Fix dind: normalize os-release before features + in published image (… #108

Workflow file for this run

.github/workflows/build-push.yaml at 54b55da

	name: Build and Push

	on:
	pull_request:
	branches: [main]
	paths:
	- "VERSION"
	- "Dockerfile"
	- "docker/**"
	- "requirements.txt"
	- ".devcontainer/**"
	- ".github/workflows/build-push.yaml"
	push:
	branches: [main]
	paths:
	- "VERSION"
	- "Dockerfile"
	- "docker/**"
	- "requirements.txt"
	- ".devcontainer/**"
	- ".github/workflows/build-push.yaml"
	workflow_dispatch:
	inputs:
	build_amd64:
	description: "Release: push linux/amd64 (uncheck to skip). PRs always test both arches in parallel."
	type: boolean
	default: true
	build_arm64:
	description: "Release: push linux/arm64 (uncheck to skip). PRs always test both arches in parallel."
	type: boolean
	default: true

	permissions:
	contents: "read"
	id-token: "write"
	security-events: "write"
	actions: "read"
	packages: "write"

	env:
	IMAGE: codecollection-devtools
	DEFAULT_BRANCH: "origin/${{ github.event.repository.default_branch }}"
	SHARED_ARTIFACT_REPOSITORY_PATH: "us-docker.pkg.dev/runwhen-nonprod-shared/public-images"
	GHCR_ORG: "runwhen-contrib"

	jobs:
	# ------------------------------------------------------------------------------
	# PR: parallel build tests (native amd64; arm64 via QEMU)
	# ------------------------------------------------------------------------------
	build-test-amd64:
	if: ${{ github.event_name == 'pull_request' }}
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: docker/setup-buildx-action@v3
	- name: Build test (linux/amd64)
	uses: docker/build-push-action@v6
	with:
	context: .
	file: Dockerfile
	platforms: linux/amd64
	push: false
	load: true
	tags: codecollection-devtools:pr-test-amd64

	build-test-arm64:
	if: ${{ github.event_name == 'pull_request' }}
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: docker/setup-qemu-action@v3
	- uses: docker/setup-buildx-action@v3
	- name: Build test (linux/arm64)
	uses: docker/build-push-action@v6
	with:
	context: .
	file: Dockerfile
	platforms: linux/arm64
	push: false
	tags: codecollection-devtools:pr-test-arm64

	# ------------------------------------------------------------------------------
	# Release: shared VERSION for per-arch pushes + manifest merge
	# ------------------------------------------------------------------------------
	prepare-release:
	if: ${{ github.event_name == 'push' \|\| github.event_name == 'workflow_dispatch' }}
	runs-on: ubuntu-latest
	outputs:
	version: ${{ steps.version.outputs.version }}
	steps:
	- uses: actions/checkout@v4
	- id: version
	run: \|
	if [[ -s VERSION ]]; then
	VERSION=$(cat VERSION \| tr -d '[:space:]')
	echo "version=$VERSION" >> "$GITHUB_OUTPUT"
	echo "VERSION=$VERSION" >> "$GITHUB_ENV"
	echo "VERSION extracted: $VERSION"
	else
	echo "VERSION file is missing or empty" >&2
	exit 1
	fi

	build-push-amd64:
	needs: [prepare-release]
	if: \|
	(github.event_name == 'push' \|\| github.event_name == 'workflow_dispatch') &&
	(github.event_name == 'push' \|\| github.event.inputs.build_amd64 == 'true')
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: docker/setup-buildx-action@v3
	- id: auth-runwhen
	name: Authenticate to Google Cloud
	uses: google-github-actions/auth@v0.4.0
	with:
	workload_identity_provider: ${{ secrets.RUNWHEN_NONPROD_SHARED_WI_PROVIDER }}
	service_account: ${{ secrets.RUNWHEN_NONPROD_SHARED_WI_SA }}
	- name: Configure docker for GCP
	run: gcloud --quiet auth configure-docker us-docker.pkg.dev
	- name: Login to GHCR
	run: \|
	echo "${{ secrets.GITHUB_TOKEN }}" \| \
	docker login --username ${{ github.actor }} --password-stdin ghcr.io
	- name: Build & push (linux/amd64)
	uses: docker/build-push-action@v6
	with:
	context: .
	file: Dockerfile
	platforms: linux/amd64
	push: true
	tags: \|
	${{ env.SHARED_ARTIFACT_REPOSITORY_PATH }}/${{ env.IMAGE }}:${{ needs.prepare-release.outputs.version }}-amd64
	ghcr.io/${{ env.GHCR_ORG }}/${{ env.IMAGE }}:${{ needs.prepare-release.outputs.version }}-amd64
	build-args: \|
	GITHUB_SHA=${{ github.sha }}
	GITHUB_REF=${{ github.ref }}

