diff options
| author | seth <[email protected]> | 2024-01-25 11:12:57 -0500 |
|---|---|---|
| committer | seth <[email protected]> | 2024-01-25 11:16:13 -0500 |
| commit | 4cece44fbd22a3935bb5555b4f08f5ecf3599740 (patch) | |
| tree | 8bd48a794a61228066c8ddeaebb6555c49516967 | |
| parent | 6a0a5b46c633f12ca0e754353b6a6f8818915ed8 (diff) | |
ci: use docker actions
| -rw-r--r-- | .github/workflows/build-image.yaml | 56 | ||||
| -rw-r--r-- | .github/workflows/build.yaml | 16 |
2 files changed, 31 insertions, 41 deletions
diff --git a/.github/workflows/build-image.yaml b/.github/workflows/build-image.yaml index a8087cc..9a46bed 100644 --- a/.github/workflows/build-image.yaml +++ b/.github/workflows/build-image.yaml @@ -32,19 +32,22 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Extract metadata id: metadata - uses: docker/metadata-action@v5 + uses: docker/metadata-action@dbef88086f6cef02e264edb7dbf63250c17cef6c # v5.5.0 with: - images: | - ${{ env.IMAGE_NAME }} + images: ${{ env.REGISTRY }}/${{ inputs.image_name }} tags: | type=sha type=ref,event=branch type=ref,event=pr type=schedule,pattern={{date 'YYYYMMDD'}} + ${{ inputs.extra_tags }} + + - name: Setup Docker Buildx + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 - name: Get akmods signing key if: github.event_name != 'pull_request' @@ -53,52 +56,39 @@ jobs: run: | echo "$AKMODS_KEY" > akmods/certs/private_key.priv - - name: Build image - id: build - uses: redhat-actions/buildah-build@v2 - with: - containerfiles: | - ${{ inputs.containerfile }} - image: ${{ inputs.image_name }} - context: ${{ inputs.context }} - tags: | - ${{ steps.metadata.outputs.tags }} - ${{ inputs.extra_tags }} - labels: ${{ steps.metadata.outputs.labels }} - build-args: ${{ inputs.build_args }} - - name: Login to registry if: github.event_name != 'pull_request' - uses: redhat-actions/podman-login@v1 + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ github.token }} - - name: Push to registry - id: push - if: github.event_name != 'pull_request' - uses: redhat-actions/push-to-registry@v2 + - name: Build image + id: build + uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 with: - image: ${{ steps.build.outputs.image }} - tags: ${{ steps.build.outputs.tags }} - registry: ${{ env.REGISTRY }} - extra-args: | - --disable-content-trust + context: ${{ inputs.context }} + file: ${{ inputs.containerfile }} + tags: ${{ steps.metadata.outputs.tags }} + labels: ${{ steps.metadata.outputs.labels }} + build-args: ${{ inputs.build_args }} + push: ${{ github.event_name != 'pull_request' }} + cache-from: type=gha + cache-to: type=gha,mode=max - name: Install cosign if: github.event_name != 'pull_request' - uses: sigstore/cosign-installer@v3 + uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # v3.3.0 - name: Sign image if: github.event_name != 'pull_request' env: - DIGEST: ${{ steps.push.outputs.digest }} - TAGS: ${{ steps.build.outputs.tags }} - IMAGE_NAME: ${{ inputs.image_name }} + DIGEST: ${{ steps.build.outputs.digest }} + TAGS: ${{ steps.metadata.outputs.tags }} run: | images=() for tag in ${TAGS}; do - images+=("${REGISTRY}/${IMAGE_NAME}:${tag}@${DIGEST}") + images+=("${tag}@${DIGEST}") done cosign sign --yes "${images[@]}" diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 0461008..88bde0e 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -13,7 +13,7 @@ env: jobs: akmods: - name: Akmods Image + name: Akmods Layer permissions: contents: read @@ -26,7 +26,7 @@ jobs: containerfile: ./akmods/Containerfile context: ./akmods extra_tags: | - 39-535 + type=raw,value=39-535 build_args: | FEDORA_VERSION=39 NVIDIA_VERSION=535 @@ -53,16 +53,16 @@ jobs: uses: ./.github/workflows/build-image.yaml with: image_name: ${{ matrix.image_name }} - containerfile: ./Containerfile - context: . + containerfile: ./base/Containerfile + context: ./base extra_tags: | - ${{ matrix.fedora_version }} + type=raw,value=${{ matrix.fedora_version }} build_args: | FEDORA_VERSION=${{ matrix.fedora_version }} IMAGE_FLAVOR=${{ matrix.image_flavor }} config: - name: Config layer + name: Config layers permissions: contents: read @@ -80,7 +80,7 @@ jobs: containerfile: ./config/Containerfile context: ./config extra_tags: | - ${{ matrix.fedora_version }} + type=raw,value=${{ matrix.fedora_version }} build_args: | FEDORA_VERSION=${{ matrix.fedora_version }} @@ -107,7 +107,7 @@ jobs: containerfile: ./nvidia/Containerfile context: ./nvidia extra_tags: | - ${{ matrix.fedora_version }}-${{ matrix.nvidia_version }} + type=raw,value=${{ matrix.fedora_version }}-${{ matrix.nvidia_version }} build_args: | FEDORA_VERSION=${{ matrix.fedora_version }} IMAGE_FLAVOR=${{ matrix.image_flavor }} |