1257 lines
		
	
	
		
			34 KiB
		
	
	
	
		
			YAML
		
	
	
			
		
		
	
	
			1257 lines
		
	
	
		
			34 KiB
		
	
	
	
		
			YAML
		
	
	
| name: ci
 | |
| 
 | |
| concurrency:
 | |
|   group: ${{ github.workflow }}-${{ github.ref }}
 | |
|   cancel-in-progress: true
 | |
| 
 | |
| on:
 | |
|   workflow_dispatch:
 | |
|     inputs:
 | |
|       buildx-version:
 | |
|         description: 'Buildx version or Git context'
 | |
|         default: 'latest'
 | |
|         required: false
 | |
|       buildkit-image:
 | |
|         description: 'BuildKit image'
 | |
|         default: 'moby/buildkit:buildx-stable-1'
 | |
|         required: false
 | |
|   schedule:
 | |
|     - cron: '0 10 * * *'
 | |
|   push:
 | |
|     branches:
 | |
|       - 'master'
 | |
|       - 'releases/v*'
 | |
|   pull_request:
 | |
| 
 | |
| env:
 | |
|   BUILDX_VERSION: latest
 | |
|   BUILDKIT_IMAGE: moby/buildkit:buildx-stable-1
 | |
| 
 | |
| jobs:
 | |
|   minimal:
 | |
|     runs-on: ubuntu-latest
 | |
|     steps:
 | |
|       -
 | |
|         name: Checkout
 | |
|         uses: actions/checkout@v4
 | |
|         with:
 | |
|           path: action
 | |
|       -
 | |
|         name: Set up Docker Buildx
 | |
|         uses: docker/setup-buildx-action@v3
 | |
|         with:
 | |
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
 | |
|           driver-opts: |
 | |
|             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}            
 | |
|       -
 | |
|         name: Build
 | |
|         uses: ./action
 | |
|         with:
 | |
|           file: ./test/Dockerfile
 | |
| 
 | |
|   git-context:
 | |
|     runs-on: ubuntu-latest
 | |
|     services:
 | |
|       registry:
 | |
|         image: registry:2
 | |
|         ports:
 | |
|           - 5000:5000
 | |
|     steps:
 | |
|       -
 | |
|         name: Checkout
 | |
|         uses: actions/checkout@v4
 | |
|         with:
 | |
|           path: action
 | |
|       -
 | |
|         name: Set up QEMU
 | |
|         uses: docker/setup-qemu-action@v3
 | |
|       -
 | |
|         name: Set up Docker Buildx
 | |
|         id: buildx
 | |
|         uses: docker/setup-buildx-action@v3
 | |
|         with:
 | |
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
 | |
|           driver-opts: |
 | |
|             network=host
 | |
|             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}            
 | |
|       -
 | |
|         name: Build and push
 | |
|         id: docker_build
 | |
|         uses: ./action
 | |
|         with:
 | |
|           file: ./test/Dockerfile
 | |
|           builder: ${{ steps.buildx.outputs.name }}
 | |
|           platforms: linux/amd64,linux/arm64
 | |
|           push: true
 | |
|           tags: |
 | |
|             localhost:5000/name/app:latest
 | |
|             localhost:5000/name/app:1.0.0            
 | |
|       -
 | |
|         name: Inspect
 | |
|         run: |
 | |
|           docker buildx imagetools inspect localhost:5000/name/app:1.0.0 --format '{{json .}}'          
 | |
|       -
 | |
|         name: Check digest
 | |
|         run: |
 | |
|           if [ -z "${{ steps.docker_build.outputs.digest }}" ]; then
 | |
|             echo "::error::Digest should not be empty"
 | |
|             exit 1
 | |
|           fi          
 | |
| 
 | |
|   git-context-secret:
 | |
|     runs-on: ubuntu-latest
 | |
|     services:
 | |
|       registry:
 | |
|         image: registry:2
 | |
|         ports:
 | |
|           - 5000:5000
 | |
|     steps:
 | |
|       -
 | |
|         name: Checkout
 | |
|         uses: actions/checkout@v4
 | |
|         with:
 | |
|           path: action
 | |
|       -
 | |
|         name: Set up QEMU
 | |
|         uses: docker/setup-qemu-action@v3
 | |
|       -
 | |
|         name: Set up Docker Buildx
 | |
|         id: buildx
 | |
|         uses: docker/setup-buildx-action@v3
 | |
|         with:
 | |
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
 | |
|           driver-opts: |
 | |
|             network=host
 | |
|             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}            
 | |
|       -
 | |
|         name: Build and push
 | |
|         id: docker_build
 | |
|         uses: ./action
 | |
|         with:
 | |
|           file: ./test/Dockerfile
 | |
|           builder: ${{ steps.buildx.outputs.name }}
 | |
|           platforms: linux/amd64,linux/arm64
 | |
|           push: true
 | |
|           tags: |
 | |
|             localhost:5000/name/app:latest
 | |
|             localhost:5000/name/app:1.0.0            
 | |
|           secrets: |
 | |
|             GIT_AUTH_TOKEN=${{ github.token }}
 | |
|             "MYSECRET=aaaaaaaa
 | |
|             bbbbbbb
 | |
|             ccccccccc"
 | |
|             FOO=bar
 | |
|             "EMPTYLINE=aaaa
 | |
| 
 | |
|             bbbb
 | |
|             ccc"            
 | |
|       -
 | |
|         name: Inspect
 | |
|         run: |
 | |
|           docker buildx imagetools inspect localhost:5000/name/app:1.0.0 --format '{{json .}}'          
 | |
|       -
 | |
|         name: Check digest
 | |
|         run: |
 | |
|           if [ -z "${{ steps.docker_build.outputs.digest }}" ]; then
 | |
|             echo "::error::Digest should not be empty"
 | |
|             exit 1
 | |
|           fi          
 | |
| 
 | |
|   path-context:
 | |
|     runs-on: ubuntu-latest
 | |
|     services:
 | |
|       registry:
 | |
|         image: registry:2
 | |
|         ports:
