diff --git a/.github/workflows/build-tasks.yml b/.github/workflows/build-tasks.yml index 34a5164c..4f71c7d8 100644 --- a/.github/workflows/build-tasks.yml +++ b/.github/workflows/build-tasks.yml @@ -1,21 +1,69 @@ name: build-tasks + on: # this is meant to be run on an approved PR branch for convenience workflow_dispatch: + +# We derive a unique ID here to make sure that we don't get into a situation +# where different runners pick different tags (eg: for builds near midnight, or +# in different time zones). The manifest job picks the final name. +env: + tag: quay.io/cockpit/tasks + tmptag: quay.io/cockpit/tasks-tmp:${{ github.run_id }}.${{ github.run_attempt }} + jobs: build: - runs-on: ubuntu-22.04 + strategy: + matrix: + build: + - label: amd64 + runner: buildjet-2vcpu-ubuntu-2204 + - label: arm64 + runner: buildjet-2vcpu-ubuntu-2204-arm + + runs-on: ${{ matrix.build.runner }} environment: quay.io timeout-minutes: 30 + steps: - - name: Clone repository + - + name: Log in to container registry + uses: docker/login-action@v3 + with: + registry: quay.io + username: ${{ secrets.QUAY_BOTUSER }} + password: ${{ secrets.QUAY_TOKEN }} + - + name: Checkout uses: actions/checkout@v4 + - + name: Build and push + uses: docker/build-push-action@v5 + with: + push: true + tags: ${{ env.tmptag }}-${{ matrix.build.label }} + context: tasks/container + file: tasks/container/Containerfile - - name: Log into container registry - run: podman login -u ${{ secrets.QUAY_BOTUSER }} -p ${{ secrets.QUAY_TOKEN }} quay.io + manifest: + needs: build - - name: Build tasks container - run: make tasks-container + runs-on: buildjet-2vcpu-ubuntu-2204 + environment: quay.io + timeout-minutes: 30 + + steps: + - + name: Log in to container registry + uses: docker/login-action@v3 + with: + registry: quay.io + username: ${{ secrets.QUAY_BOTUSER }} + password: ${{ secrets.QUAY_TOKEN }} + - + name: Create manifest + run: | + docker manifest create tasks '${{ env.tmptag }}'-{amd,arm}64' - - name: Push container to registry - run: make tasks-push + docker manifest push tasks "${{ env.tag }}:$(date --iso-8601)" + docker manifest push tasks "${{ env.tag }}:latest" diff --git a/Makefile b/Makefile index ccc9ca6c..1c55d915 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,6 @@ all: @echo "usage: make containers" >&2 @echo " make tasks-container" >&2 - @echo " make tasks-push" >&2 @echo " make check" >&2 check: @@ -19,8 +18,5 @@ tasks-container: $(DOCKER) build -t quay.io/cockpit/tasks:$(TAG) tasks/container $(DOCKER) tag quay.io/cockpit/tasks:$(TAG) quay.io/cockpit/tasks:latest -tasks-push: - ./push-container quay.io/cockpit/tasks - tasks-secrets: @cd tasks && ./build-secrets $(TASK_SECRETS) diff --git a/push-container b/push-container deleted file mode 100755 index a855abe7..00000000 --- a/push-container +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh -set -eu - -IMAGE=$1 -[ -n "${DOCKER:-}" ] || DOCKER=$(which podman docker 2>/dev/null | head -n1) -ID=$($DOCKER images -q $IMAGE:latest | head -n1) - -TAGS=$($DOCKER images --format '{{.Tag}} {{.ID}}' $IMAGE | sort -u | grep $ID | awk '{print $1}') -if [ $(echo "$TAGS" | wc -w) -ne "2" ]; then - echo "Expected exactly two tags for the image to push: latest and one other" - exit 1 -fi -for PUSHTAG in $TAGS; do - $DOCKER push "$IMAGE:$PUSHTAG" -done