From acb0b9085faa977aa7a6931973abf486a4802feb Mon Sep 17 00:00:00 2001 From: Max Isom Date: Sat, 17 Aug 2024 17:20:06 -0700 Subject: [PATCH] Fix pull request workflow --- .github/workflows/pr-release.yml | 78 +++++++++++++++++++++++++ .github/workflows/pr.yml | 99 +++++++++++++++++++++++++------- .github/workflows/publish.yml | 4 +- 3 files changed, 157 insertions(+), 24 deletions(-) create mode 100644 .github/workflows/pr-release.yml diff --git a/.github/workflows/pr-release.yml b/.github/workflows/pr-release.yml new file mode 100644 index 000000000..40416687a --- /dev/null +++ b/.github/workflows/pr-release.yml @@ -0,0 +1,78 @@ +name: Release snapshot of PR +on: + workflow_run: + workflows: ["PR Workflow"] + types: + - completed + +jobs: + release-and-comment: + name: Release snapshot and comment in PR + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + attestations: write + id-token: write + steps: + - name: Download images + uses: actions/download-artifact@v4 + with: + path: /tmp/images + pattern: image-* + merge-multiple: true + run-id: ${{ github.event.workflow_run.id }} + github-token: ${{ secrets.WORKFLOW_PAT }} + + - name: Load image + run: | + docker load --input /tmp/images/image-amd64.tar + docker load --input /tmp/images/image-arm64.tar + + - name: Download PR number + uses: actions/download-artifact@v4 + with: + path: /tmp/pull_request_number + pattern: pull_request_number + run-id: ${{ github.event.workflow_run.id }} + github-token: ${{ secrets.WORKFLOW_PAT }} + + - name: Read the pull_request_number.txt file + id: pull_request_number_reader + uses: juliangruber/read-file-action@v1.0.0 + with: + path: ./pull_request_number/pull_request_number.txt + + - name: Set up Buildx + uses: docker/setup-buildx-action@v1 + + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Push + working-directory: /tmp/digests + run: docker buildx imagetools create -t 'ghcr.io/museofficial/muse:pr-${{ github.event.number }}' -t 'ghcr.io/museofficial/muse:${{ github.event.pull_request.head.sha }}' 'ghcr.io/museofficial/muse:${{ github.event.pull_request.head.sha }}-arm64' 'ghcr.io/museofficial/muse:${{ github.event.pull_request.head.sha }}-amd64' + + - name: Create comment + uses: marocchino/sticky-pull-request-comment@v2 + with: + header: "pr-release" + number: ${{ steps.pull_request_number_reader.outputs.content }} + message: | + #### :package: A new release has been made for this pull request. + + To play around with this PR, pull `ghcr.io/museofficial/muse:pr-${{ github.event.number }}` or `ghcr.io/museofficial/muse:${{ github.event.pull_request.head.sha }}`. + + Images are available for x86_64 and ARM64. + + > Latest commit: ${{ github.event.pull_request.head.sha }} diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index aee9ab5f5..20fdb9096 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -1,20 +1,23 @@ name: PR Workflow -on: pull_request_target +on: pull_request + +env: + REGISTRY_IMAGE: ghcr.io/museofficial/muse jobs: - release-snapshot: - name: Release snapshot + build: + name: Build snapshot strategy: matrix: runner-platform: - ubuntu-latest - - macos-14 # ARM + - namespace-profile-default-arm64 include: - runner-platform: ubuntu-latest build-arch: linux/amd64 tagged-platform: amd64 - - runner-platform: macos-14 + - runner-platform: namespace-profile-default-arm64 build-arch: linux/arm64 tagged-platform: arm64 runs-on: ${{ matrix.runner-platform }} @@ -24,8 +27,20 @@ jobs: attestations: write id-token: write steps: + - name: Prepare + run: | + platform=${{ matrix.build-arch }} + echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY_IMAGE }} + tags: type=ref,event=pr + - name: Set up Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v3 - name: Login to GitHub Container Registry uses: docker/login-action@v3 @@ -38,31 +53,64 @@ jobs: uses: josStorer/get-current-time@v2 id: current-time - - name: Build and push - id: docker_build + - name: Build + id: build uses: docker/build-push-action@v6 with: - context: . - push: true - tags: ghcr.io/museofficial/muse:${{ github.event.pull_request.head.sha }}-${{ matrix.tagged-platform }} + outputs: type=docker,dest=/tmp/image.tar + tags: ${{ steps.meta.outputs.tags }} platforms: ${{ matrix.build-arch }} build-args: | COMMIT_HASH=${{ github.sha }} BUILD_DATE=${{ steps.current-time.outputs.time }} - combine-and-comment: - name: Combine platform tags and leave comment + - name: Export digest + run: | + mkdir -p /tmp/digests + digest="${{ steps.build.outputs.digest }}" + touch "/tmp/digests/${digest#sha256:}" + + - name: Upload image + uses: actions/upload-artifact@v4 + with: + name: image-${{ env.PLATFORM_PAIR }} + path: /tmp/image.tar + if-no-files-found: error + retention-days: 1 + + - name: Save PR number in artifact + shell: bash + env: + PR_NUMBER: ${{ github.event.number }} + run: echo $PR_NUMBER > /tmp/pull_request_number.txt + - name: Upload PR number + uses: actions/upload-artifact@v4 + with: + name: pull_request_number + path: /tmp/pull_request_number.txt + + + merge: runs-on: ubuntu-latest - needs: release-snapshot + needs: + - build steps: - - name: Set up Buildx - uses: docker/setup-buildx-action@v1 + - name: Download digests + uses: actions/download-artifact@v4 + with: + path: /tmp/digests + pattern: digests-* + merge-multiple: true + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - - name: Login to DockerHub - uses: docker/login-action@v1 + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} + images: ${{ env.REGISTRY_IMAGE }} + tags: type=ref,event=pr - name: Login to GitHub Container Registry uses: docker/login-action@v3 @@ -71,8 +119,15 @@ jobs: username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Combine tags - run: docker buildx imagetools create -t 'ghcr.io/museofficial/muse:pr-${{ github.event.number }}' -t 'ghcr.io/museofficial/muse:${{ github.event.pull_request.head.sha }}' 'ghcr.io/museofficial/muse:${{ github.event.pull_request.head.sha }}-arm64' 'ghcr.io/museofficial/muse:${{ github.event.pull_request.head.sha }}-amd64' + - name: Create manifest list and push + working-directory: /tmp/digests + run: | + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *) + + - name: Inspect image + run: | + docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} - name: Create comment uses: marocchino/sticky-pull-request-comment@v2 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 739db245a..7e7a4f6b0 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -11,12 +11,12 @@ jobs: matrix: runner-platform: - ubuntu-latest - - macos-14 # ARM + - namespace-profile-default-arm64 include: - runner-platform: ubuntu-latest build-arch: linux/amd64 tagged-platform: amd64 - - runner-platform: macos-14 + - runner-platform: namespace-profile-default-arm64 build-arch: linux/arm64 tagged-platform: arm64 runs-on: ${{ matrix.runner-platform }}