 | |
|           - 5000:5000
 | |
|     steps:
 | |
|       -
 | |
|         name: Checkout
 | |
|         uses: actions/checkout@v4
 | |
|       -
 | |
|         name: Set up QEMU
 | |
|         uses: docker/setup-qemu-action@v3
 | |
|       -
 | |
|         name: Set up Docker Buildx
 | |
|         id: buildx
 | |
|         uses: docker/setup-buildx-action@v3
 | |
|         with:
 | |
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
 | |
|           driver-opts: |
 | |
|             network=host
 | |
|             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}            
 | |
|       -
 | |
|         name: Build and push
 | |
|         id: docker_build
 | |
|         uses: ./
 | |
|         with:
 | |
|           context: ./test
 | |
|           file: ./test/Dockerfile
 | |
|           builder: ${{ steps.buildx.outputs.name }}
 | |
|           push: true
 | |
|           tags: |
 | |
|             localhost:5000/name/app:latest
 | |
|             localhost:5000/name/app:1.0.0            
 | |
|       -
 | |
|         name: Inspect
 | |
|         run: |
 | |
|           docker buildx imagetools inspect localhost:5000/name/app:1.0.0 --format '{{json .}}'          
 | |
|       -
 | |
|         name: Check digest
 | |
|         run: |
 | |
|           if [ -z "${{ steps.docker_build.outputs.digest }}" ]; then
 | |
|             echo "::error::Digest should not be empty"
 | |
|             exit 1
 | |
|           fi          
 | |
| 
 | |
|   example:
 | |
|     runs-on: ubuntu-latest
 | |
|     env:
 | |
|       DOCKER_IMAGE: localhost:5000/name/app
 | |
|     services:
 | |
|       registry:
 | |
|         image: registry:2
 | |
|         ports:
 | |
|           - 5000:5000
 | |
|     steps:
 | |
|       -
 | |
|         name: Checkout
 | |
|         uses: actions/checkout@v4
 | |
|       -
 | |
|         name: Docker meta
 | |
|         id: meta
 | |
|         uses: docker/metadata-action@v5
 | |
|         with:
 | |
|           images: ${{ env.DOCKER_IMAGE }}
 | |
|           tags: |
 | |
|             type=schedule
 | |
|             type=ref,event=branch
 | |
|             type=ref,event=pr
 | |
|             type=semver,pattern={{version}}
 | |
|             type=semver,pattern={{major}}.{{minor}}
 | |
|             type=semver,pattern={{major}}
 | |
|             type=sha            
 | |
|       -
 | |
|         name: Set up Docker Buildx
 | |
|         uses: docker/setup-buildx-action@v3
 | |
|         with:
 | |
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
 | |
|           driver-opts: |
 | |
|             network=host
 | |
|             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}            
 | |
|       -
 | |
|         name: Build and export to Docker client
 | |
|         uses: ./
 | |
|         with:
 | |
|           context: ./test
 | |
|           file: ./test/Dockerfile
 | |
|           load: true
 | |
|           tags: ${{ steps.meta.outputs.tags }}
 | |
|           labels: ${{ steps.meta.outputs.labels }}
 | |
|       -
 | |
|         name: Build and push to local registry
 | |
|         uses: ./
 | |
|         with:
 | |
|           context: ./test
 | |
|           file: ./test/Dockerfile
 | |
|           push: ${{ github.event_name != 'pull_request' }}
 | |
|           tags: ${{ steps.meta.outputs.tags }}
 | |
|           labels: ${{ steps.meta.outputs.labels }}
 | |
|       -
 | |
|         name: Inspect image
 | |
|         run: |
 | |
|           docker image inspect ${{ env.DOCKER_IMAGE }}:${{ steps.meta.outputs.version }}          
 | |
|       -
 | |
|         name: Check manifest
 | |
|         if: github.event_name != 'pull_request'
 | |
|         run: |
 | |
|           docker buildx imagetools inspect ${{ env.DOCKER_IMAGE }}:${{ steps.meta.outputs.version }} --format '{{json .}}'          
 | |
| 
 | |
|   error:
 | |
|     runs-on: ubuntu-latest
 | |
|     steps:
 | |
|       -
 | |
|         name: Checkout
 | |
|         uses: actions/checkout@v4
 | |
|       -
 | |
|         name: Stop docker
 | |
|         run: |
 | |
|           sudo systemctl stop docker docker.socket          
 | |
|       -
 | |
|         name: Build
 | |
|         id: docker_build
 | |
|         continue-on-error: true
 | |
|         uses: ./
 | |
|         with:
 | |
|           context: ./test
 | |
|           file: ./test/Dockerfile
 | |
|       -
 | |
|         name: Check
 | |
|         run: |
 | |
|           echo "${{ toJson(steps.docker_build) }}"
 | |
|           if [ "${{ steps.docker_build.outcome }}" != "failure" ] || [ "${{ steps.docker_build.conclusion }}" != "success" ]; then
 | |
|             echo "::error::Should have failed"
 | |
|             exit 1
 | |
|           fi          
 | |
| 
 | |
|   error-buildx:
 | |
|     runs-on: ubuntu-latest
 | |
|     steps:
 | |
|       -
 | |
|         name: Checkout
 | |
|         uses: actions/checkout@v4
 | |
|       -
 | |
|         name: Set up QEMU
 | |
|         uses: docker/setup-qemu-action@v3
 | |
|       -
 | |
|         name: Set up Docker Buildx
 | |
|         uses: docker/setup-buildx-action@v3
 | |
|         with:
 | |
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
 | |
|           driver-opts: |
 | |
|             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}            
 | |
|       -
 | |
|         name: Build
 | |
|         id: docker_build
 | |
|         continue-on-error: true
 | |
|         uses: ./
 | |
|         with:
 | |