	build-push-arm64:
	needs: [prepare-release]
	if: \|
	(github.event_name == 'push' \|\| github.event_name == 'workflow_dispatch') &&
	(github.event_name == 'push' \|\| github.event.inputs.build_arm64 == 'true')
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: docker/setup-qemu-action@v3
	- uses: docker/setup-buildx-action@v3
	- id: auth-runwhen
	name: Authenticate to Google Cloud
	uses: google-github-actions/auth@v0.4.0
	with:
	workload_identity_provider: ${{ secrets.RUNWHEN_NONPROD_SHARED_WI_PROVIDER }}
	service_account: ${{ secrets.RUNWHEN_NONPROD_SHARED_WI_SA }}
	- name: Configure docker for GCP
	run: gcloud --quiet auth configure-docker us-docker.pkg.dev
	- name: Login to GHCR
	run: \|
	echo "${{ secrets.GITHUB_TOKEN }}" \| \
	docker login --username ${{ github.actor }} --password-stdin ghcr.io
	- name: Build & push (linux/arm64)
	uses: docker/build-push-action@v6
	with:
	context: .
	file: Dockerfile
	platforms: linux/arm64
	push: true
	tags: \|
	${{ env.SHARED_ARTIFACT_REPOSITORY_PATH }}/${{ env.IMAGE }}:${{ needs.prepare-release.outputs.version }}-arm64
	ghcr.io/${{ env.GHCR_ORG }}/${{ env.IMAGE }}:${{ needs.prepare-release.outputs.version }}-arm64
	build-args: \|
	GITHUB_SHA=${{ github.sha }}
	GITHUB_REF=${{ github.ref }}

	merge-manifests:
	needs: [prepare-release, build-push-amd64, build-push-arm64]
	if: \|
	always() && !cancelled() &&
	needs.prepare-release.result == 'success' &&
	(
	(github.event_name == 'push' &&
	needs.build-push-amd64.result == 'success' &&
	needs.build-push-arm64.result == 'success') \|\|
	(github.event_name == 'workflow_dispatch' &&
	(needs.build-push-amd64.result == 'success' \|\| needs.build-push-arm64.result == 'success'))
	)
	runs-on: ubuntu-latest
	steps:
	- id: auth-runwhen
	name: Authenticate to Google Cloud
	uses: google-github-actions/auth@v0.4.0
	with:
	workload_identity_provider: ${{ secrets.RUNWHEN_NONPROD_SHARED_WI_PROVIDER }}
	service_account: ${{ secrets.RUNWHEN_NONPROD_SHARED_WI_SA }}
	- name: Configure docker for GCP
	run: gcloud --quiet auth configure-docker us-docker.pkg.dev
	- name: Login to GHCR
	run: \|
	echo "${{ secrets.GITHUB_TOKEN }}" \| \
	docker login --username ${{ github.actor }} --password-stdin ghcr.io
	- uses: docker/setup-buildx-action@v3
	- name: Merge multi-arch manifests (GCP + GHCR)
	env:
	V: ${{ needs.prepare-release.outputs.version }}
	GCP_BASE: ${{ env.SHARED_ARTIFACT_REPOSITORY_PATH }}/${{ env.IMAGE }}
	GHCR_BASE: ghcr.io/${{ env.GHCR_ORG }}/${{ env.IMAGE }}
	AMD64_OK: ${{ needs.build-push-amd64.result }}
	ARM64_OK: ${{ needs.build-push-arm64.result }}
	run: \|
	set -euo pipefail
	GCP_REF=()
	GHCR_REF=()
	if [[ "$AMD64_OK" == "success" ]]; then
	GCP_REF+=("${GCP_BASE}:${V}-amd64")
	GHCR_REF+=("${GHCR_BASE}:${V}-amd64")
	fi
	if [[ "$ARM64_OK" == "success" ]]; then
	GCP_REF+=("${GCP_BASE}:${V}-arm64")
	GHCR_REF+=("${GHCR_BASE}:${V}-arm64")
	fi
	docker buildx imagetools create \
	-t "${GCP_BASE}:${V}" -t "${GCP_BASE}:latest" \
	"${GCP_REF[@]}"
	docker buildx imagetools create \
	-t "${GHCR_BASE}:${V}" -t "${GHCR_BASE}:latest" \
	"${GHCR_REF[@]}"

	- name: Notify Slack of Container Build
	uses: slackapi/slack-github-action@v1.19.0
	with:
	channel-id: "#notifications"
	slack-message: "Just Pushed to ${{ env.SHARED_ARTIFACT_REPOSITORY_PATH }}/${{ env.IMAGE }}:${{ needs.prepare-release.outputs.version }}"
	env:
	SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}

	- name: Notify Slack of GHCR Push
	uses: slackapi/slack-github-action@v1.19.0
	with:
	channel-id: "#codecollections"
	slack-message: "Just deployed latest version of codecollection-devtools to https://github.com/orgs/runwhen-contrib/packages/container/package/codecollection-devtools"
	env:
	SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix dind: normalize os-release before features + in published image (… #108

Workflow file

Fix dind: normalize os-release before features + in published image (… #108

Uh oh!

Workflow file for this run