github-mirror/project-nomad
1
0
Fork 0
mirror of https://github.com/Crosstalk-Solutions/project-nomad.git synced 2026-04-04 15:56:16 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: build amd64 and arm64 images in parallel via matrix

Browse Source 
Each platform now gets its own runner with QEMU, running concurrently.
The single-job QEMU approach built architectures sequentially.
Restores the digest+merge pattern to combine parallel builds into a
single multi-arch manifest.
This commit is contained in:
David Parry 2026-03-24 14:09:40 +11:00
parent bcf4dfc29b
commit d54c23e475
No known key found for this signature in database
3 changed files with 220 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
.github/workflows/build-disk-collector.yml vendored
View File

@ -16,11 +16,13 @@ on:
default: false default: false
jobs: jobs:
check_authorization: setup:
name: Check authorization to publish new Docker image name: Resolve version and check authorization
runs-on: ubuntu-latest runs-on: ubuntu-latest
outputs: outputs:
isAuthorized: ${{ steps.check-auth.outputs.is_authorized }} isAuthorized: ${{ steps.check-auth.outputs.is_authorized }}
version: ${{ steps.vars.outputs.version }}
tag_latest: ${{ steps.vars.outputs.tag_latest }}
steps: steps:
- name: check-auth - name: check-auth
id: check-auth id: check-auth
@ -30,19 +32,7 @@ jobs:
else else
echo "is_authorized=${{ contains(secrets.DEPLOYMENT_AUTHORIZED_USERS, github.triggering_actor) }}" >> $GITHUB_OUTPUT echo "is_authorized=${{ contains(secrets.DEPLOYMENT_AUTHORIZED_USERS, github.triggering_actor) }}" >> $GITHUB_OUTPUT
fi fi
- name: Resolve version and tag_latest
build:
name: Build and push multi-arch disk-collector image
needs: check_authorization
if: needs.check_authorization.outputs.isAuthorized == 'true'
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Resolve version and tags
id: vars id: vars
run: | run: |
if [ "${{ github.event_name }}" = "release" ]; then if [ "${{ github.event_name }}" = "release" ]; then
@ -53,18 +43,24 @@ jobs:
VERSION="${{ inputs.version }}" VERSION="${{ inputs.version }}"
TAG_LATEST=${{ inputs.tag_latest }} TAG_LATEST=${{ inputs.tag_latest }}
fi fi
TAGS="ghcr.io/${{ github.repository_owner }}/project-nomad-disk-collector:${VERSION}
ghcr.io/${{ github.repository_owner }}/project-nomad-disk-collector:v${VERSION}"
if [ "$TAG_LATEST" = "true" ]; then
TAGS="$TAGS
ghcr.io/${{ github.repository_owner }}/project-nomad-disk-collector:latest"
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "tags<<EOF" >> $GITHUB_OUTPUT echo "tag_latest=$TAG_LATEST" >> $GITHUB_OUTPUT
echo "$TAGS" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT build:
name: Build disk-collector image (${{ matrix.platform }})
needs: setup
if: needs.setup.outputs.isAuthorized == 'true'
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
strategy:
fail-fast: false
matrix:
platform: [linux/amd64, linux/arm64]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v3 uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx - name: Set up Docker Buildx
@ -75,13 +71,59 @@ jobs:
registry: ghcr.io registry: ghcr.io
username: ${{ github.actor }} username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push - name: Build and push by digest
id: build
uses: docker/build-push-action@v6 uses: docker/build-push-action@v6
with: with:
context: install/sidecar-disk-collector context: install/sidecar-disk-collector
platforms: linux/amd64,linux/arm64 platforms: ${{ matrix.platform }}
push: true outputs: type=image,name=ghcr.io/${{ github.repository_owner }}/project-nomad-disk-collector,push-by-digest=true,name-canonical=true,push=true
tags: ${{ steps.vars.outputs.tags }} - name: Export digest
run: |
mkdir -p /tmp/digests
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v4
with:
name: digests-${{ matrix.platform == 'linux/amd64' && 'amd64' || 'arm64' }}
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1
merge:
name: Create and push multi-arch manifest
needs: [setup, build]
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Download digests
uses: actions/download-artifact@v4
with:
path: /tmp/digests
pattern: digests-*
merge-multiple: true
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Create manifest list and push
run: |
VERSION="${{ needs.setup.outputs.version }}"
TAGS="-t ghcr.io/${{ github.repository_owner }}/project-nomad-disk-collector:${VERSION}"
TAGS="$TAGS -t ghcr.io/${{ github.repository_owner }}/project-nomad-disk-collector:v${VERSION}"
if [ "${{ needs.setup.outputs.tag_latest }}" = "true" ]; then
TAGS="$TAGS -t ghcr.io/${{ github.repository_owner }}/project-nomad-disk-collector:latest"
fi
docker buildx imagetools create $TAGS \
$(printf 'ghcr.io/${{ github.repository_owner }}/project-nomad-disk-collector@sha256:%s ' *)
working-directory: /tmp/digests
- name: Inspect image - name: Inspect image
run: | run: |
docker buildx imagetools inspect ghcr.io/${{ github.repository_owner }}/project-nomad-disk-collector:${{ steps.vars.outputs.version }} docker buildx imagetools inspect ghcr.io/${{ github.repository_owner }}/project-nomad-disk-collector:${{ needs.setup.outputs.version }}