|           context: ./test
 | |
|           file: ./test/Dockerfile
 | |
|           platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
 | |
|           push: true
 | |
|           tags: localhost:5000/name/app:latest
 | |
|       -
 | |
|         name: Check
 | |
|         run: |
 | |
|           echo "${{ toJson(steps.docker_build) }}"
 | |
|           if [ "${{ steps.docker_build.outcome }}" != "failure" ] || [ "${{ steps.docker_build.conclusion }}" != "success" ]; then
 | |
|             echo "::error::Should have failed"
 | |
|             exit 1
 | |
|           fi          
 | |
| 
 | |
|   docker-driver:
 | |
|     runs-on: ubuntu-latest
 | |
|     services:
 | |
|       registry:
 | |
|         image: registry:2
 | |
|         ports:
 | |
|           - 5000:5000
 | |
|     steps:
 | |
|       -
 | |
|         name: Checkout
 | |
|         uses: actions/checkout@v4
 | |
|       -
 | |
|         name: Build
 | |
|         id: docker_build
 | |
|         uses: ./
 | |
|         with:
 | |
|           context: ./test
 | |
|           file: ./test/Dockerfile
 | |
|           push: true
 | |
|           tags: localhost:5000/name/app:latest
 | |
| 
 | |
|   export-docker:
 | |
|     runs-on: ubuntu-latest
 | |
|     steps:
 | |
|       -
 | |
|         name: Checkout
 | |
|         uses: actions/checkout@v4
 | |
|       -
 | |
|         name: Build
 | |
|         uses: ./
 | |
|         with:
 | |
|           context: ./test
 | |
|           file: ./test/Dockerfile
 | |
|           load: true
 | |
|           tags: myimage:latest
 | |
|       -
 | |
|         name: Inspect
 | |
|         run: |
 | |
|           docker image inspect myimage:latest          
 | |
| 
 | |
|   secret:
 | |
|     runs-on: ubuntu-latest
 | |
|     steps:
 | |
|       -
 | |
|         name: Checkout
 | |
|         uses: actions/checkout@v4
 | |
|       -
 | |
|         name: Set up Docker Buildx
 | |
|         uses: docker/setup-buildx-action@v3
 | |
|         with:
 | |
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
 | |
|           driver-opts: |
 | |
|             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}            
 | |
|       -
 | |
|         name: Build
 | |
|         uses: ./
 | |
|         with:
 | |
|           context: .
 | |
|           file: ./test/secret.Dockerfile
 | |
|           secrets: |
 | |
|             MYSECRET=foo
 | |
|             INVALID_SECRET=            
 | |
| 
 | |
|   secret-envs:
 | |
|     runs-on: ubuntu-latest
 | |
|     steps:
 | |
|       -
 | |
|         name: Checkout
 | |
|         uses: actions/checkout@v4
 | |
|       -
 | |
|         name: Set up Docker buildx
 | |
|         uses: docker/setup-buildx-action@v3
 | |
|         with:
 | |
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
 | |
|           driver-opts: |
 | |
|             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}            
 | |
|       -
 | |
|         name: Build
 | |
|         uses: ./
 | |
|         env:
 | |
|           ENV_SECRET: foo
 | |
|         with:
 | |
|           context: .
 | |
|           file: ./test/secret.Dockerfile
 | |
|           secret-envs: |
 | |
|             MYSECRET=ENV_SECRET
 | |
|             INVALID_SECRET=            
 | |
| 
 | |
|   network:
 | |
|     runs-on: ubuntu-latest
 | |
|     steps:
 | |
|       -
 | |
|         name: Checkout
 | |
|         uses: actions/checkout@v4
 | |
|       -
 | |
|         name: Set up Docker Buildx
 | |
|         uses: docker/setup-buildx-action@v3
 | |
|         with:
 | |
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
 | |
|           driver-opts: |
 | |
|             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}            
 | |
|       -
 | |
|         name: List networks
 | |
|         run: docker network ls
 | |
|       -
 | |
|         name: Build
 | |
|         uses: ./
 | |
|         with:
 | |
|           context: ./test
 | |
|           tags: name/app:latest
 | |
|           network: host
 | |
| 
 | |
|   shm-size:
 | |
|     runs-on: ubuntu-latest
 | |
|     steps:
 | |
|       -
 | |
|         name: Checkout
 | |
|         uses: actions/checkout@v4
 | |
|       -
 | |
|         name: Set up Docker Buildx
 | |
|         uses: docker/setup-buildx-action@v3
 | |
|         with:
 | |
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
 | |
|           driver-opts: |
 | |
|             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}            
 | |
|       -
 | |
|         name: Build
 | |
|         uses: ./
 | |
|         with:
 | |
|           context: ./test
 | |
|           file: ./test/shmsize.Dockerfile
 | |
|           tags: name/app:latest
 | |
|           shm-size: 2g
 | |
| 
 | |
|   ulimit:
 | |
|     runs-on: ubuntu-latest
 | |
|     steps:
 | |
|       -
 | |
|         name: Checkout
 | |
|         uses: actions/checkout@v4
 | |
|       -
 | |
|         name: Set up Docker Buildx
 | |
|         uses: docker/setup-buildx-action@v3
 | |
|         with:
 | |
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
 | |
|           driver-opts: |
 | |
|             network=host
 | |
|             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}            
 | |
|       -
 | |
|         name: Build
 | |
|         uses: ./
 | |
|         with:
 | |
|           context: ./test
 | |
|           file: ./test/ulimit.Dockerfile
 | |
|           tags: name/app:latest
 | |
|           ulimit: |
 | |
|             nofile=1024:1024
