github-mirror/project-nomad
1
0
Fork 0
mirror of https://github.com/Crosstalk-Solutions/project-nomad.git synced 2026-03-28 03:29:25 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: automate multi-arch image builds on release via QEMU

Browse Source 
Replace native arm64 runners (unavailable on free tier) with QEMU
emulation. All three image builds now trigger automatically on
`release: published`, deriving version and :latest flag from the
GitHub release event. workflow_dispatch retained for manual rebuilds.
This commit is contained in:
David Parry 2026-03-24 13:38:11 +11:00
parent b290e7dd33
commit 2944fccdeb
No known key found for this signature in database
3 changed files with 135 additions and 192 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

107
.github/workflows/build-disk-collector.yml vendored
View File

@ -1,6 +1,8 @@
name: Build Disk Collector Image
on:
release:
types: [published]
workflow_dispatch:
inputs:
version:
@ -22,69 +24,49 @@ jobs:
steps:
- name: check-auth
id: check-auth
run: echo "is_authorized=${{ contains(secrets.DEPLOYMENT_AUTHORIZED_USERS, github.triggering_actor) }}" >> $GITHUB_OUTPUT
run: |
if [ "${{ github.event_name }}" = "release" ]; then
echo "is_authorized=true" >> $GITHUB_OUTPUT
else
echo "is_authorized=${{ contains(secrets.DEPLOYMENT_AUTHORIZED_USERS, github.triggering_actor) }}" >> $GITHUB_OUTPUT
fi
build:
name: Build disk-collector image (${{ matrix.platform }})
name: Build and push multi-arch disk-collector image
needs: check_authorization
if: needs.check_authorization.outputs.isAuthorized == 'true'
runs-on: ${{ matrix.runner }}
permissions:
contents: read
packages: write
strategy:
fail-fast: false
matrix:
include:
- platform: linux/amd64
runner: ubuntu-latest
- platform: linux/arm64
runner: ubuntu-latest-arm64
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push by digest
id: build
uses: docker/build-push-action@v6
with:
context: install/sidecar-disk-collector
platforms: ${{ matrix.platform }}
outputs: type=image,name=ghcr.io/${{ github.repository_owner }}/project-nomad-disk-collector,push-by-digest=true,name-canonical=true,push=true
- name: Export digest
run: |
mkdir -p /tmp/digests
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v4
with:
name: digests-${{ matrix.platform == 'linux/amd64' && 'amd64' || 'arm64' }}
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1
merge:
name: Create and push multi-arch manifest
needs: build
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Download digests
uses: actions/download-artifact@v4
with:
path: /tmp/digests
pattern: digests-*
merge-multiple: true
- name: Checkout code
uses: actions/checkout@v4
- name: Resolve version and tags
id: vars
run: |
if [ "${{ github.event_name }}" = "release" ]; then
VERSION="${{ github.event.release.tag_name }}"
VERSION="${VERSION#v}"
TAG_LATEST=${{ !github.event.release.prerelease }}
else
VERSION="${{ inputs.version }}"
TAG_LATEST=${{ inputs.tag_latest }}
fi
TAGS="ghcr.io/${{ github.repository_owner }}/project-nomad-disk-collector:${VERSION}
ghcr.io/${{ github.repository_owner }}/project-nomad-disk-collector:v${VERSION}"
if [ "$TAG_LATEST" = "true" ]; then
TAGS="$TAGS
ghcr.io/${{ github.repository_owner }}/project-nomad-disk-collector:latest"
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "tags<<EOF" >> $GITHUB_OUTPUT
echo "$TAGS" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to GitHub Container Registry
@ -93,14 +75,13 @@ jobs:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Create manifest list and push
working-directory: /tmp/digests
run: |
docker buildx imagetools create \
-t ghcr.io/${{ github.repository_owner }}/project-nomad-disk-collector:${{ inputs.version }} \
-t ghcr.io/${{ github.repository_owner }}/project-nomad-disk-collector:v${{ inputs.version }} \
${{ inputs.tag_latest && '-t ghcr.io/${{ github.repository_owner }}/project-nomad-disk-collector:latest' || '' }} \
$(printf 'ghcr.io/${{ github.repository_owner }}/project-nomad-disk-collector@sha256:%s ' *)
- name: Build and push
uses: docker/build-push-action@v6
with:
context: install/sidecar-disk-collector
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.vars.outputs.tags }}
- name: Inspect image
run: |
docker buildx imagetools inspect ghcr.io/${{ github.repository_owner }}/project-nomad-disk-collector:${{ inputs.version }}
docker buildx imagetools inspect ghcr.io/${{ github.repository_owner }}/project-nomad-disk-collector:${{ steps.vars.outputs.version }}

