diff --git a/.github/workflows/bake-publish-cloud-builder.yaml b/.github/workflows/bake-publish-cloud-builder.yaml new file mode 100644 index 0000000..ef8d334 --- /dev/null +++ b/.github/workflows/bake-publish-cloud-builder.yaml @@ -0,0 +1,145 @@ +--- + # This is a reusable workflow for building and publishing Docker images + # using a bake file and building using Docker Cloud Builder + + name: Simple Bake & Publish + on: + workflow_call: + inputs: + file: + description: 'The file name of the bake file to use. If not provided will use default.' + type: string + default: 'docker-bake.hcl' + required: false + group: + description: 'Group to use from the bake file.' + type: string + default: '' + required: true + registry: + description: 'The container registry to use.' + type: string + default: 'ghcr.io' + required: false + organization: + description: 'The organization to use for the docker image' + type: string + required: true + secrets: + username: + description: 'Username for the docker registry' + required: true + token: + description: 'PAT for the docker registry' + required: true + endpoint: + description: 'The endpoint for the docker cloud builder' + required: true + + jobs: + # Generate a matrix based on all the targets defined in the + # bake file. The reason for this is to parallelize the build + # process and allow for docker layer caching to be saved + # for each, otherwise they would overwrite the same cache. + targets: + name: Generate targets list from provided bake file + runs-on: ubuntu-22.04 + outputs: + targets: ${{ steps.generate.outputs.targets }} + + steps: + # 1.1 - checkout the files + - name: Checkout + uses: actions/checkout@v4 + + # 1.2 - Generate a matrix output of all the targets for the specified group + - name: List targets + id: generate + uses: docker/bake-action/subaction/list-targets@v4.1.0 + with: + target: ${{ inputs.group }} + files: ${{ inputs.file }} + + # 1.3 (optional) - output the generated target list for verification + - name: Show matrix + run: | + echo ${{ steps.generate.outputs.targets }} + + build-push: + # NOTE: this name is used for waiting on in the retag workflow + name: build-bake-push + runs-on: ubuntu-22.04 + permissions: + packages: write + contents: read + # this job depends on the 'targets' job + needs: + - targets + + # 2.0 - Build a matrix strategy from the retrieved target list + strategy: + fail-fast: true + matrix: + target: ${{ fromJson(needs.targets.outputs.targets) }} + + steps: + # 2.1 - Checkout the repository + - name: Checkout the repository + uses: actions/checkout@v4 + + # 2.2 - Generate Image Metadata + # Automatically generates the defaul OCI labels that can be extended + # Automatically determine the version tag to use based by the following + # priority list: + # - if tag is semantic version compliant use the version (strip prefix/suffix) + # - if tagged but not semver, use tag directly + # - if no tag use PR branch + # - if neither of the above and is default branch then use latest + # NOTE: that all 3 may be generated as tags but the priority for the version + # to be embedded within the image label is top to bottom + - name: Docker meta + id: meta + uses: docker/metadata-action@v5.5.0 + with: + images: ghcr.io/${{ github.repository }} + tags: | + type=semver,pattern={{version}} + type=ref,event=tag + type=ref,event=pr + # set latest tag for default branch + type=raw,value=latest,enable={{is_default_branch}} + + # 2.3 - Login against the docker registry + - name: Login to registry GHCR + uses: docker/login-action@v3.0.0 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + # 2.4 - Login against the Docker registry + - name: Login to registry Docker Cloud + uses: docker/login-action@v3.0.0 + with: + username: ${{ secrets.username }} + password: ${{ secrets.token }} + + # 2.5 - Setup Docker BuildX for multi platform Cloud building + # NOTE: Experimental + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3.0.0 + with: + version: "lab:latest" + driver: cloud + endpoint: "${{ secrets.endpoint }}" + + # 2.6 - Build Docker Images + - name: Build Images using BuildX Bake + uses: docker/bake-action@v4.1.0 + with: + files: | + ${{ inputs.file }} + ${{ steps.meta.outputs.bake-file }} + targets: ${{ matrix.target }} + push: false + \ No newline at end of file diff --git a/.github/workflows/publish-cloud-builder.yaml b/.github/workflows/publish-cloud-builder.yaml new file mode 100644 index 0000000..e0dfb36 --- /dev/null +++ b/.github/workflows/publish-cloud-builder.yaml @@ -0,0 +1,64 @@ +--- +# Automatically build Docker images using a cloud builder and publish them to a +# container registry using HCL Bake file. + +name: Build Docker Images using Cloud Builder + +on: + # workflow_dispatch: + pull_request: + branches: ['main'] + push: + branches: ['main'] + tags: ['*'] + +jobs: + bake-target: + name: Determine bake target + runs-on: ubuntu-22.04 # don't use the big runners for this small step + outputs: + target: ${{ steps.generate.outputs.bake_target }} + steps: + - name: Determine target + id: generate + run: | + if [[ '${{ github.event_name }}' == 'pull_request' ]]; then + TGT=default + else + TGT=prod + fi + + echo "$TGT" + echo "bake_target=${TGT,,}" >> ${GITHUB_OUTPUT} + + - name: Show Generated Target + run: echo ${{ steps.generate.outputs.bake_target }} + + # Build and Publish all targets associated with specified group + bake: + needs: + - bake-target + uses: darpa-askem/sciml-service/.github/workflows/bake-publish-cloud-builder.yaml@cloud-builder + with: + file: 'docker/docker-bake.hcl' + group: ${{ needs.bake-target.outputs.target }} + registry: 'ghcr.io' + organization: ${{ github.repository_owner }} + secrets: + username: ${{ secrets.DOCKER_CLOUD_BUILD_USERNAME }} + token: ${{ secrets.DOCKER_CLOUD_BUILD_TOKEN }} + endpoint: "${{ secrets.DOCKER_CLOUD_BUILD_ENDPOINT }}" + + # Execute simulation-integration reporting + simulation-integration: + runs-on: ubuntu-latest + needs: + - bake-target + steps: + - name: Report + env: + GITHUB_TOKEN: ${{ secrets.GHP_ACCESS_TOKEN }} + run: | + gh workflow run report.yaml --repo DARPA-ASKEM/simulation-integration --ref main + + diff --git a/docker/docker-bake.hcl b/docker/docker-bake.hcl index 832240d..7312c4b 100644 --- a/docker/docker-bake.hcl +++ b/docker/docker-bake.hcl @@ -36,10 +36,13 @@ group "default" { } # ---------------------------------------------------------------------------------------------------------------------- +# Used by the metafile GH action +# DO NOT ADD ANYTHING HERE THIS WILL BE POPULATED DYNAMICALLY +# MAKE SURE THIS IS INHERITED NEAR THE END SO THAT IT DOES NOT GET OVERRIDEN +target "docker-metadata-action" {} -# Removed linux/arm64 for now to ass CI build - Dec 2022 target "_platforms" { - platforms = ["linux/amd64"] + platforms = ["linux/amd64", "linux/arm64"] } target "sciml-service-base" { @@ -49,5 +52,5 @@ target "sciml-service-base" { } target "sciml-service" { - inherits = ["_platforms", "sciml-service-base"] + inherits = ["sciml-service-base", "docker-metadata-action", "_platforms"] } \ No newline at end of file