 | |
|             nproc=3            
 | |
| 
 | |
|   cgroup-parent:
 | |
|     runs-on: ubuntu-latest
 | |
|     steps:
 | |
|       -
 | |
|         name: Checkout
 | |
|         uses: actions/checkout@v4
 | |
|       -
 | |
|         name: Set up Docker Buildx
 | |
|         uses: docker/setup-buildx-action@v3
 | |
|         with:
 | |
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
 | |
|           driver-opts: |
 | |
|             network=host
 | |
|             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}            
 | |
|       -
 | |
|         name: Build
 | |
|         uses: ./
 | |
|         with:
 | |
|           context: ./test
 | |
|           file: ./test/cgroup.Dockerfile
 | |
|           tags: name/app:latest
 | |
|           cgroup-parent: foo
 | |
| 
 | |
|   add-hosts:
 | |
|     runs-on: ubuntu-latest
 | |
|     steps:
 | |
|       -
 | |
|         name: Checkout
 | |
|         uses: actions/checkout@v4
 | |
|       -
 | |
|         name: Set up Docker Buildx
 | |
|         uses: docker/setup-buildx-action@v3
 | |
|         with:
 | |
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
 | |
|           driver-opts: |
 | |
|             network=host
 | |
|             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}            
 | |
|       -
 | |
|         name: Build
 | |
|         uses: ./
 | |
|         with:
 | |
|           context: ./test
 | |
|           file: ./test/addhost.Dockerfile
 | |
|           tags: name/app:latest
 | |
|           add-hosts: |
 | |
|             docker:10.180.0.1
 | |
|             foo:10.0.0.1            
 | |
| 
 | |
|   no-cache-filters:
 | |
|     runs-on: ubuntu-latest
 | |
|     steps:
 | |
|       -
 | |
|         name: Checkout
 | |
|         uses: actions/checkout@v4
 | |
|       -
 | |
|         name: Set up Docker Buildx
 | |
|         uses: docker/setup-buildx-action@v3
 | |
|         with:
 | |
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
 | |
|           driver-opts: |
 | |
|             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}            
 | |
|       -
 | |
|         name: Build
 | |
|         uses: ./
 | |
|         with:
 | |
|           context: ./test
 | |
|           file: ./test/nocachefilter.Dockerfile
 | |
|           no-cache-filters: build
 | |
|           tags: name/app:latest
 | |
|           cache-from: type=gha,scope=nocachefilter
 | |
|           cache-to: type=gha,scope=nocachefilter,mode=max
 | |
| 
 | |
|   attests-compat:
 | |
|     runs-on: ubuntu-latest
 | |
|     strategy:
 | |
|       fail-fast: false
 | |
|       matrix:
 | |
|         include:
 | |
|           - buildx: latest
 | |
|             buildkit: moby/buildkit:buildx-stable-1
 | |
|           - buildx: latest
 | |
|             buildkit: moby/buildkit:v0.10.6
 | |
|           - buildx: v0.9.1
 | |
|             buildkit: moby/buildkit:buildx-stable-1
 | |
|     steps:
 | |
|       -
 | |
|         name: Checkout
 | |
|         uses: actions/checkout@v4
 | |
|       -
 | |
|         name: Set up Docker Buildx
 | |
|         uses: docker/setup-buildx-action@v3
 | |
|         with:
 | |
|           version: ${{ matrix.buildx }}
 | |
|           driver-opts: |
 | |
|             network=host
 | |
|             image=${{ matrix.buildkit }}            
 | |
|       -
 | |
|         name: Build
 | |
|         uses: ./
 | |
|         with:
 | |
|           context: ./test/go
 | |
|           file: ./test/go/Dockerfile
 | |
|           outputs: type=cacheonly
 | |
| 
 | |
|   provenance:
 | |
|     runs-on: ubuntu-latest
 | |
|     strategy:
 | |
|       fail-fast: false
 | |
|       matrix:
 | |
|         include:
 | |
|           - target: image
 | |
|             output: type=image,name=localhost:5000/name/app:latest,push=true
 | |
|             attr: mode=max
 | |
|           - target: image
 | |
|             output: type=image,name=localhost:5000/name/app:latest,push=true
 | |
|             attr: ''
 | |
|           - target: binary
 | |
|             output: /tmp/buildx-build
 | |
|             attr: mode=max
 | |
|           - target: binary
 | |
|             output: /tmp/buildx-build
 | |
|             attr: ''
 | |
|     services:
 | |
|       registry:
 | |
|         image: registry:2
 | |
|         ports:
 | |
|           - 5000:5000
 | |
|     steps:
 | |
|       -
 | |
|         name: Checkout
 | |
|         uses: actions/checkout@v4
 | |
|       -
 | |
|         name: Set up Docker Buildx
 | |
|         uses: docker/setup-buildx-action@v3
 | |
|         with:
 | |
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
 | |
|           driver-opts: |
 | |
|             network=host
 | |
|             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}            
 | |
|       -
 | |
|         name: Build
 | |
|         uses: ./
 | |
|         with:
 | |
|           context: ./test/go
 | |
|           file: ./test/go/Dockerfile
 | |
|           target: ${{ matrix.target }}
 | |
|           outputs: ${{ matrix.output }}
 | |
|           provenance: ${{ matrix.attr }}
 | |
|       -
 | |
|         name: Inspect Provenance
 | |
|         if: matrix.target == 'image'
 | |
|         run: |
 | |
|           docker buildx imagetools inspect localhost:5000/name/app:latest --format '{{json .Provenance}}'          
 | |
|       -
 | |
|         name: Check output folder
 | |
|         if: matrix.target == 'binary'
 | |
|         run: |
 | |
