diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 6224bf5f..a8e81a36 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -26,10 +26,15 @@ on: - "*config.*" workflow_dispatch: inputs: + no-cache: + description: "Build docker images with no cache" + default: false + required: false + type: boolean push: description: 'whether to push image' - required: true default: false + required: false type: boolean permissions: @@ -43,12 +48,13 @@ env: REPOSITORY: marukome0743/homepage GHCR_REGISTRY: ghcr.io GHCR_REPOSITORY: openup-labtakizawa/homepage - SHA: ${{ github.event.pull_request.head.sha || github.event.after }} - IS_PUSH: ${{ inputs.push || github.event_name == 'push' || github.ref_type == 'tag' }} + SHA: ${{ github.event.pull_request.head.sha || github.sha }} + IS_PUSH: ${{ github.event_name == 'push' || github.ref_type == 'tag' || inputs.push == true }} jobs: build: runs-on: ubuntu-24.04 + timeout-minutes: 30 if: github.repository_owner == 'openup-labtakizawa' steps: @@ -96,17 +102,18 @@ jobs: uses: docker/build-push-action@v6 id: push with: + annotations: ${{ steps.meta.outputs.annotations }} + cache-from: type=gha + cache-to: type=gha,mode=max context: . + labels: ${{ steps.meta.outputs.labels }} + load: ${{ !fromJSON(env.IS_PUSH) }} + no-cache: ${{ inputs.no-cache == true }} platforms: ${{ fromJSON(env.IS_PUSH) && 'linux/amd64,linux/arm64' || 'linux/amd64' }} + provenance: ${{ fromJSON(env.IS_PUSH) && 'mode=max' }} push: ${{ fromJSON(env.IS_PUSH) }} - load: ${{ !fromJSON(env.IS_PUSH) }} + sbom: ${{ fromJSON(env.IS_PUSH) }} tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - annotations: ${{ steps.meta.outputs.annotations }} - cache-from: type=gha - cache-to: type=gha,mode=max - provenance: ${{ fromJSON(env.IS_PUSH) && 'mode=max' || false }} - sbom: ${{ fromJSON(env.IS_PUSH) && true || false }} - name: Attest if: fromJSON(env.IS_PUSH) diff --git a/.github/workflows/lambda.yml b/.github/workflows/lambda.yml index 8812413b..edcab52b 100644 --- a/.github/workflows/lambda.yml +++ b/.github/workflows/lambda.yml @@ -15,6 +15,16 @@ on: - "package.json" - "*config.*" workflow_dispatch: + inputs: + no-cache: + description: "Build docker images with no cache" + default: false + required: false + type: boolean + +permissions: + contents: read + id-token: write env: AWS_REGION: ap-northeast-1 @@ -24,6 +34,7 @@ env: jobs: lambda: runs-on: ubuntu-24.04 + timeout-minutes: 30 if: github.repository_owner == 'openup-labtakizawa' steps: @@ -48,7 +59,7 @@ jobs: uses: aws-actions/amazon-ecr-login@v2 - name: Get an old ImageTag - id: get-old-image-tag + id: old-image-tag run: | echo "OLD_IMAGE_TAG=$(aws ecr list-images --repository-name $ECR_REPOSITORY \ --query 'imageIds[0].imageTag' --output text)" >> $GITHUB_OUTPUT @@ -56,13 +67,14 @@ jobs: - name: Build and Push uses: docker/build-push-action@v6 with: + cache-from: type=gha + cache-to: type=gha,mode=max context: . + no-cache: ${{ inputs.no-cache == true }} platforms: linux/arm64 + provenance: false push: true tags: ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ github.sha }} - cache-from: type=gha - cache-to: type=gha,mode=max - provenance: false - name: Update Lambda Function env: @@ -74,7 +86,7 @@ jobs: - name: Delete an old Image env: - OLD_IMAGE_TAG: ${{ steps.get-old-image-tag.outputs.OLD_IMAGE_TAG }} + OLD_IMAGE_TAG: ${{ steps.old-image-tag.outputs.OLD_IMAGE_TAG }} run: | aws ecr batch-delete-image --repository-name $ECR_REPOSITORY \ --image-ids imageTag=$OLD_IMAGE_TAG diff --git a/bun.lockb b/bun.lockb index 42c9e5aa..1f95b6ca 100755 Binary files a/bun.lockb and b/bun.lockb differ