106
.github/workflows/build-primary-image.yml vendored
View File

@ -16,11 +16,13 @@ on:
default: false default: false
jobs: jobs:
check_authorization: setup:
name: Check authorization to publish new Docker image name: Resolve version and check authorization
runs-on: ubuntu-latest runs-on: ubuntu-latest
outputs: outputs:
isAuthorized: ${{ steps.check-auth.outputs.is_authorized }} isAuthorized: ${{ steps.check-auth.outputs.is_authorized }}
version: ${{ steps.vars.outputs.version }}
tag_latest: ${{ steps.vars.outputs.tag_latest }}
steps: steps:
- name: check-auth - name: check-auth
id: check-auth id: check-auth
@ -30,19 +32,7 @@ jobs:
else else
echo "is_authorized=${{ contains(secrets.DEPLOYMENT_AUTHORIZED_USERS, github.triggering_actor) }}" >> $GITHUB_OUTPUT echo "is_authorized=${{ contains(secrets.DEPLOYMENT_AUTHORIZED_USERS, github.triggering_actor) }}" >> $GITHUB_OUTPUT
fi fi
- name: Resolve version and tag_latest
build:
name: Build and push multi-arch primary image
needs: check_authorization
if: needs.check_authorization.outputs.isAuthorized == 'true'
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Resolve version and tags
id: vars id: vars
run: | run: |
if [ "${{ github.event_name }}" = "release" ]; then if [ "${{ github.event_name }}" = "release" ]; then
@ -53,18 +43,24 @@ jobs:
VERSION="${{ inputs.version }}" VERSION="${{ inputs.version }}"
TAG_LATEST=${{ inputs.tag_latest }} TAG_LATEST=${{ inputs.tag_latest }}
fi fi
TAGS="ghcr.io/${{ github.repository_owner }}/project-nomad:${VERSION}
ghcr.io/${{ github.repository_owner }}/project-nomad:v${VERSION}"
if [ "$TAG_LATEST" = "true" ]; then
TAGS="$TAGS
ghcr.io/${{ github.repository_owner }}/project-nomad:latest"
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "tags<<EOF" >> $GITHUB_OUTPUT echo "tag_latest=$TAG_LATEST" >> $GITHUB_OUTPUT
echo "$TAGS" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT build:
name: Build primary image (${{ matrix.platform }})
needs: setup
if: needs.setup.outputs.isAuthorized == 'true'
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
strategy:
fail-fast: false
matrix:
platform: [linux/amd64, linux/arm64]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v3 uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx - name: Set up Docker Buildx
@ -75,16 +71,62 @@ jobs:
registry: ghcr.io registry: ghcr.io
username: ${{ github.actor }} username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push - name: Build and push by digest
id: build
uses: docker/build-push-action@v6 uses: docker/build-push-action@v6
with: with:
platforms: linux/amd64,linux/arm64 platforms: ${{ matrix.platform }}
push: true outputs: type=image,name=ghcr.io/${{ github.repository_owner }}/project-nomad,push-by-digest=true,name-canonical=true,push=true
tags: ${{ steps.vars.outputs.tags }}
build-args: | build-args: |
VERSION=${{ steps.vars.outputs.version }} VERSION=${{ needs.setup.outputs.version }}
BUILD_DATE=${{ github.event.release.created_at }} BUILD_DATE=${{ github.event.release.created_at }}
VCS_REF=${{ github.sha }} VCS_REF=${{ github.sha }}
- name: Export digest
run: |
mkdir -p /tmp/digests
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v4
with:
name: digests-${{ matrix.platform == 'linux/amd64' && 'amd64' || 'arm64' }}
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1
merge:
name: Create and push multi-arch manifest
needs: [setup, build]
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Download digests
uses: actions/download-artifact@v4
with:
path: /tmp/digests
pattern: digests-*
merge-multiple: true
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Create manifest list and push
run: |
VERSION="${{ needs.setup.outputs.version }}"
TAGS="-t ghcr.io/${{ github.repository_owner }}/project-nomad:${VERSION}"
TAGS="$TAGS -t ghcr.io/${{ github.repository_owner }}/project-nomad:v${VERSION}"
if [ "${{ needs.setup.outputs.tag_latest }}" = "true" ]; then
TAGS="$TAGS -t ghcr.io/${{ github.repository_owner }}/project-nomad:latest"
fi
docker buildx imagetools create $TAGS \
$(printf 'ghcr.io/${{ github.repository_owner }}/project-nomad@sha256:%s ' *)
working-directory: /tmp/digests
- name: Inspect image - name: Inspect image
run: | run: |
docker buildx imagetools inspect ghcr.io/${{ github.repository_owner }}/project-nomad:${{ steps.vars.outputs.version }} docker buildx imagetools inspect ghcr.io/${{ github.repository_owner }}/project-nomad:${{ needs.setup.outputs.version }}