|           tree /tmp/buildx-build          
 | |
|       -
 | |
|         name: Print local Provenance
 | |
|         if: matrix.target == 'binary'
 | |
|         run: |
 | |
|           cat /tmp/buildx-build/provenance.json | jq          
 | |
| 
 | |
|   sbom:
 | |
|     runs-on: ubuntu-latest
 | |
|     strategy:
 | |
|       fail-fast: false
 | |
|       matrix:
 | |
|         include:
 | |
|           - target: image
 | |
|             output: type=image,name=localhost:5000/name/app:latest,push=true
 | |
|           - target: binary
 | |
|             output: /tmp/buildx-build
 | |
|     services:
 | |
|       registry:
 | |
|         image: registry:2
 | |
|         ports:
 | |
|           - 5000:5000
 | |
|     steps:
 | |
|       -
 | |
|         name: Checkout
 | |
|         uses: actions/checkout@v4
 | |
|       -
 | |
|         name: Set up Docker Buildx
 | |
|         uses: docker/setup-buildx-action@v3
 | |
|         with:
 | |
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
 | |
|           driver-opts: |
 | |
|             network=host
 | |
|             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}            
 | |
|       -
 | |
|         name: Build
 | |
|         uses: ./
 | |
|         with:
 | |
|           context: ./test/go
 | |
|           file: ./test/go/Dockerfile
 | |
|           target: ${{ matrix.target }}
 | |
|           outputs: ${{ matrix.output }}
 | |
|           sbom: true
 | |
|           cache-from: type=gha,scope=attests-${{ matrix.target }}
 | |
|           cache-to: type=gha,scope=attests-${{ matrix.target }},mode=max
 | |
|       -
 | |
|         name: Inspect SBOM
 | |
|         if: matrix.target == 'image'
 | |
|         run: |
 | |
|           docker buildx imagetools inspect localhost:5000/name/app:latest --format '{{json .SBOM}}'          
 | |
|       -
 | |
|         name: Check output folder
 | |
|         if: matrix.target == 'binary'
 | |
|         run: |
 | |
|           tree /tmp/buildx-build          
 | |
|       -
 | |
|         name: Print local SBOM
 | |
|         if: matrix.target == 'binary'
 | |
|         run: |
 | |
|           cat /tmp/buildx-build/sbom.spdx.json | jq          
 | |
| 
 | |
|   multi:
 | |
|     runs-on: ubuntu-latest
 | |
|     strategy:
 | |
|       fail-fast: false
 | |
|       matrix:
 | |
|         dockerfile:
 | |
|           - multi
 | |
|           - multi-sudo
 | |
|     services:
 | |
|       registry:
 | |
|         image: registry:2
 | |
|         ports:
 | |
|           - 5000:5000
 | |
|     steps:
 | |
|       -
 | |
|         name: Checkout
 | |
|         uses: actions/checkout@v4
 | |
|       -
 | |
|         name: Set up QEMU
 | |
|         uses: docker/setup-qemu-action@v3
 | |
|       -
 | |
|         name: Set up Docker Buildx
 | |
|         id: buildx
 | |
|         uses: docker/setup-buildx-action@v3
 | |
|         with:
 | |
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
 | |
|           driver-opts: |
 | |
|             network=host
 | |
|             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}            
 | |
|       -
 | |
|         name: Build and push
 | |
|         id: docker_build
 | |
|         uses: ./
 | |
|         with:
 | |
|           context: ./test
 | |
|           file: ./test/${{ matrix.dockerfile }}.Dockerfile
 | |
|           builder: ${{ steps.buildx.outputs.name }}
 | |
|           platforms: linux/amd64,linux/arm64
 | |
|           push: true
 | |
|           tags: |
 | |
|             localhost:5000/name/app:latest
 | |
|             localhost:5000/name/app:1.0.0            
 | |
|       -
 | |
|         name: Inspect
 | |
|         run: |
 | |
|           docker buildx imagetools inspect localhost:5000/name/app:1.0.0 --format '{{json .}}'          
 | |
|       -
 | |
|         name: Check digest
 | |
|         run: |
 | |
|           if [ -z "${{ steps.docker_build.outputs.digest }}" ]; then
 | |
|             echo "::error::Digest should not be empty"
 | |
|             exit 1
 | |
|           fi          
 | |
| 
 | |
|   digest:
 | |
|     runs-on: ubuntu-latest
 | |
|     env:
 | |
|       DOCKER_IMAGE: localhost:5000/name/app
 | |
|     strategy:
 | |
|       fail-fast: false
 | |
|       matrix:
 | |
|         driver:
 | |
|           - docker
 | |
|           - docker-container
 | |
|         load:
 | |
|           - true
 | |
|           - false
 | |
|         push:
 | |
|           - true
 | |
|           - false
 | |
|         exclude:
 | |
|           - driver: docker
 | |
|             load: true
 | |
|             push: true
 | |
|           - driver: docker-container
 | |
|             load: true
 | |
|             push: true
 | |
|     services:
 | |
|       registry:
 | |
|         image: registry:2
 | |
|         ports:
 | |
|           - 5000:5000
 | |
|     steps:
 | |
|       -
 | |
|         name: Checkout
 | |
|         uses: actions/checkout@v4
 | |
|       -
 | |
|         name: Set up Docker Buildx
 | |
|         uses: docker/setup-buildx-action@v3
 | |
|         with:
 | |
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
 | |
|           driver: ${{ matrix.driver }}
 | |
|           driver-opts: |
 | |
|             network=host            
 | |
|       -
 | |
|         name: Build
 | |
|         id: docker_build
 | |
|         uses: ./
 | |
|         with:
 | |
|           context: ./test
 | |
|           load: ${{ matrix.load }}
 | |
|           push: ${{ matrix.push }}
