diff --git a/.github/workflows/.e2e-run.yml b/.github/workflows/.e2e-run.yml deleted file mode 100644 index c775250..0000000 --- a/.github/workflows/.e2e-run.yml +++ /dev/null @@ -1,134 +0,0 @@ -# reusable workflow -name: .e2e-run - -on: - workflow_call: - inputs: - id: - required: false - type: string - type: - required: true - type: string - name: - required: true - type: string - registry: - required: false - type: string - slug: - required: false - type: string - username_secret: - required: false - type: string - password_secret: - required: false - type: string - -env: - HARBOR_VERSION: v2.7.0 - NEXUS_VERSION: 3.47.1 - DISTRIBUTION_VERSION: 2.8.1 - -jobs: - run: - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - include: - - - buildx_version: edge - buildkit_image: moby/buildkit:latest - - - buildx_version: latest - buildkit_image: moby/buildkit:buildx-stable-1 - - - buildx_version: https://github.com/docker/buildx.git#master - buildkit_image: moby/buildkit:master - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up env - if: inputs.type == 'local' - run: | - cat ./.github/e2e/${{ inputs.id }}/env >> $GITHUB_ENV - - - name: Set up BuildKit config - run: | - touch /tmp/buildkitd.toml - if [ "${{ inputs.type }}" = "local" ]; then - echo -e "[registry.\"${{ env.REGISTRY_FQDN }}\"]\nhttp = true\ninsecure = true" > /tmp/buildkitd.toml - fi - - - name: Set up Docker daemon - if: inputs.type == 'local' - run: | - if [ ! -e /etc/docker/daemon.json ]; then - echo '{}' | sudo tee /etc/docker/daemon.json >/dev/null - fi - DOCKERD_CONFIG=$(jq '.+{"insecure-registries":["http://${{ env.REGISTRY_FQDN }}"]}' /etc/docker/daemon.json) - sudo tee /etc/docker/daemon.json <<<"$DOCKERD_CONFIG" >/dev/null - cat /etc/docker/daemon.json - sudo service docker restart - - - name: Install ${{ inputs.name }} - if: inputs.type == 'local' - run: | - sudo -E bash ./.github/e2e/${{ inputs.id }}/install.sh - sudo chown $(id -u):$(id -g) -R ~/.docker - - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ env.REGISTRY_SLUG || inputs.slug }} - tags: | - type=ref,event=branch,enable=${{ matrix.buildx_version == 'latest' && matrix.buildkit_image == 'moby/buildkit:buildx-stable-1' }} - type=ref,event=tag,enable=${{ matrix.buildx_version == 'latest' && matrix.buildkit_image == 'moby/buildkit:buildx-stable-1' }} - type=raw,gh-runid-${{ github.run_id }} - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ matrix.buildx_version }} - buildkitd-config: /tmp/buildkitd.toml - buildkitd-flags: --debug --allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host - driver-opts: | - image=${{ matrix.buildkit_image }} - network=host - - - name: Login to Registry - if: github.event_name != 'pull_request' && (env.REGISTRY_USER || inputs.username_secret) != '' - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY_FQDN || inputs.registry }} - username: ${{ env.REGISTRY_USER || secrets[inputs.username_secret] }} - password: ${{ env.REGISTRY_PASSWORD || secrets[inputs.password_secret] }} - - - name: Build and push - uses: ./ - with: - context: ./test - file: ./test/multi.Dockerfile - platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=registry,ref=${{ env.REGISTRY_SLUG || inputs.slug }}:master - cache-to: type=inline - - - name: Inspect image - run: | - docker pull ${{ env.REGISTRY_SLUG || inputs.slug }}:${{ steps.meta.outputs.version }} - docker image inspect ${{ env.REGISTRY_SLUG || inputs.slug }}:${{ steps.meta.outputs.version }} - - - name: Check manifest - run: | - docker buildx imagetools inspect ${{ env.REGISTRY_SLUG || inputs.slug }}:${{ steps.meta.outputs.version }} --format '{{json .