diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index cf8ebc2f..5893ced5 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -55,7 +55,9 @@ jobs: - name: Build and upload to ghcr.io 📤 id: build-upload - uses: docker/bake-action@v5 + # We need to pin exact version here, since updates can break + # the extract-image-names.sh script + uses: docker/bake-action@v5.5.0 with: push: true # Using provenance to disable default attestation so it will build only desired images: @@ -71,9 +73,15 @@ jobs: build.json .github/workflows/env.hcl - - name: Set output variables + - name: Set output image names id: bake_metadata + # bake-action metadata output has gotten too big, so we first write it + # to a file. See https://github.com/aiidalab/aiidalab-docker-stack/issues/491 run: | - .github/workflows/extract-image-names.sh | tee -a "${GITHUB_OUTPUT}" | awk -F'=' '{print $2}' | jq - env: - BAKE_METADATA: ${{ steps.build-upload.outputs.metadata }} + cat << EOF > bake_metadata.json + ${{ steps.build-upload.outputs.metadata }} + EOF + images=$(.github/workflows/extract-image-names.sh bake_metadata.json) + echo "images=${images}" >> "${GITHUB_OUTPUT}" + # Pretty-print for GHA logs + echo "$images" | jq diff --git a/.github/workflows/extract-image-names.sh b/.github/workflows/extract-image-names.sh index 9aca2de8..6d0bed4f 100755 --- a/.github/workflows/extract-image-names.sh +++ b/.github/workflows/extract-image-names.sh @@ -2,13 +2,14 @@ set -euo pipefail +metadata_file=$1 # Extract image names together with their sha256 digests # from the docker/bake-action metadata output. # These together uniquely identify newly built images. -# The input to this script is a JSON string passed via BAKE_METADATA env variable +# The input to this script is a json file (filename passed as first parameter to the script) # Here's example input (trimmed to relevant bits): -# BAKE_METADATA: { +# { # "base": { # "containerimage.descriptor": { # "mediaType": "application/vnd.docker.distribution.manifest.v2+json", @@ -35,23 +36,17 @@ set -euo pipefail # } # } # -# Example output (real output is on one line): +# Example output with trimmed SHAs (real output is on one line): # -# images={ -# "BASE_IMAGE": "ghcr.io/aiidalab/base@sha256:8e57a52b924b67567314b8ed3c968859cad99ea13521e60bbef40457e16f391d", -# "BASE_WITH_SERVICES_IMAGE": "ghcr.io/aiidalab/base-with-services@sha256:6753a809b5b2675bf4c22408e07c1df155907a465b33c369ef93ebcb1c4fec26", -# "FULL_STACK_IMAGE": "ghcr.io/aiidalab/full-stack@sha256:85ee91f61be1ea601591c785db038e5899d68d5fb89e07d66d9efbe8f352ee48", -# "LAB_IMAGE": "ghcr.io/aiidalab/lab@sha256:4d9be090da287fcdf2d4658bb82f78bad791ccd15dac9af594fb8306abe47e97" +# { +# "BASE_IMAGE": "ghcr.io/aiidalab/base@sha256:8e57a52b92", +# "BASE_WITH_SERVICES_IMAGE": "ghcr.io/aiidalab/base-with-services@sha256:6753a809", +# "FULL_STACK_IMAGE": "ghcr.io/aiidalab/full-stack@sha256:85ee91f61be", +# "LAB_IMAGE": "ghcr.io/aiidalab/lab@sha256:4d9be090da2" # } # # This json output is later turned to environment variables using fromJson() GHA builtin # (e.g. BASE_IMAGE=ghcr.io/aiidalab/base@sha256:8e57a52b...) # and these are in turn read in the docker-compose..yml files for tests. -if [[ -z ${BAKE_METADATA-} ]];then - echo "ERROR: Environment variable BAKE_METADATA is not set!" - exit 1 -fi - -images=$(echo "${BAKE_METADATA}" | jq -c '. as $base |[to_entries[] |{"key": (.key|ascii_upcase|sub("-"; "_"; "g") + "_IMAGE"), "value": [(.value."image.name"|split(",")[0]),.value."containerimage.digest"]|join("@")}] |from_entries') -echo "images=$images" +jq -c '. as $base |[to_entries[] |{"key": (.key|ascii_upcase|sub("-"; "_"; "g") + "_IMAGE"), "value": [(.value."image.name"|split(",")[0]),.value."containerimage.digest"]|join("@")}] |from_entries' $metadata_file