 | |
|           tags: ${{ env.DOCKER_IMAGE }}:latest
 | |
|           platforms: ${{ matrix.platforms }}
 | |
|       -
 | |
|         name: Docker images
 | |
|         run: |
 | |
|           docker image ls --no-trunc          
 | |
|       -
 | |
|         name: Check digest
 | |
|         run: |
 | |
|           if [[ "${{ matrix.driver }}" = "docker-container" ]] && [[ "${{ matrix.load }}" = "false" ]] && [[ "${{ matrix.push }}" = "false" ]]; then
 | |
|             if [ -n "${{ steps.docker_build.outputs.digest }}" ]; then
 | |
|               echo "::error::Digest should be empty"
 | |
|               exit 1
 | |
|             fi
 | |
|           elif [[ "${{ matrix.push }}" = "true" ]] && [[ -z "${{ steps.docker_build.outputs.digest }}" ]]; then
 | |
|             echo "::error::Digest should not be empty"
 | |
|             exit 1
 | |
|           fi          
 | |
|       -
 | |
|         name: Check manifest
 | |
|         if: ${{ matrix.push }}
 | |
|         run: |
 | |
|           set -x
 | |
|           docker buildx imagetools inspect ${{ env.DOCKER_IMAGE }}@${{ steps.docker_build.outputs.digest }} --format '{{json .}}'          
 | |
|       -
 | |
|         name: Check image ID
 | |
|         run: |
 | |
|           if [[ "${{ matrix.driver }}" = "docker-container" ]] && [[ "${{ matrix.load }}" = "false" ]] && [[ "${{ matrix.push }}" = "false" ]]; then
 | |
|             if [ -n "${{ steps.docker_build.outputs.imageid }}" ]; then
 | |
|               echo "::error::Image ID should be empty"
 | |
|               exit 1
 | |
|             fi
 | |
|           elif [ -z "${{ steps.docker_build.outputs.imageid }}" ]; then
 | |
|             echo "::error::Image ID should not be empty"
 | |
|             exit 1
 | |
|           fi          
 | |
|       -
 | |
|         name: Inspect image
 | |
|         if: ${{ matrix.load }}
 | |
|         run: |
 | |
|           set -x
 | |
|           docker image inspect ${{ steps.docker_build.outputs.imageid }}          
 | |
| 
 | |
|   registry-cache:
 | |
|     runs-on: ubuntu-latest
 | |
|     services:
 | |
|       registry:
 | |
|         image: registry:2
 | |
|         ports:
 | |
|           - 5000:5000
 | |
|     steps:
 | |
|       -
 | |
|         name: Checkout
 | |
|         uses: actions/checkout@v4
 | |
|       -
 | |
|         name: Set up QEMU
 | |
|         uses: docker/setup-qemu-action@v3
 | |
|       -
 | |
|         name: Set up Docker Buildx
 | |
|         uses: docker/setup-buildx-action@v3
 | |
|         with:
 | |
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
 | |
|           driver-opts: |
 | |
|             network=host
 | |
|             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}            
 | |
|       -
 | |
|         name: Build and push
 | |
|         id: docker_build
 | |
|         uses: ./
 | |
|         with:
 | |
|           context: ./test
 | |
|           file: ./test/multi.Dockerfile
 | |
|           builder: ${{ steps.buildx.outputs.name }}
 | |
|           platforms: linux/amd64,linux/arm64
 | |
|           push: true
 | |
|           tags: |
 | |
|             localhost:5000/name/app:latest
 | |
|             localhost:5000/name/app:1.0.0            
 | |
|           cache-from: type=registry,ref=localhost:5000/name/app
 | |
|           cache-to: type=inline
 | |
|       -
 | |
|         name: Inspect
 | |
|         run: |
 | |
|           docker buildx imagetools inspect localhost:5000/name/app:latest --format '{{json .}}'          
 | |
|       -
 | |
|         name: Check digest
 | |
|         run: |
 | |
|           if [ -z "${{ steps.docker_build.outputs.digest }}" ]; then
 | |
|             echo "::error::Digest should not be empty"
 | |
|             exit 1
 | |
|           fi          
 | |
| 
 | |
|   github-cache:
 | |
|     runs-on: ubuntu-latest
 | |
|     services:
 | |
|       registry:
 | |
|         image: registry:2
 | |
|         ports:
 | |
|           - 5000:5000
 | |
|     steps:
 | |
|       -
 | |
|         name: Checkout
 | |
|         uses: actions/checkout@v4
 | |
|       -
 | |
|         name: Set up QEMU
 | |
|         uses: docker/setup-qemu-action@v3
 | |
|       -
 | |
|         name: Set up Docker Buildx
 | |
|         uses: docker/setup-buildx-action@v3
 | |
|         with:
 | |
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
 | |
|           driver-opts: |
 | |
|             network=host
 | |
|             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}            
 | |
|           buildkitd-flags: --debug
 | |
|       -
 | |
|         name: Build and push
 | |
|         uses: ./
 | |
|         with:
 | |
|           context: ./test
 | |
|           file: ./test/multi.Dockerfile
 | |
|           platforms: linux/amd64,linux/arm64
 | |
|           push: true
 | |
|           tags: |
 | |
|             localhost:5000/name/app:latest
 | |
|             localhost:5000/name/app:1.0.0            
 | |
|           cache-from: type=gha,scope=ci-${{ matrix.buildx_version }}
 | |
|           cache-to: type=gha,scope=ci-${{ matrix.buildx_version }}
 | |
|       -
 | |
|         name: Inspect
 | |
|         run: |
 | |
|           docker buildx imagetools inspect localhost:5000/name/app:1.0.0 --format '{{json .}}'          
 | |
| 
 | |
|   local-cache:
 | |
|     runs-on: ubuntu-latest
 | |
|     services:
 | |
|       registry:
 | |
|         image: registry:2
 | |
|         ports:
 | |
|           - 5000:5000