}}' diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml deleted file mode 100644 index e05b957..0000000 --- a/.github/workflows/ci.yml +++ /dev/null @@ -1,1596 +0,0 @@ -name: ci - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -on: - workflow_dispatch: - inputs: - buildx-version: - description: 'Buildx version or Git context' - default: 'latest' - required: false - buildkit-image: - description: 'BuildKit image' - default: 'moby/buildkit:buildx-stable-1' - required: false - schedule: - - cron: '0 10 * * *' - push: - branches: - - 'master' - - 'releases/v*' - pull_request: - -env: - BUILDX_VERSION: edge - BUILDKIT_IMAGE: moby/buildkit:latest - -jobs: - minimal: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v4 - with: - path: action - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - - - name: Build - uses: ./action - with: - file: ./test/Dockerfile - - git-context: - runs-on: ubuntu-latest - services: - registry: - image: registry:2 - ports: - - 5000:5000 - steps: - - - name: Checkout - uses: actions/checkout@v4 - with: - path: action - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - network=host - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - - - name: Build and push - id: docker_build - uses: ./action - with: - file: ./test/Dockerfile - builder: ${{ steps.buildx.outputs.name }} - platforms: linux/amd64,linux/arm64 - push: true - tags: | - localhost:5000/name/app:latest - localhost:5000/name/app:1.0.0 - - - name: Inspect - run: | - docker buildx imagetools inspect localhost:5000/name/app:1.0.0 --format '{{json .}}' - - - name: Check digest - run: | - if [ -z "${{ steps.docker_build.outputs.digest }}" ]; then - echo "::error::Digest should not be empty" - exit 1 - fi - - git-context-secret: - runs-on: ubuntu-latest - services: - registry: - image: registry:2 - ports: - - 5000:5000 - steps: - - - name: Checkout - uses: actions/checkout@v4 - with: - path: action - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - network=host - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - - - name: Build and push - id: docker_build - uses: ./action - with: - file: ./test/Dockerfile - builder: ${{ steps.buildx.outputs.name }} - platforms: linux/amd64,linux/arm64 - push: true - tags: | - localhost:5000/name/app:latest - localhost:5000/name/app:1.0.0 - secrets: | - GIT_AUTH_TOKEN=${{ github.token }} - "MYSECRET=aaaaaaaa - bbbbbbb - ccccccccc" - FOO=bar - "EMPTYLINE=aaaa - - bbbb - ccc" - - - name: Inspect - run: | - docker buildx imagetools inspect localhost:5000/name/app:1.0.0 --format '{{json .}}' - - - name: Check digest - run: | - if [ -z "${{ steps.docker_build.outputs.digest }}" ]; then - echo "::error::Digest should not be empty" - exit 1 - fi - - path-context: - runs-on: ubuntu-latest - services: - registry: - image: registry:2 - ports: - - 5000:5000 - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - network=host - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - - - name: Build and push - id: docker_build - uses: ./ - with: - context: ./test - file: ./test/Dockerfile - builder: ${{ steps.buildx.outputs.name }} - push: true - tags: | - localhost:5000/name/app:latest - localhost:5000/name/app:1.0.0 - - - name: Inspect - run: | - docker buildx imagetools inspect localhost:5000/name/app:1.0.0 --format '{{json .}}' - - - name: Check digest - run: | - if [ -z "${{ steps.docker_build.outputs.digest }}" ]; then - echo "::error::Digest should not be empty" - exit 1 - fi - - example: - runs-on: ubuntu-latest - env: - DOCKER_IMAGE: localhost:5000/name/app - services: - registry: - image: registry:2 - ports: - - 5000:5000 - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ env.DOCKER_IMAGE }} - tags: | - type=schedule - type=ref,event=branch - type=ref,event=pr - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{major}} - type=sha - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - network=host - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - - - name: Build and export to Docker client - uses: ./ - with: - context: ./test - file: ./test/Dockerfile - load: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - - - name: Build and push to local registry - uses: ./ - with: - context: ./test - file: ./test/Dockerfile - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - - - name: Inspect image - run: | - docker image inspect ${{ env.DOCKER_IMAGE }}:${{ steps.meta.outputs.version }} - - - name: Check manifest - if: github.event_name != 'pull_request' - run: | - docker buildx imagetools inspect ${{ env.DOCKER_IMAGE }}:${{ steps.meta.outputs.version }} --format '{{json .