113
.github/workflows/build-primary-image.yml vendored
View File

@ -1,6 +1,8 @@
name: Build Primary Docker Image
on:
release:
types: [published]
workflow_dispatch:
inputs:
version:
@ -22,72 +24,49 @@ jobs:
steps:
- name: check-auth
id: check-auth
run: echo "is_authorized=${{ contains(secrets.DEPLOYMENT_AUTHORIZED_USERS, github.triggering_actor) }}" >> $GITHUB_OUTPUT
run: |
if [ "${{ github.event_name }}" = "release" ]; then
echo "is_authorized=true" >> $GITHUB_OUTPUT
else
echo "is_authorized=${{ contains(secrets.DEPLOYMENT_AUTHORIZED_USERS, github.triggering_actor) }}" >> $GITHUB_OUTPUT
fi
build:
name: Build primary image (${{ matrix.platform }})
name: Build and push multi-arch primary image
needs: check_authorization
if: needs.check_authorization.outputs.isAuthorized == 'true'
runs-on: ${{ matrix.runner }}
permissions:
contents: read
packages: write
strategy:
fail-fast: false
matrix:
include:
- platform: linux/amd64
runner: ubuntu-latest
- platform: linux/arm64
runner: ubuntu-latest-arm64
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push by digest
id: build
uses: docker/build-push-action@v6
with:
platforms: ${{ matrix.platform }}
outputs: type=image,name=ghcr.io/${{ github.repository_owner }}/project-nomad,push-by-digest=true,name-canonical=true,push=true
build-args: |
VERSION=${{ inputs.version }}
BUILD_DATE=${{ github.event.workflow_run.created_at }}
VCS_REF=${{ github.sha }}
- name: Export digest
run: |
mkdir -p /tmp/digests
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v4
with:
name: digests-${{ matrix.platform == 'linux/amd64' && 'amd64' || 'arm64' }}
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1
merge:
name: Create and push multi-arch manifest
needs: build
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Download digests
uses: actions/download-artifact@v4
with:
path: /tmp/digests
pattern: digests-*
merge-multiple: true
- name: Checkout code
uses: actions/checkout@v4
- name: Resolve version and tags
id: vars
run: |
if [ "${{ github.event_name }}" = "release" ]; then
VERSION="${{ github.event.release.tag_name }}"
VERSION="${VERSION#v}"
TAG_LATEST=${{ !github.event.release.prerelease }}
else
VERSION="${{ inputs.version }}"
TAG_LATEST=${{ inputs.tag_latest }}
fi
TAGS="ghcr.io/${{ github.repository_owner }}/project-nomad:${VERSION}
ghcr.io/${{ github.repository_owner }}/project-nomad:v${VERSION}"
if [ "$TAG_LATEST" = "true" ]; then
TAGS="$TAGS
ghcr.io/${{ github.repository_owner }}/project-nomad:latest"
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "tags<<EOF" >> $GITHUB_OUTPUT
echo "$TAGS" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to GitHub Container Registry
@ -96,14 +75,16 @@ jobs:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Create manifest list and push
working-directory: /tmp/digests
run: |
docker buildx imagetools create \
-t ghcr.io/${{ github.repository_owner }}/project-nomad:${{ inputs.version }} \
-t ghcr.io/${{ github.repository_owner }}/project-nomad:v${{ inputs.version }} \
${{ inputs.tag_latest && '-t ghcr.io/${{ github.repository_owner }}/project-nomad:latest' || '' }} \
$(printf 'ghcr.io/${{ github.repository_owner }}/project-nomad@sha256:%s ' *)
- name: Build and push
uses: docker/build-push-action@v6
with:
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.vars.outputs.tags }}
build-args: |
VERSION=${{ steps.vars.outputs.version }}
BUILD_DATE=${{ github.event.release.created_at }}
VCS_REF=${{ github.sha }}
- name: Inspect image
run: |
docker buildx imagetools inspect ghcr.io/${{ github.repository_owner }}/project-nomad:${{ inputs.version }}
docker buildx imagetools inspect ghcr.io/${{ github.repository_owner }}/project-nomad:${{ steps.vars.outputs.version }}

