name: Docker on: push: branches: [main] paths: - "**.nix" - "**.rs" - "**.lock" - "Cargo.toml" pull_request: paths: - "**.nix" - "**.rs" - "**.lock" - "Cargo.toml" workflow_dispatch: jobs: build: name: Build image strategy: fail-fast: false matrix: arch: [amd64, arm64] runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v4 - name: Install Nix uses: DeterminateSystems/nix-installer-action@v13 - name: Setup Nix cache uses: DeterminateSystems/magic-nix-cache-action@v7 - name: Build Docker image id: build env: ARCH: ${{ matrix.arch }} run: | nix build \ --fallback \ --print-build-logs \ .#container-"$ARCH" # exit if no `result` from nix build [ ! -L result ] && exit 1 echo "path=$(readlink -f ./result)" >> "$GITHUB_OUTPUT" - name: Upload image uses: actions/upload-artifact@v4 with: name: container-${{ matrix.arch }} path: ${{ steps.build.outputs.path }} if-no-files-found: error retention-days: 1 release-gate: name: Docker Release Gate needs: build if: always() runs-on: ubuntu-latest steps: - name: Exit with error if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') run: exit 1 push: name: Push image needs: release-gate if: github.event_name == 'push' runs-on: ubuntu-latest permissions: packages: write env: REGISTRY: ghcr.io USERNAME: ${{ github.actor }} IMAGE_NAME: teawie-bot steps: - name: Checkout repository uses: actions/checkout@v4 - name: Download images uses: actions/download-artifact@v4 with: path: images - name: Login to registry uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ env.USERNAME }} password: ${{ github.token }} - name: Push to registry env: TAG: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest run: | architectures=("amd64" "arm64") for arch in "${architectures[@]}"; do docker load < images/container-"$arch"/*.tar.gz docker tag teawie-bot:latest-"$arch" "$TAG"-"$arch" docker push "$TAG"-"$arch" done docker manifest create "$TAG" \ --amend "$TAG"-amd64 \ --amend "$TAG"-arm64 docker manifest push "$TAG"