}}' - - error: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Stop docker - run: | - sudo systemctl stop docker docker.socket - - - name: Build - id: docker_build - continue-on-error: true - uses: ./ - with: - context: ./test - file: ./test/Dockerfile - - - name: Check - run: | - if [ "${{ steps.docker_build.outcome }}" != "failure" ] || [ "${{ steps.docker_build.conclusion }}" != "success" ]; then - echo "::error::Should have failed" - exit 1 - fi - - error-buildx: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - - - name: Build - id: docker_build - continue-on-error: true - uses: ./ - with: - context: ./test - file: ./test/Dockerfile - platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x - push: true - tags: localhost:5000/name/app:latest - - - name: Check - run: | - if [ "${{ steps.docker_build.outcome }}" != "failure" ] || [ "${{ steps.docker_build.conclusion }}" != "success" ]; then - echo "::error::Should have failed" - exit 1 - fi - - docker-driver: - runs-on: ubuntu-latest - services: - registry: - image: registry:2 - ports: - - 5000:5000 - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Build - id: docker_build - uses: ./ - with: - context: ./test - file: ./test/Dockerfile - push: true - tags: localhost:5000/name/app:latest - - export-docker: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Build - uses: ./ - with: - context: ./test - file: ./test/Dockerfile - load: true - tags: myimage:latest - - - name: Inspect - run: | - docker image inspect myimage:latest - - secret: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - - - name: Build - uses: ./ - with: - context: . - file: ./test/secret.Dockerfile - secrets: | - MYSECRET=foo - INVALID_SECRET= - - secret-envs: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up Docker buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - - - name: Build - uses: ./ - env: - ENV_SECRET: foo - with: - context: . - file: ./test/secret.Dockerfile - secret-envs: | - MYSECRET=ENV_SECRET - INVALID_SECRET= - - network: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - - - name: List networks - run: docker network ls - - - name: Build - uses: ./ - with: - context: ./test - tags: name/app:latest - network: host - - shm-size: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - - - name: Build - uses: ./ - with: - context: ./test - file: ./test/shmsize.Dockerfile - tags: name/app:latest - shm-size: 2g - - ulimit: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - network=host - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - - - name: Build - uses: ./ - with: - context: ./test - file: ./test/ulimit.Dockerfile - tags: name/app:latest - ulimit: | - nofile=1024:1024 - nproc=3 - - cgroup-parent: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - network=host - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - - - name: Build - uses: ./ - with: - context: ./test - file: ./test/cgroup.Dockerfile - tags: name/app:latest - cgroup-parent: foo - - add-hosts: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - network=host - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - - - name: Build - uses: ./ - with: - context: ./test - file: ./test/addhost.Dockerfile - tags: name/app:latest - add-hosts: | - docker:10.180.0.1 - foo:10.0.0.1 - - no-cache-filters: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - - - name: Build - uses: ./ - with: - context: ./test - file: ./test/nocachefilter.Dockerfile - no-cache-filters: build - tags: name/app:latest - cache-from: type=gha,scope=nocachefilter - cache-to: type=gha,scope=nocachefilter,mode=max - - attests-compat: - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - include: - - buildx: edge - buildkit: moby/buildkit:latest - - buildx: latest - buildkit: moby/buildkit:buildx-stable-1 - - buildx: latest - buildkit: moby/buildkit:v0.10.6 - - buildx: v0.9.1 - buildkit: moby/buildkit:buildx-stable-1 - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ matrix.buildx }} - driver-opts: | - network=host - image=${{ matrix.buildkit }} - - - name: Build - uses: ./ - with: - context: ./test/go - file: ./test/go/Dockerfile - outputs: type=cacheonly - - provenance: - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - include: - - target: image - output: type=image,name=localhost:5000/name/app:latest,push=true - attr: mode=max - - target: image - output: type=image,name=localhost:5000/name/app:latest,push=true - attr: '' - - target: binary - output: /tmp/buildx-build - attr: mode=max - - target: binary - output: /tmp/buildx-build - attr: '' - services: - registry: - image: registry:2 - ports: - - 5000:5000 - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - network=host - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - - - name: Build - uses: ./ - with: - context: ./test/go - file: ./test/go/Dockerfile - target: ${{ matrix.target }} - outputs: ${{ matrix.output }} - provenance: ${{ matrix.attr }} - - - name: Inspect Provenance - if: matrix.target == 'image' - run: | - docker buildx imagetools inspect localhost:5000/name/app:latest --format '{{json .Provenance}}' - - - name: Check output folder - if: matrix.target == 'binary' - run: | - tree /tmp/buildx-build - - - name: Print local Provenance - if: matrix.target == 'binary' - run: | - cat /tmp/buildx-build/provenance.json | jq - - sbom: - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - include: - - target: image - output: type=image,name=localhost:5000/name/app:latest,push=true - - target: binary - output: /tmp/buildx-build - services: - registry: - image: registry:2 - ports: - - 5000:5000 - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - network=host - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - - - name: Build - uses: ./ - with: - context: ./test/go - file: ./test/go/Dockerfile - target: ${{ matrix.target }} - outputs: ${{ matrix.output }} - sbom: true - cache-from: type=gha,scope=attests-${{ matrix.target }} - cache-to: type=gha,scope=attests-${{ matrix.target }},mode=max - - - name: Inspect SBOM - if: matrix.target == 'image' - run: | - docker buildx imagetools inspect localhost:5000/name/app:latest --format '{{json .SBOM}}' - - - name: Check output folder - if: matrix.target == 'binary' - run: | - tree /tmp/buildx-build - - - name: Print local SBOM - if: matrix.target == 'binary' - run: | - cat /tmp/buildx-build/sbom.spdx.json | jq - - multi: - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - dockerfile: - - multi - - multi-sudo - services: - registry: - image: registry:2 - ports: - - 5000:5000 - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - network=host - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - - - name: Build and push - id: docker_build - uses: ./ - with: - context: ./test - file: ./test/${{ matrix.dockerfile }}.Dockerfile - builder: ${{ steps.buildx.outputs.name }} - platforms: linux/amd64,linux/arm64 - push: true - tags: | - localhost:5000/name/app:latest - localhost:5000/name/app:1.0.0 - - - name: Inspect - run: | - docker buildx imagetools inspect localhost:5000/name/app:1.0.0 --format '{{json .}}' - - - name: Check digest - run: | - if [ -z "${{ steps.docker_build.outputs.digest }}" ]; then - echo "::error::Digest should not be empty" - exit 1 - fi - - digest: - runs-on: ubuntu-latest - env: - DOCKER_IMAGE: localhost:5000/name/app - strategy: - fail-fast: false - matrix: - driver: - - docker - - docker-container - load: - - true - - false - push: - - true - - false - exclude: - - driver: docker - load: true - push: true - - driver: docker-container - load: true - push: true - services: - registry: - image: registry:2 - ports: - - 5000:5000 - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver: ${{ matrix.driver }} - driver-opts: | - network=host - - - name: Build - id: docker_build - uses: ./ - with: - context: ./test - load: ${{ matrix.load }} - push: ${{ matrix.push }} - tags: ${{ env.DOCKER_IMAGE }}:latest - platforms: ${{ matrix.platforms }} - - - name: Docker images - run: | - docker image ls --no-trunc - - - name: Check digest - run: | - if [[ "${{ matrix.driver }}" = "docker-container" ]] && [[ "${{ matrix.load }}" = "false" ]] && [[ "${{ matrix.push }}" = "false" ]]; then - if [ -n "${{ steps.docker_build.outputs.digest }}" ]; then - echo "::error::Digest should be empty" - exit 1 - fi - elif [[ "${{ matrix.push }}" = "true" ]] && [[ -z "${{ steps.docker_build.outputs.digest }}" ]]; then - echo "::error::Digest should not be empty" - exit 1 - fi - - - name: Check manifest - if: ${{ matrix.push }} - run: | - set -x - docker buildx imagetools inspect ${{ env.DOCKER_IMAGE }}@${{ steps.docker_build.outputs.digest }} --format '{{json .