From 863be249c80869b308845719e896a5d5c07ca2b8 Mon Sep 17 00:00:00 2001 From: Kyle Harding Date: Wed, 15 Mar 2023 09:27:30 -0400 Subject: [PATCH] Enable multi-arch docker builds via flowzone Change-type: patch Signed-off-by: Kyle Harding --- .github/workflows/flowzone.yml | 29 ++++++++++++++++++++--------- docker-bake.hcl | 6 ++++++ 2 files changed, 26 insertions(+), 9 deletions(-) create mode 100644 docker-bake.hcl diff --git a/.github/workflows/flowzone.yml b/.github/workflows/flowzone.yml index fb0d167..29680d9 100644 --- a/.github/workflows/flowzone.yml +++ b/.github/workflows/flowzone.yml @@ -3,19 +3,30 @@ name: Flowzone on: pull_request: types: [opened, synchronize, closed] - branches: - - "main" - - "master" + branches: [main, master] + # allow external contributions to use secrets within trusted code + pull_request_target: + types: [opened, synchronize, closed] + branches: [main, master] jobs: flowzone: name: Flowzone uses: product-os/flowzone/.github/workflows/flowzone.yml@master - secrets: - FLOWZONE_TOKEN: ${{ secrets.FLOWZONE_TOKEN }} - GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} - GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }} - DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} + # prevent duplicate workflow executions for pull_request and pull_request_target + if: | + ( + github.event.pull_request.head.repo.full_name == github.repository && + github.event_name == 'pull_request' + ) || ( + github.event.pull_request.head.repo.full_name != github.repository && + github.event_name == 'pull_request_target' + ) + secrets: inherit with: docker_images: balena/open-balena-db + docker_runs_on: > + { + "linux/amd64": ["self-hosted","distro:jammy","platform:linux/amd64"], + "linux/arm64": ["self-hosted","distro:jammy","platform:linux/arm64"] + } diff --git a/docker-bake.hcl b/docker-bake.hcl new file mode 100644 index 0000000..2bcedae --- /dev/null +++ b/docker-bake.hcl @@ -0,0 +1,6 @@ +target "default" { + platforms = [ + "linux/amd64", + "linux/arm64" + ] +}