Add permissions #34
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build Catadog | |
on: | |
workflow_dispatch: | |
inputs: | |
push: | |
description: Push images | |
required: true | |
type: boolean | |
default: true | |
push: | |
branches: | |
- "**" | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
name: Build Docker image | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
# Use docker-container engine to enable advanced buildx features | |
- name: Set up docker container engine | |
run: | | |
docker buildx create --name=container --driver=docker-container --use --bootstrap | |
# Build image for x86-64 | |
# | |
# Tag image separately to avoid interference with caching and so that testing step can reference the image | |
- name: Build single-arch image (x86-64) | |
run: | | |
docker buildx build . --builder=container --cache-from=type=registry,ref=ghcr.io/datadog/catadog --output=type=image,push=false --platform linux/x86_64 -f ./Dockerfile | |
- name: Tag single-arch image (x86-64) | |
run: | | |
docker buildx build . --builder=container --cache-from=type=registry,ref=ghcr.io/datadog/catadog --load --platform linux/x86_64 -f ./Dockerfile --tag ghcr.io/datadog/catadog | |
- name: Test single-arch image (x86-64) | |
run: | | |
docker run --platform linux/x86_64 --rm ghcr.io/datadog/catadog /bin/sh -c 'true' | |
docker run --platform linux/x86_64 --rm ghcr.io/datadog/catadog ruby -e 'puts RUBY_DESCRIPTION' | |
docker run --platform linux/x86_64 --rm ghcr.io/datadog/catadog gem --version | |
docker run --platform linux/x86_64 --rm ghcr.io/datadog/catadog bundle --version | |
docker run --platform linux/x86_64 --rm -v "${PWD}":"${PWD}" -w "${PWD}" ghcr.io/datadog/catadog /bin/sh -c 'bundle install && bundle exec rake test' | |
# Build image for aarch64-linux, emulated under qemu | |
# | |
# Tag image separately to avoid interference with caching and so that testing step can reference the image | |
- name: Enable aarch64 emulation (x86-64) | |
run: | | |
docker run --privileged --rm tonistiigi/binfmt --install arm64 | |
- name: Build single-arch image (aarch64-linux) | |
run: | | |
docker buildx build . --builder=container --cache-from=type=registry,ref=ghcr.io/datadog/catadog --output=type=image,push=false --platform linux/aarch64 -f ./Dockerfile | |
- name: Tag single-arch image (aarch64-linux) | |
run: | | |
docker buildx build . --builder=container --cache-from=type=registry,ref=ghcr.io/datadog/catadog --load --platform linux/aarch64 -f ./Dockerfile --tag ghcr.io/datadog/catadog | |
- name: Test single-arch image (aarch64-linux) | |
run: | | |
docker run --platform linux/aarch64 --rm ghcr.io/datadog/catadog /bin/sh -c 'true' | |
docker run --platform linux/aarch64 --rm ghcr.io/datadog/catadog ruby -e 'puts RUBY_DESCRIPTION' | |
docker run --platform linux/aarch64 --rm ghcr.io/datadog/catadog gem --version | |
docker run --platform linux/aarch64 --rm ghcr.io/datadog/catadog bundle --version | |
docker run --platform linux/aarch64 --rm -v "${PWD}":"${PWD}" -w "${PWD}" ghcr.io/datadog/catadog /bin/sh -c 'bundle install && bundle exec rake test' | |
# Assemble multi-arch image for a combined push to the registry | |
# | |
# Docker build is rerun, but build is fast because the layers are already cached | |
- name: Log in to the container registry | |
run: | | |
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin | |
- name: Build multi-arch image (x86-64, aarch64) | |
run: | | |
docker buildx build . --builder=container --cache-from=type=registry,ref=ghcr.io/datadog/catadog --output=type=image,push=true --build-arg BUILDKIT_INLINE_CACHE=1 --platform linux/x86_64,linux/aarch64 -f ./Dockerfile --tag ghcr.io/datadog/catadog |