}}' - - - name: Check image ID - run: | - if [[ "${{ matrix.driver }}" = "docker-container" ]] && [[ "${{ matrix.load }}" = "false" ]] && [[ "${{ matrix.push }}" = "false" ]]; then - if [ -n "${{ steps.docker_build.outputs.imageid }}" ]; then - echo "::error::Image ID should be empty" - exit 1 - fi - elif [ -z "${{ steps.docker_build.outputs.imageid }}" ]; then - echo "::error::Image ID should not be empty" - exit 1 - fi - - - name: Inspect image - if: ${{ matrix.load }} - run: | - set -x - docker image inspect ${{ steps.docker_build.outputs.imageid }} - - registry-cache: - runs-on: ubuntu-latest - services: - registry: - image: registry:2 - ports: - - 5000:5000 - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - network=host - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - - - name: Build and push - id: docker_build - uses: ./ - with: - context: ./test - file: ./test/multi.Dockerfile - builder: ${{ steps.buildx.outputs.name }} - platforms: linux/amd64,linux/arm64 - push: true - tags: | - localhost:5000/name/app:latest - localhost:5000/name/app:1.0.0 - cache-from: type=registry,ref=localhost:5000/name/app - cache-to: type=inline - - - name: Inspect - run: | - docker buildx imagetools inspect localhost:5000/name/app:latest --format '{{json .}}' - - - name: Check digest - run: | - if [ -z "${{ steps.docker_build.outputs.digest }}" ]; then - echo "::error::Digest should not be empty" - exit 1 - fi - - github-cache: - runs-on: ubuntu-latest - services: - registry: - image: registry:2 - ports: - - 5000:5000 - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - network=host - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - buildkitd-flags: --debug - - - name: Build and push - uses: ./ - with: - context: ./test - file: ./test/multi.Dockerfile - platforms: linux/amd64,linux/arm64 - push: true - tags: | - localhost:5000/name/app:latest - localhost:5000/name/app:1.0.0 - cache-from: type=gha,scope=ci-${{ matrix.buildx_version }} - cache-to: type=gha,scope=ci-${{ matrix.buildx_version }} - - - name: Inspect - run: | - docker buildx imagetools inspect localhost:5000/name/app:1.0.0 --format '{{json .}}' - - local-cache: - runs-on: ubuntu-latest - services: - registry: - image: registry:2 - ports: - - 5000:5000 - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - network=host - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - buildkitd-flags: --debug - - - name: Cache Build - uses: actions/cache@v4 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-local-test-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-local-test- - - - name: Build and push - uses: ./ - with: - context: ./test - file: ./test/multi.Dockerfile - platforms: linux/amd64,linux/arm64 - push: true - tags: | - localhost:5000/name/app:latest - localhost:5000/name/app:1.0.0 - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache-new - - - name: Inspect - run: | - docker buildx imagetools inspect localhost:5000/name/app:1.0.0 --format '{{json .}}' - - - # Temp fix - # https://github.com/docker/build-push-action/issues/252 - # https://github.com/moby/buildkit/issues/1896 - name: Move cache - run: | - rm -rf /tmp/.buildx-cache - mv /tmp/.buildx-cache-new /tmp/.buildx-cache - - standalone: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Uninstall docker cli - run: | - if dpkg -s "docker-ce" >/dev/null 2>&1; then - sudo dpkg -r --force-depends docker-ce-cli docker-buildx-plugin - else - sudo apt-get purge -y moby-cli moby-buildx - fi - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - network=host - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - - - name: Build - uses: ./ - with: - context: ./test - file: ./test/Dockerfile - - named-context-pin: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - - - name: Build base image - uses: ./ - with: - context: ./test - file: ./test/named-context.Dockerfile - build-contexts: | - alpine=docker-image://alpine:edge - - named-context-docker: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver: docker - - - name: Build base image - uses: ./ - with: - context: ./test - file: ./test/named-context-base.Dockerfile - load: true - tags: my-base-image:local - - - name: Build - uses: ./ - with: - context: ./test - file: ./test/named-context.Dockerfile - build-contexts: | - base=docker-image://my-base-image:local - - named-context-container: - runs-on: ubuntu-latest - services: - registry: - image: registry:2 - ports: - - 5000:5000 - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - network=host - - - name: Build base image - uses: ./ - with: - context: ./test - file: ./test/named-context-base.Dockerfile - tags: localhost:5000/my-base-image:latest - push: true - - - name: Build - uses: ./ - with: - context: ./test - file: ./test/named-context.Dockerfile - build-contexts: | - alpine=docker-image://localhost:5000/my-base-image:latest - - docker-config-malformed: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Set malformed docker config - run: | - mkdir -p ~/.docker - echo 'foo_bar' >> ~/.docker/config.json - - - name: Build - uses: ./ - with: - context: ./test - - proxy-docker-config: - runs-on: ubuntu-latest - services: - squid-proxy: - image: ubuntu/squid:latest - ports: - - 3128:3128 - steps: - - - name: Check proxy - run: | - netstat -aptn - curl --retry 5 --retry-all-errors --retry-delay 0 --connect-timeout 5 --proxy http://127.0.0.1:3128 -v --insecure --head https://www.google.com - - - name: Checkout - uses: actions/checkout@v4 - - - name: Set proxy config - run: | - mkdir -p ~/.docker - echo '{"proxies":{"default":{"httpProxy":"http://127.0.0.1:3128","httpsProxy":"http://127.0.0.1:3128"}}}' > ~/.docker/config.json - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - network=host - buildkitd-flags: --debug - - - name: Build - uses: ./ - with: - context: ./test - file: ./test/proxy.Dockerfile - - proxy-buildkitd: - runs-on: ubuntu-latest - services: - squid-proxy: - image: ubuntu/squid:latest - ports: - - 3128:3128 - steps: - - - name: Check proxy - run: | - netstat -aptn - curl --retry 5 --retry-all-errors --retry-delay 0 --connect-timeout 5 --proxy http://127.0.0.1:3128 -v --insecure --head https://www.google.com - - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - network=host - env.http_proxy=http://127.0.0.1:3128 - env.https_proxy=http://127.0.0.1:3128 - buildkitd-flags: --debug - - - name: Build - uses: ./ - with: - context: ./test - file: ./test/Dockerfile - - annotations: - runs-on: ubuntu-latest - env: - DOCKER_IMAGE: localhost:5000/name/app - services: - registry: - image: registry:2 - ports: - - 5000:5000 - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ env.DOCKER_IMAGE }} - tags: | - type=schedule - type=ref,event=branch - type=ref,event=pr - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{major}} - type=sha - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - network=host - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - - - name: Build and push to local registry - uses: ./ - with: - context: ./test - file: ./test/Dockerfile - push: true - tags: ${{ steps.meta.outputs.tags }} - annotations: | - index:com.example.key=value - index:com.example.key2=value2 - manifest:com.example.key3=value3 - - - name: Check manifest - run: | - docker buildx imagetools inspect ${{ env.DOCKER_IMAGE }}:${{ steps.meta.outputs.version }} --format '{{json .}}' - - multi-output: - runs-on: ubuntu-latest - services: - registry: - image: registry:2 - ports: - - 5000:5000 - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - network=host - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - buildkitd-flags: --debug - - - name: Build - uses: ./ - with: - context: ./test - file: ./test/Dockerfile - outputs: | - type=image,name=localhost:5000/name/app:latest,push=true - type=docker,name=app:local - type=oci,dest=/tmp/oci.tar - - - name: Check registry - run: | - docker buildx imagetools inspect localhost:5000/name/app:latest --format '{{json .}}' - - - name: Check docker - run: | - docker image inspect app:local - - - name: Check oci - run: | - set -ex - mkdir -p /tmp/oci-out - tar xf /tmp/oci.tar -C /tmp/oci-out - tree -nh /tmp/oci-out - - load-and-push: - runs-on: ubuntu-latest - services: - registry: - image: registry:2 - ports: - - 5000:5000 - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - network=host - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - buildkitd-flags: --debug - - - name: Build - uses: ./ - with: - context: ./test - file: ./test/Dockerfile - load: true - push: true - tags: localhost:5000/name/app:latest - - - name: Check registry - run: | - docker buildx imagetools inspect localhost:5000/name/app:latest --format '{{json .