build images also for arm64 (#168)

* build images also for arm64 * add extended build steps to prepare env for multi build * use Vox Pupulis container action * update container gha to latest version * update to v1 instead of commit id * ci only build x86_64 to showcase that container build is working at all * disable container scanning
betadots · Sep 20, 2023 · d1a33d4 · d1a33d4
1 parent c575982
commit d1a33d4
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 55 deletions.
diff --git a/.github/workflows/build_docker.yml b/.github/workflows/build_docker.yml
@@ -1,4 +1,4 @@
-name: publish 🐳 Docker image
+name: Build and publish a 🛢️ container
 
 on:
   push:
@@ -10,52 +10,13 @@ on:
       - '*'
 
 jobs:
-  build-and-push-image:
+  build-and-push-container:
     runs-on: ubuntu-latest
     permissions:
       contents: read
       packages: write
-
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Log in to the Container registry
-        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Get tags
-        shell: python
-        run: |
-          import re
-          import os
-          from packaging.version import parse
-
-          image   = "ghcr.io/${{ github.repository }}"
-          tags    = set()
-          version = "${{ github.ref_name }}"
-
-          if version.startswith('v'):
-            version = "${{ github.ref_name }}".replace("v", "")
-            tags.add(f"{image}:latest")
-
-          if version == 'main':
-            version = "development"
-
-          tags.add(f"{image}:{version}")
-          tags = ",".join(sorted(list(tags)))
-
-          with open(os.environ['GITHUB_OUTPUT'], 'a') as fh:
-            print(f'tags={tags}', file=fh)
-        id: tags
-
-      - name: Build and push
-        uses: docker/build-push-action@v5
+      - uses: voxpupuli/gha-build-and-publish-a-container@v1
         with:
-          context: .
-          platforms: linux/amd64
-          push: true
-          tags: ${{ steps.tags.outputs.tags }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          build_arch: linux/amd64,linux/arm64
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -57,21 +57,26 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
 
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
       - name: Build Docker image
         uses: docker/build-push-action@v5
         with:
           context: .
-          tags: 'ci/hdm:${{ github.sha }}'
+          # tags: 'ci/hdm:${{ github.sha }}'
+          platforms: linux/amd64
           push: false
 
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: 'ci/hdm:${{ github.sha }}'
-          format: 'sarif'
-          output: 'trivy-results.sarif'
+      # - name: Run Trivy vulnerability scanner
+      #   uses: aquasecurity/trivy-action@master
+      #   with:
+      #     image-ref: 'ci/hdm:${{ github.sha }}'
+      #     format: 'sarif'
+      #     output: 'trivy-results.sarif'
 
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
-        with:
-          sarif_file: 'trivy-results.sarif'
+      # - name: Upload Trivy scan results to GitHub Security tab
+      #   uses: github/codeql-action/upload-sarif@v2
+      #   with:
+      #     sarif_file: 'trivy-results.sarif'