 | |
|     steps:
 | |
|       -
 | |
|         name: Checkout
 | |
|         uses: actions/checkout@v4
 | |
|       -
 | |
|         name: Set up QEMU
 | |
|         uses: docker/setup-qemu-action@v3
 | |
|       -
 | |
|         name: Set up Docker Buildx
 | |
|         uses: docker/setup-buildx-action@v3
 | |
|         with:
 | |
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
 | |
|           driver-opts: |
 | |
|             network=host
 | |
|             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}            
 | |
|           buildkitd-flags: --debug
 | |
|       -
 | |
|         name: Cache Build
 | |
|         uses: actions/cache@v4
 | |
|         with:
 | |
|           path: /tmp/.buildx-cache
 | |
|           key: ${{ runner.os }}-local-test-${{ github.sha }}
 | |
|           restore-keys: |
 | |
|             ${{ runner.os }}-local-test-            
 | |
|       -
 | |
|         name: Build and push
 | |
|         uses: ./
 | |
|         with:
 | |
|           context: ./test
 | |
|           file: ./test/multi.Dockerfile
 | |
|           platforms: linux/amd64,linux/arm64
 | |
|           push: true
 | |
|           tags: |
 | |
|             localhost:5000/name/app:latest
 | |
|             localhost:5000/name/app:1.0.0            
 | |
|           cache-from: type=local,src=/tmp/.buildx-cache
 | |
|           cache-to: type=local,dest=/tmp/.buildx-cache-new
 | |
|       -
 | |
|         name: Inspect
 | |
|         run: |
 | |
|           docker buildx imagetools inspect localhost:5000/name/app:1.0.0 --format '{{json .}}'          
 | |
|       -
 | |
|         # Temp fix
 | |
|         # https://github.com/docker/build-push-action/issues/252
 | |
|         # https://github.com/moby/buildkit/issues/1896
 | |
|         name: Move cache
 | |
|         run: |
 | |
|           rm -rf /tmp/.buildx-cache
 | |
|           mv /tmp/.buildx-cache-new /tmp/.buildx-cache          
 | |
| 
 | |
|   standalone:
 | |
|     runs-on: ubuntu-latest
 | |
|     steps:
 | |
|       -
 | |
|         name: Checkout
 | |
|         uses: actions/checkout@v4
 | |
|       -
 | |
|         name: Uninstall docker cli
 | |
|         run: |
 | |
|           if dpkg -s "docker-ce" >/dev/null 2>&1; then
 | |
|             sudo dpkg -r --force-depends docker-ce-cli docker-buildx-plugin
 | |
|           else
 | |
|             sudo apt-get purge -y moby-cli moby-buildx
 | |
|           fi          
 | |
|       -
 | |
|         name: Set up Docker Buildx
 | |
|         uses: docker/setup-buildx-action@v3
 | |
|         with:
 | |
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
 | |
|           driver-opts: |
 | |
|             network=host
 | |
|             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}            
 | |
|       -
 | |
|         name: Build
 | |
|         uses: ./
 | |
|         with:
 | |
|           context: ./test
 | |
|           file: ./test/Dockerfile
 | |
| 
 | |
|   named-context-pin:
 | |
|     runs-on: ubuntu-latest
 | |
|     steps:
 | |
|       -
 | |
|         name: Checkout
 | |
|         uses: actions/checkout@v4
 | |
|       -
 | |
|         name: Set up Docker Buildx
 | |
|         uses: docker/setup-buildx-action@v3
 | |
|         with:
 | |
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
 | |
|           driver-opts: |
 | |
|             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}            
 | |
|       -
 | |
|         name: Build base image
 | |
|         uses: ./
 | |
|         with:
 | |
|           context: ./test
 | |
|           file: ./test/named-context.Dockerfile
 | |
|           build-contexts: |
 | |
|             alpine=docker-image://alpine:edge            
 | |
| 
 | |
|   named-context-docker:
 | |
|     runs-on: ubuntu-latest
 | |
|     steps:
 | |
|       -
 | |
|         name: Checkout
 | |
|         uses: actions/checkout@v4
 | |
|       -
 | |
|         name: Set up Docker Buildx
 | |
|         uses: docker/setup-buildx-action@v3
 | |
|         with:
 | |
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
 | |
|           driver: docker
 | |
|       -
 | |
|         name: Build base image
 | |
|         uses: ./
 | |
|         with:
 | |
|           context: ./test
 | |
|           file: ./test/named-context-base.Dockerfile
 | |
|           load: true
 | |
|           tags: my-base-image:local
 | |
|       -
 | |
|         name: Build
 | |
|         uses: ./
 | |
|         with:
 | |
|           context: ./test
 | |
|           file: ./test/named-context.Dockerfile
 | |
|           build-contexts: |
 | |
|             base=docker-image://my-base-image:local            
 | |
| 
 | |
|   named-context-container:
 | |
|     runs-on: ubuntu-latest
 | |
|     services:
 | |
|       registry:
 | |
|         image: registry:2
 | |
|         ports:
 | |
|           - 5000:5000
 | |
|     steps:
 | |
|       -
 | |
|         name: Checkout
 | |
|         uses: actions/checkout@v4
 | |
|       -
 | |
|         name: Set up Docker Buildx
 | |
|         uses: docker/setup-buildx-action@v3
 | |
|         with:
 | |
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
 | |
|           driver-opts: |
 | |
|             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
 | |
|             network=host            
 | |
|       -
 | |
|         name: Build base image
 | |
|         uses: ./
 | |
|         with:
 | |
|           context: ./test
 | |
|           file: ./test/named-context-base.Dockerfile
