Skip to content

Add permissions

Add permissions #34

Workflow file for this run

name: Build Catadog
on:
workflow_dispatch:
inputs:
push:
description: Push images
required: true
type: boolean
default: true
push:
branches:
- "**"
jobs:
build:
runs-on: ubuntu-latest
name: Build Docker image
permissions:
contents: read
packages: write
steps:
- name: Checkout
uses: actions/checkout@v4
# Use docker-container engine to enable advanced buildx features
- name: Set up docker container engine
run: |
docker buildx create --name=container --driver=docker-container --use --bootstrap
# Build image for x86-64
#
# Tag image separately to avoid interference with caching and so that testing step can reference the image
- name: Build single-arch image (x86-64)
run: |
docker buildx build . --builder=container --cache-from=type=registry,ref=ghcr.io/datadog/catadog --output=type=image,push=false --platform linux/x86_64 -f ./Dockerfile
- name: Tag single-arch image (x86-64)
run: |
docker buildx build . --builder=container --cache-from=type=registry,ref=ghcr.io/datadog/catadog --load --platform linux/x86_64 -f ./Dockerfile --tag ghcr.io/datadog/catadog
- name: Test single-arch image (x86-64)
run: |
docker run --platform linux/x86_64 --rm ghcr.io/datadog/catadog /bin/sh -c 'true'
docker run --platform linux/x86_64 --rm ghcr.io/datadog/catadog ruby -e 'puts RUBY_DESCRIPTION'
docker run --platform linux/x86_64 --rm ghcr.io/datadog/catadog gem --version
docker run --platform linux/x86_64 --rm ghcr.io/datadog/catadog bundle --version
docker run --platform linux/x86_64 --rm -v "${PWD}":"${PWD}" -w "${PWD}" ghcr.io/datadog/catadog /bin/sh -c 'bundle install && bundle exec rake test'
# Build image for aarch64-linux, emulated under qemu
#
# Tag image separately to avoid interference with caching and so that testing step can reference the image
- name: Enable aarch64 emulation (x86-64)
run: |
docker run --privileged --rm tonistiigi/binfmt --install arm64
- name: Build single-arch image (aarch64-linux)
run: |
docker buildx build . --builder=container --cache-from=type=registry,ref=ghcr.io/datadog/catadog --output=type=image,push=false --platform linux/aarch64 -f ./Dockerfile
- name: Tag single-arch image (aarch64-linux)
run: |
docker buildx build . --builder=container --cache-from=type=registry,ref=ghcr.io/datadog/catadog --load --platform linux/aarch64 -f ./Dockerfile --tag ghcr.io/datadog/catadog
- name: Test single-arch image (aarch64-linux)
run: |
docker run --platform linux/aarch64 --rm ghcr.io/datadog/catadog /bin/sh -c 'true'
docker run --platform linux/aarch64 --rm ghcr.io/datadog/catadog ruby -e 'puts RUBY_DESCRIPTION'
docker run --platform linux/aarch64 --rm ghcr.io/datadog/catadog gem --version
docker run --platform linux/aarch64 --rm ghcr.io/datadog/catadog bundle --version
docker run --platform linux/aarch64 --rm -v "${PWD}":"${PWD}" -w "${PWD}" ghcr.io/datadog/catadog /bin/sh -c 'bundle install && bundle exec rake test'
# Assemble multi-arch image for a combined push to the registry
#
# Docker build is rerun, but build is fast because the layers are already cached
- name: Log in to the container registry
run: |
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Build multi-arch image (x86-64, aarch64)
run: |
docker buildx build . --builder=container --cache-from=type=registry,ref=ghcr.io/datadog/catadog --output=type=image,push=true --build-arg BUILDKIT_INLINE_CACHE=1 --platform linux/x86_64,linux/aarch64 -f ./Dockerfile --tag ghcr.io/datadog/catadog