ci: update Docker workflow to add caching and secrets

EndstoneMC · Jan 15, 2025 · 36b2b27 · 36b2b27
1 parent 53f6182
commit 36b2b27
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 42 deletions.
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -12,10 +12,18 @@ on:
 permissions: read-all
 
 jobs:
-  build_publish_docker_hub:
-    name: Build and Publish Docker Image to Docker Hub
-    if: contains(github.ref, 'refs/tags/')
+  build_and_publish:
+    name: Build and Publish Docker Image
     runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        registry: [ ghcr, dockerhub ]
+        include:
+          - registry: ghcr
+            image: 'ghcr.io/endstonemc/endstone'
+          - registry: dockerhub
+            image: 'endstone/endstone'
 
     steps:
       - name: Checkout Code
@@ -27,48 +35,14 @@ jobs:
         uses: docker/setup-buildx-action@v3
 
       - name: Login to Docker Hub
-        if: github.event_name != 'pull_request'
+        if: matrix.registry == 'dockerhub'
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      - name: Extract Metadata
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: endstone/endstone
-          tags: |
-            type=raw,value=latest,enable={{ is_default_branch }}
-            type=pep440,pattern={{version}}
-
-      - name: Build and Push
-        id: build-and-push
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          platforms: linux/amd64
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-
-  build_publish_ghcr:
-    name: Build and Publish Docker Image to GitHub Container Registry
-    runs-on: ubuntu-latest
-    permissions:
-      packages: write
-
-    steps:
-      - name: Checkout Code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
       - name: Login to GitHub Container Registry
-        if: github.event_name != 'pull_request'
+        if: matrix.registry == 'ghcr'
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
@@ -79,17 +53,39 @@ jobs:
         id: meta
         uses: docker/metadata-action@v5
         with:
-          images: ghcr.io/endstonemc/endstone
+          images: ${{ matrix.image }}
           tags: |
             type=raw,value=latest,enable={{ is_default_branch }}
             type=pep440,pattern={{version}}
 
+      - name: Cache Docker
+        uses: actions/cache@v4
+        with:
+          path: ${{ runner.temp }}/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+
       - name: Build and Push
-        id: build-and-push
         uses: docker/build-push-action@v6
+        if: >
+          matrix.registry == 'dockerhub' && startsWith(github.ref, 'refs/tags/') || 
+          matrix.registry == 'ghcr'
         with:
           context: .
           platforms: linux/amd64
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=local,src=${{ runner.temp }}/.buildx-cache
+          cache-to: type=local,dest=${{ runner.temp }}/.buildx-cache-new,mode=max
+          secrets: |
+            sentry-auth-token=${{ secrets.SENTRY_AUTH_TOKEN }}
+
+      - # Temp fix
+        # https://github.com/docker/build-push-action/issues/252
+        # https://github.com/moby/buildkit/issues/1896
+        name: Move cache
+        run: |
+          rm -rf ${{ runner.temp }}/.buildx-cache
+          mv ${{ runner.temp }}/.buildx-cache-new ${{ runner.temp }}/.buildx-cache
diff --git a/Dockerfile b/Dockerfile
@@ -1,3 +1,5 @@
+# syntax=docker/dockerfile:1
+
 FROM python:3.12-slim-bullseye AS base
 
 LABEL maintainer="Endstone <[email protected]>"
@@ -41,7 +43,9 @@ WORKDIR /usr/src/endstone
 
 COPY . .
 
-RUN python -m pip install --upgrade pip \
+RUN --mount=type=cache,target=/root/.conan2/p \
+    --mount=type=secret,id=sentry-auth-token,env=SENTRY_AUTH_TOKEN \
+    python -m pip install --upgrade pip \
     && pip install wheel auditwheel sentry-cli setuptools "patchelf>=0.14" pytest \
     && python -m pip wheel . --no-deps --wheel-dir=dist --verbose \
     && python scripts/repair_wheel.py -o endstone -p endstone -w wheelhouse dist/*.whl \