 | |
|           tags: localhost:5000/my-base-image:latest
 | |
|           push: true
 | |
|       -
 | |
|         name: Build
 | |
|         uses: ./
 | |
|         with:
 | |
|           context: ./test
 | |
|           file: ./test/named-context.Dockerfile
 | |
|           build-contexts: |
 | |
|             alpine=docker-image://localhost:5000/my-base-image:latest            
 | |
| 
 | |
|   docker-config-malformed:
 | |
|     runs-on: ubuntu-latest
 | |
|     steps:
 | |
|       -
 | |
|         name: Checkout
 | |
|         uses: actions/checkout@v4
 | |
|       -
 | |
|         name: Set malformed docker config
 | |
|         run: |
 | |
|           mkdir -p ~/.docker
 | |
|           echo 'foo_bar' >> ~/.docker/config.json          
 | |
|       -
 | |
|         name: Build
 | |
|         uses: ./
 | |
|         with:
 | |
|           context: ./test
 | |
| 
 | |
|   proxy-docker-config:
 | |
|     runs-on: ubuntu-latest
 | |
|     services:
 | |
|       squid-proxy:
 | |
|         image: ubuntu/squid:latest
 | |
|         ports:
 | |
|           - 3128:3128
 | |
|     steps:
 | |
|       -
 | |
|         name: Check proxy
 | |
|         run: |
 | |
|           netstat -aptn
 | |
|           curl --retry 5 --retry-all-errors --retry-delay 0 --connect-timeout 5 --proxy http://127.0.0.1:3128 -v --insecure --head https://www.google.com          
 | |
|       -
 | |
|         name: Checkout
 | |
|         uses: actions/checkout@v4
 | |
|       -
 | |
|         name: Set proxy config
 | |
|         run: |
 | |
|           mkdir -p ~/.docker
 | |
|           echo '{"proxies":{"default":{"httpProxy":"http://127.0.0.1:3128","httpsProxy":"http://127.0.0.1:3128"}}}' > ~/.docker/config.json          
 | |
|       -
 | |
|         name: Set up Docker Buildx
 | |
|         uses: docker/setup-buildx-action@v3
 | |
|         with:
 | |
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
 | |
|           driver-opts: |
 | |
|             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
 | |
|             network=host            
 | |
|           buildkitd-flags: --debug
 | |
|       -
 | |
|         name: Build
 | |
|         uses: ./
 | |
|         with:
 | |
|           context: ./test
 | |
|           file: ./test/proxy.Dockerfile
 | |
| 
 | |
|   proxy-buildkitd:
 | |
|     runs-on: ubuntu-latest
 | |
|     services:
 | |
|       squid-proxy:
 | |
|         image: ubuntu/squid:latest
 | |
|         ports:
 | |
|           - 3128:3128
 | |
|     steps:
 | |
|       -
 | |
|         name: Check proxy
 | |
|         run: |
 | |
|           netstat -aptn
 | |
|           curl --retry 5 --retry-all-errors --retry-delay 0 --connect-timeout 5 --proxy http://127.0.0.1:3128 -v --insecure --head https://www.google.com          
 | |
|       -
 | |
|         name: Checkout
 | |
|         uses: actions/checkout@v4
 | |
|       -
 | |
|         name: Set up Docker Buildx
 | |
|         uses: docker/setup-buildx-action@v3
 | |
|         with:
 | |
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
 | |
|           driver-opts: |
 | |
|             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
 | |
|             network=host
 | |
|             env.http_proxy=http://127.0.0.1:3128
 | |
|             env.https_proxy=http://127.0.0.1:3128            
 | |
|           buildkitd-flags: --debug
 | |
|       -
 | |
|         name: Build
 | |
|         uses: ./
 | |
|         with:
 | |
|           context: ./test
 | |
|           file: ./test/Dockerfile
 | |
| 
 | |
|   annotations:
 | |
|     runs-on: ubuntu-latest
 | |
|     env:
 | |
|       DOCKER_IMAGE: localhost:5000/name/app
 | |
|     services:
 | |
|       registry:
 | |
|         image: registry:2
 | |
|         ports:
 | |
|           - 5000:5000
 | |
|     steps:
 | |
|       -
 | |
|         name: Checkout
 | |
|         uses: actions/checkout@v4
 | |
|       -
 | |
|         name: Docker meta
 | |
|         id: meta
 | |
|         uses: docker/metadata-action@v5
 | |
|         with:
 | |
|           images: ${{ env.DOCKER_IMAGE }}
 | |
|           tags: |
 | |
|             type=schedule
 | |
|             type=ref,event=branch
 | |
|             type=ref,event=pr
 | |
|             type=semver,pattern={{version}}
 | |
|             type=semver,pattern={{major}}.{{minor}}
 | |
|             type=semver,pattern={{major}}
 | |
|             type=sha            
 | |
|       -
 | |
|         name: Set up Docker Buildx
 | |
|         uses: docker/setup-buildx-action@v3
 | |
|         with:
 | |
|           version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
 | |
|           driver-opts: |
 | |
|             network=host
 | |
|             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}            
 | |
|       -
 | |
|         name: Build and push to local registry
 | |
|         uses: ./
 | |
|         with:
 | |
|           context: ./test
 | |
|           file: ./test/Dockerfile
 | |
|           push: true
 | |
|           tags: ${{ steps.meta.outputs.tags }}
 | |
|           annotations: |
 | |
|             index:com.example.key=value
 | |
|             index:com.example.key2=value2
 | |
|             manifest:com.example.key3=value3            
 | |
|       -
 | |
|         name: Check manifest
 | |
|         run: |
 | |
|           docker buildx imagetools inspect ${{ env.DOCKER_IMAGE }}:${{ steps.meta.outputs.version }} --format '{{json .}}'          
 |