107
.github/workflows/build-sidecar-updater.yml vendored
View File

@ -1,6 +1,8 @@
name: Build Sidecar Updater Image
on:
release:
types: [published]
workflow_dispatch:
inputs:
version:
@ -22,69 +24,49 @@ jobs:
steps:
- name: check-auth
id: check-auth
run: echo "is_authorized=${{ contains(secrets.DEPLOYMENT_AUTHORIZED_USERS, github.triggering_actor) }}" >> $GITHUB_OUTPUT
run: |
if [ "${{ github.event_name }}" = "release" ]; then
echo "is_authorized=true" >> $GITHUB_OUTPUT
else
echo "is_authorized=${{ contains(secrets.DEPLOYMENT_AUTHORIZED_USERS, github.triggering_actor) }}" >> $GITHUB_OUTPUT
fi
build:
name: Build sidecar-updater image (${{ matrix.platform }})
name: Build and push multi-arch sidecar-updater image
needs: check_authorization
if: needs.check_authorization.outputs.isAuthorized == 'true'
runs-on: ${{ matrix.runner }}
permissions:
contents: read
packages: write
strategy:
fail-fast: false
matrix:
include:
- platform: linux/amd64
runner: ubuntu-latest
- platform: linux/arm64
runner: ubuntu-latest-arm64
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push by digest
id: build
uses: docker/build-push-action@v6
with:
context: install/sidecar-updater
platforms: ${{ matrix.platform }}
outputs: type=image,name=ghcr.io/${{ github.repository_owner }}/project-nomad-sidecar-updater,push-by-digest=true,name-canonical=true,push=true
- name: Export digest
run: |
mkdir -p /tmp/digests
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v4
with:
name: digests-${{ matrix.platform == 'linux/amd64' && 'amd64' || 'arm64' }}
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1
merge:
name: Create and push multi-arch manifest
needs: build
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Download digests
uses: actions/download-artifact@v4
with:
path: /tmp/digests
pattern: digests-*
merge-multiple: true
- name: Checkout code
uses: actions/checkout@v4
- name: Resolve version and tags
id: vars
run: |
if [ "${{ github.event_name }}" = "release" ]; then
VERSION="${{ github.event.release.tag_name }}"
VERSION="${VERSION#v}"
TAG_LATEST=${{ !github.event.release.prerelease }}
else
VERSION="${{ inputs.version }}"
TAG_LATEST=${{ inputs.tag_latest }}
fi
TAGS="ghcr.io/${{ github.repository_owner }}/project-nomad-sidecar-updater:${VERSION}
ghcr.io/${{ github.repository_owner }}/project-nomad-sidecar-updater:v${VERSION}"
if [ "$TAG_LATEST" = "true" ]; then
TAGS="$TAGS
ghcr.io/${{ github.repository_owner }}/project-nomad-sidecar-updater:latest"
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "tags<<EOF" >> $GITHUB_OUTPUT
echo "$TAGS" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to GitHub Container Registry
@ -93,14 +75,13 @@ jobs:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Create manifest list and push
working-directory: /tmp/digests
run: |
docker buildx imagetools create \
-t ghcr.io/${{ github.repository_owner }}/project-nomad-sidecar-updater:${{ inputs.version }} \
-t ghcr.io/${{ github.repository_owner }}/project-nomad-sidecar-updater:v${{ inputs.version }} \
${{ inputs.tag_latest && '-t ghcr.io/${{ github.repository_owner }}/project-nomad-sidecar-updater:latest' || '' }} \
$(printf 'ghcr.io/${{ github.repository_owner }}/project-nomad-sidecar-updater@sha256:%s ' *)
- name: Build and push
uses: docker/build-push-action@v6
with:
context: install/sidecar-updater
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.vars.outputs.tags }}
- name: Inspect image
run: |
docker buildx imagetools inspect ghcr.io/${{ github.repository_owner }}/project-nomad-sidecar-updater:${{ inputs.version }}
docker buildx imagetools inspect ghcr.io/${{ github.repository_owner }}/project-nomad-sidecar-updater:${{ steps.vars.outputs.version }}