}}' - - - name: Check docker - run: | - docker image inspect localhost:5000/name/app:latest - - summary-disable: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v4 - with: - path: action - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - - - name: Build - uses: ./action - with: - file: ./test/Dockerfile - env: - DOCKER_BUILD_SUMMARY: false - - summary-disable-deprecated: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v4 - with: - path: action - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - - - name: Build - uses: ./action - with: - file: ./test/Dockerfile - env: - DOCKER_BUILD_NO_SUMMARY: true - - summary-not-supported: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v4 - with: - path: action - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: v0.12.1 - driver-opts: | - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - - - name: Build - uses: ./action - with: - file: ./test/Dockerfile - - record-upload-disable: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v4 - with: - path: action - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - - - name: Build - uses: ./action - with: - file: ./test/Dockerfile - env: - DOCKER_BUILD_RECORD_UPLOAD: false - - record-retention-days: - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - days: - - 2 - - 0 - steps: - - - name: Checkout - uses: actions/checkout@v4 - with: - path: action - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - - - name: Build - uses: ./action - with: - file: ./test/Dockerfile - env: - DOCKER_BUILD_RECORD_RETENTION_DAYS: ${{ matrix.days }} - - export-legacy: - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - legacy: - - false - - true - steps: - - - name: Checkout - uses: actions/checkout@v4 - with: - path: action - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - - - name: Build - uses: ./action - with: - file: ./test/Dockerfile - env: - DOCKER_BUILD_EXPORT_LEGACY: ${{ matrix.legacy }} - - checks: - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - buildx-version: - - edge - - latest - - v0.14.1 - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ matrix.buildx-version }} - driver-opts: | - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - - - name: Build - uses: ./ - with: - context: ./test - file: ./test/lint.Dockerfile - - annotations-disabled: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - - - name: Build - uses: ./ - with: - context: ./test - file: ./test/lint.Dockerfile - env: - DOCKER_BUILD_CHECKS_ANNOTATIONS: false - - call-check: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - - - name: Build - id: docker_build - continue-on-error: true - uses: ./ - with: - context: ./test - file: ./test/lint.Dockerfile - call: check - - - name: Check - run: | - if [ "${{ steps.docker_build.outcome }}" != "failure" ] || [ "${{ steps.docker_build.conclusion }}" != "success" ]; then - echo "::error::Should have failed" - exit 1 - fi - - no-default-attestations: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v4 - with: - path: action - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} - driver-opts: | - image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} - - - name: Build - uses: ./action - with: - file: ./test/Dockerfile - env: - BUILDX_NO_DEFAULT_ATTESTATIONS: 1 diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml deleted file mode 100644 index 9e03d50..0000000 --- a/.github/workflows/e2e.yml +++ /dev/null @@ -1,107 +0,0 @@ -name: e2e - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -on: - workflow_dispatch: - schedule: - - cron: '0 10 * * *' - push: - branches: - - 'master' - tags: - - 'v*' - -jobs: - build: - uses: ./.github/workflows/.e2e-run.yml - strategy: - fail-fast: false - matrix: - include: - - - name: Distribution - id: distribution - type: local - - - name: Docker Hub - registry: '' - slug: ghactionstest/ghactionstest - username_secret: DOCKERHUB_USERNAME - password_secret: DOCKERHUB_TOKEN - type: remote - - - name: GitHub - registry: ghcr.io - slug: ghcr.io/docker-ghactiontest/test - username_secret: GHCR_USERNAME - password_secret: GHCR_PAT - type: remote - - - name: GitLab - registry: registry.gitlab.com - slug: registry.gitlab.com/test1716/test - username_secret: GITLAB_USERNAME - password_secret: GITLAB_TOKEN - type: remote - - - name: AWS ECR - registry: 175142243308.dkr.ecr.us-east-2.amazonaws.com - slug: 175142243308.dkr.ecr.us-east-2.amazonaws.com/sandbox/test-docker-action - username_secret: AWS_ACCESS_KEY_ID - password_secret: AWS_SECRET_ACCESS_KEY - type: remote - - - name: AWS ECR Public - registry: public.ecr.aws - slug: public.ecr.aws/q3b5f1u4/test-docker-action - username_secret: AWS_ACCESS_KEY_ID - password_secret: AWS_SECRET_ACCESS_KEY - type: remote - - - name: Google Artifact Registry - registry: us-east4-docker.pkg.dev - slug: us-east4-docker.pkg.dev/sandbox-298914/docker-official-github-actions/test-docker-action - username_secret: GAR_USERNAME - password_secret: GAR_JSON_KEY - type: remote - - - name: Azure Container Registry - registry: officialgithubactions.azurecr.io - slug: officialgithubactions.azurecr.io/test-docker-action - username_secret: AZURE_CLIENT_ID - password_secret: AZURE_CLIENT_SECRET - type: remote - - - name: Quay - registry: quay.io - slug: quay.io/docker_build_team/ghactiontest - username_secret: QUAY_USERNAME - password_secret: QUAY_TOKEN - type: remote - - - name: Artifactory - registry: infradock.jfrog.io - slug: infradock.jfrog.io/test-ghaction/build-push-action - username_secret: ARTIFACTORY_USERNAME - password_secret: ARTIFACTORY_TOKEN - type: remote - - - name: Harbor - id: harbor - type: local - - - name: Nexus - id: nexus - type: local - with: - id: ${{ matrix.id }} - type: ${{ matrix.type }} - name: ${{ matrix.name }} - registry: ${{ matrix.registry }} - slug: ${{ matrix.slug }} - username_secret: ${{ matrix.username_secret }} - password_secret: ${{ matrix.password_secret }} - secrets: inherit diff --git a/.github/workflows/pr-assign-author.yml b/.github/workflows/pr-assign-author.yml deleted file mode 100644 index f56fa03..0000000 --- a/.github/workflows/pr-assign-author.yml +++ /dev/null @@ -1,17 +0,0 @@ -name: pr-assign-author - -permissions: - contents: read - -on: - pull_request_target: - types: - - opened - - reopened - -jobs: - run: - uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@1b673f36fad86812f538c1df9794904038a23cbf - permissions: - contents: read - pull-requests: write diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml deleted file mode 100644 index f30e15f..0000000 --- a/.github/workflows/publish.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: publish - -on: - release: - types: - - published - -jobs: - publish: - runs-on: ubuntu-latest - permissions: - contents: read - id-token: write - packages: write - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Publish - uses: actions/publish-immutable-action@v0.0.4 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml deleted file mode 100644 index ef27758..0000000 --- a/.github/workflows/test.yml +++ /dev/null @@ -1,32 +0,0 @@ -name: test - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -on: - push: - branches: - - 'master' - - 'releases/v*' - pull_request: - -jobs: - test: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: Test - uses: docker/bake-action@v6 - with: - source: . - targets: test - - - name: Upload coverage - uses: codecov/codecov-action@v5 - with: - files: ./coverage/clover.xml - token: ${{ secrets.CODECOV_TOKEN }} diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml deleted file mode 100644 index 0844f4d..0000000 --- a/.github/workflows/validate.yml +++ /dev/null @@ -1,43 +0,0 @@ -name: validate - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -on: - push: - branches: - - 'master' - - 'releases/v*' - pull_request: - -jobs: - prepare: - runs-on: ubuntu-latest - outputs: - targets: ${{ steps.generate.outputs.targets }} - steps: - - - name: Checkout - uses: actions/checkout@v4 - - - name: List targets - id: generate - uses: docker/bake-action/subaction/list-targets@v6 - with: - target: validate - - validate: - runs-on: ubuntu-latest - needs: - - prepare - strategy: - fail-fast: false - matrix: - target: ${{ fromJson(needs.prepare.outputs.targets) }} - steps: - - - name: Validate - uses: docker/bake-action@v6 - with: - targets: ${{ matrix.target }}