104
.github/workflows/build-sidecar-updater.yml vendored
View File

@ -16,11 +16,13 @@ on:
default: false default: false
jobs: jobs:
check_authorization: setup:
name: Check authorization to publish new Docker image name: Resolve version and check authorization
runs-on: ubuntu-latest runs-on: ubuntu-latest
outputs: outputs:
isAuthorized: ${{ steps.check-auth.outputs.is_authorized }} isAuthorized: ${{ steps.check-auth.outputs.is_authorized }}
version: ${{ steps.vars.outputs.version }}
tag_latest: ${{ steps.vars.outputs.tag_latest }}
steps: steps:
- name: check-auth - name: check-auth
id: check-auth id: check-auth
@ -30,19 +32,7 @@ jobs:
else else
echo "is_authorized=${{ contains(secrets.DEPLOYMENT_AUTHORIZED_USERS, github.triggering_actor) }}" >> $GITHUB_OUTPUT echo "is_authorized=${{ contains(secrets.DEPLOYMENT_AUTHORIZED_USERS, github.triggering_actor) }}" >> $GITHUB_OUTPUT
fi fi
- name: Resolve version and tag_latest
build:
name: Build and push multi-arch sidecar-updater image
needs: check_authorization
if: needs.check_authorization.outputs.isAuthorized == 'true'
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Resolve version and tags
id: vars id: vars
run: | run: |
if [ "${{ github.event_name }}" = "release" ]; then if [ "${{ github.event_name }}" = "release" ]; then
@ -53,18 +43,24 @@ jobs:
VERSION="${{ inputs.version }}" VERSION="${{ inputs.version }}"
TAG_LATEST=${{ inputs.tag_latest }} TAG_LATEST=${{ inputs.tag_latest }}
fi fi
TAGS="ghcr.io/${{ github.repository_owner }}/project-nomad-sidecar-updater:${VERSION}
ghcr.io/${{ github.repository_owner }}/project-nomad-sidecar-updater:v${VERSION}"
if [ "$TAG_LATEST" = "true" ]; then
TAGS="$TAGS
ghcr.io/${{ github.repository_owner }}/project-nomad-sidecar-updater:latest"
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "tags<<EOF" >> $GITHUB_OUTPUT echo "tag_latest=$TAG_LATEST" >> $GITHUB_OUTPUT
echo "$TAGS" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT build:
name: Build sidecar-updater image (${{ matrix.platform }})
needs: setup
if: needs.setup.outputs.isAuthorized == 'true'
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
strategy:
fail-fast: false
matrix:
platform: [linux/amd64, linux/arm64]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v3 uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx - name: Set up Docker Buildx
@ -75,13 +71,59 @@ jobs:
registry: ghcr.io registry: ghcr.io
username: ${{ github.actor }} username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push - name: Build and push by digest
id: build
uses: docker/build-push-action@v6 uses: docker/build-push-action@v6
with: with:
context: install/sidecar-updater context: install/sidecar-updater
platforms: linux/amd64,linux/arm64 platforms: ${{ matrix.platform }}
push: true outputs: type=image,name=ghcr.io/${{ github.repository_owner }}/project-nomad-sidecar-updater,push-by-digest=true,name-canonical=true,push=true
tags: ${{ steps.vars.outputs.tags }} - name: Export digest
run: |
mkdir -p /tmp/digests
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v4
with:
name: digests-${{ matrix.platform == 'linux/amd64' && 'amd64' || 'arm64' }}
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1
merge:
name: Create and push multi-arch manifest
needs: [setup, build]
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Download digests
uses: actions/download-artifact@v4
with:
path: /tmp/digests
pattern: digests-*
merge-multiple: true
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Create manifest list and push
run: |
VERSION="${{ needs.setup.outputs.version }}"
TAGS="-t ghcr.io/${{ github.repository_owner }}/project-nomad-sidecar-updater:${VERSION}"
TAGS="$TAGS -t ghcr.io/${{ github.repository_owner }}/project-nomad-sidecar-updater:v${VERSION}"
if [ "${{ needs.setup.outputs.tag_latest }}" = "true" ]; then
TAGS="$TAGS -t ghcr.io/${{ github.repository_owner }}/project-nomad-sidecar-updater:latest"
fi
docker buildx imagetools create $TAGS \
$(printf 'ghcr.io/${{ github.repository_owner }}/project-nomad-sidecar-updater@sha256:%s ' *)
working-directory: /tmp/digests
- name: Inspect image - name: Inspect image
run: | run: |
docker buildx imagetools inspect ghcr.io/${{ github.repository_owner }}/project-nomad-sidecar-updater:${{ steps.vars.outputs.version }} docker buildx imagetools inspect ghcr.io/${{ github.repository_owner }}/project-nomad-sidecar-updater:${{ needs.setup.outputs.version }}