCH 4/4] refactor(ci): Use docker/build-push-action to build docker images Replace the build-docker.sh script with a GitHub action to standardize the ci workflow and reduce complexity. --- .github/scripts/build-docker-alpine.sh | 27 ---------- .github/scripts/build-docker.sh | 29 ----------- .github/workflows/ci.yml | 68 ++++++++++++++++++-------- 3 files changed, 47 insertions(+), 77 deletions(-) delete mode 100755 .github/scripts/build-docker-alpine.sh delete mode 100755 .github/scripts/build-docker.sh diff --git a/.github/scripts/build-docker-alpine.sh b/.github/scripts/build-docker-alpine.sh deleted file mode 100755 index 8aa226ca64..0000000000 --- a/.github/scripts/build-docker-alpine.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh - -set -eux - -APK_FILE="$1" -TAG="$2" -ARCHITECTURE="$3" - -docker build \ - --pull \ - --no-cache \ - --provenance false \ - --build-arg "APK_FILE=$APK_FILE" \ - --file .github/docker/alpine.dockerfile \ - --tag "savonet/liquidsoap-ci-build:${TAG}_alpine_${ARCHITECTURE}" \ - . - -if [ "${PUBLISH_DOCKER_IMAGE}" != "true" ]; then - exit 0 -fi - -docker tag \ - "savonet/liquidsoap-ci-build:${TAG}_alpine_${ARCHITECTURE}" \ - "ghcr.io/savonet/liquidsoap-ci-build:${TAG}_alpine_${ARCHITECTURE}" - -docker push "savonet/liquidsoap-ci-build:${TAG}_alpine_${ARCHITECTURE}" -docker push "ghcr.io/savonet/liquidsoap-ci-build:${TAG}_alpine_${ARCHITECTURE}" diff --git a/.github/scripts/build-docker.sh b/.github/scripts/build-docker.sh deleted file mode 100755 index e312c47f86..0000000000 --- a/.github/scripts/build-docker.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/sh - -set -eux - -DEB_FILE="$1" -DEB_DEBUG_FILE="$2" -TAG="$3" -ARCHITECTURE="$4" - -docker build \ - --pull \ - --no-cache \ - --provenance false \ - --build-arg "DEB_FILE=$DEB_FILE" \ - --build-arg "DEB_DEBUG_FILE=$DEB_DEBUG_FILE" \ - --file .github/docker/debian.dockerfile \ - --tag "savonet/liquidsoap-ci-build:${TAG}_${ARCHITECTURE}" \ - . - -if [ "${PUBLISH_DOCKER_IMAGE}" != "true" ]; then - exit 0 -fi - -docker tag \ - "savonet/liquidsoap-ci-build:${TAG}_${ARCHITECTURE}" \ - "ghcr.io/savonet/liquidsoap-ci-build:${TAG}_${ARCHITECTURE}" - -docker push "savonet/liquidsoap-ci-build:${TAG}_${ARCHITECTURE}" -docker push "ghcr.io/savonet/liquidsoap-ci-build:${TAG}_${ARCHITECTURE}" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a1ff92e14e..18f65bb9df 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -651,10 +651,18 @@ jobs: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Build docker image - env: - PUBLISH_DOCKER_IMAGE: ${{ needs.build_details.outputs.publish_docker_image }} - run: .github/scripts/build-docker.sh "${{ steps.debian_package.outputs.deb-file }}" "${{ steps.debian_debug_package.outputs.deb-file }}" "${{ needs.build_details.outputs.branch }}" "${{ matrix.platform }}" + - name: Build and push docker image + uses: docker/build-push-action@v6 + with: + build-args: | + "DEB_FILE=${{ steps.debian_package.outputs.deb-file }}" + "DEB_DEBUG_FILE=${{ steps.debian_debug_package.outputs.deb-file }}" + context: . + file: .github/docker/debian.dockerfile + tags: | + "savonet/liquidsoap-ci-build:${{ needs.build_details.outputs.branch }}_${{ matrix.platform }}" + "ghcr.io/savonet/liquidsoap-ci-build:${{ needs.build_details.outputs.branch }}_${{ matrix.platform }}" + push: ${{ needs.build_details.outputs.publish_docker_image }} build_docker_alpine: runs-on: ${{ matrix.runs-on }} @@ -691,10 +699,17 @@ jobs: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Build docker image - env: - PUBLISH_DOCKER_IMAGE: ${{ needs.build_details.outputs.publish_docker_image }} - run: .github/scripts/build-docker-alpine.sh "${{ steps.alpine_package.outputs.apk-file }}" "${{ needs.build_details.outputs.branch }}" "${{ matrix.platform }}" + - name: Build and push docker image + uses: docker/build-push-action@v6 + with: + build-args: | + "APK_FILE=${{ steps.alpine_package.outputs.apk-file }}" + context: . + file: .github/docker/alpine.dockerfile + tags: | + "savonet/liquidsoap-ci-build:${{ needs.build_details.outputs.branch }}_alpine_${{ matrix.platform }}" + "ghcr.io/savonet/liquidsoap-ci-build:${{ needs.build_details.outputs.branch }}_alpine_${{ matrix.platform }}" + push: ${{ needs.build_details.outputs.publish_docker_image }} build_docker_minimal: runs-on: ${{ matrix.runs-on }} @@ -734,14 +749,22 @@ jobs: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Build docker image - env: - PUBLISH_DOCKER_IMAGE: ${{ needs.build_details.outputs.publish_docker_image }} - run: .github/scripts/build-docker.sh "${{ steps.debian_package.outputs.deb-file }}" "${{ steps.debian_debug_package.outputs.deb-file }}" "${{ needs.build_details.outputs.branch }}-minimal" "${{ matrix.platform }}" + - name: Build and push docker image + uses: docker/build-push-action@v6 + with: + build-args: | + "DEB_FILE=${{ steps.debian_package.outputs.deb-file }}" + "DEB_DEBUG_FILE=${{ steps.debian_debug_package.outputs.deb-file }}" + context: . + file: .github/docker/debian.dockerfile + tags: | + "savonet/liquidsoap-ci-build:${{ needs.build_details.outputs.branch }}-minimal_${{ matrix.platform }}" + "ghcr.io/savonet/liquidsoap-ci-build:${{ needs.build_details.outputs.branch }}-minimal_${{ matrix.platform }}" + push: ${{ needs.build_details.outputs.publish_docker_image }} build_docker_alpine_minimal: runs-on: ${{ matrix.runs-on }} - needs: [build_details, run_tests, build_posix, fetch_s3_artifacts] + needs: [build_details, build_posix, fetch_s3_artifacts] if: needs.build_details.outputs.is_fork != 'true' strategy: fail-fast: false @@ -761,10 +784,6 @@ jobs: run: | echo "apk-file=$(find artifacts/${{ needs.build_details.outputs.sha }} -type f | grep minimal | grep 'apk$' | grep -v dbg | grep ${{ matrix.alpine-arch }})" >> "${GITHUB_OUTPUT}" id: alpine_package - - name: Get alpine debug package - run: | - echo "apk-file=$(find artifacts/${{ needs.build_details.outputs.sha }} -type f | grep minimal | grep 'apk$' | grep dbg | grep ${{ matrix.alpine-arch }})" >> "${GITHUB_OUTPUT}" - id: alpine_dbg_package - name: Login to Docker Hub if: needs.build_details.outputs.publish_docker_image == 'true' uses: docker/login-action@v3 @@ -778,10 +797,17 @@ jobs: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Build docker image - env: - PUBLISH_DOCKER_IMAGE: ${{ needs.build_details.outputs.publish_docker_image }} - run: .github/scripts/build-docker-alpine.sh "${{ steps.alpine_package.outputs.apk-file }}" "${{ steps.alpine_dbg_package.outputs.apk-file }}" "${{ needs.build_details.outputs.branch }}-minimal" "${{ matrix.platform }}" + - name: Build and push docker image + uses: docker/build-push-action@v6 + with: + build-args: | + "APK_FILE=${{ steps.alpine_package.outputs.apk-file }}" + context: . + file: .github/docker/alpine.dockerfile + tags: | + "savonet/liquidsoap-ci-build:${{ needs.build_details.outputs.branch }}-minimal_alpine_${{ matrix.platform }}" + "ghcr.io/savonet/liquidsoap-ci-build:${{ needs.build_details.outputs.branch }}-minimal_alpine_${{ matrix.platform }}" + push: ${{ needs.build_details.outputs.publish_docker_image }} build_docker_release: runs-on: ubuntu-latest