Skip to content

feat: introducing distroless-python #18

feat: introducing distroless-python

feat: introducing distroless-python #18

Workflow file for this run

name: main
on:
push:
branches: [ master, main ]
pull_request:
branches: [ master, main ]
jobs:
docker:
strategy:
fail-fast: false
matrix:
experimental: [false]
repository:
- 'ghcr.io'
python:
- '3.12'
alpine:
- '3.20'
os:
- 'ubuntu-latest'
runs-on: ${{ matrix.os }}
permissions:
packages: write
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
id: image_env
run: |
. ./env.sh \
'${{ matrix.alpine }}' \
'${{ matrix.python }}' \
'${{ github.repository_owner }}' \
'${{ matrix.repository }}'
docker pull "${SOURCE_IMAGE}"
echo ALPINE_VERSION="${ALPINE_VERSION}" >> "$GITHUB_OUTPUT"
echo PYTHON_VERSION="${PYTHON_VERSION}" >> "$GITHUB_OUTPUT"
echo SOURCE_IMAGE="${SOURCE_IMAGE}" >> "$GITHUB_OUTPUT"
echo IMAGE_TAG="${IMAGE_TAG}" >> "$GITHUB_OUTPUT"
echo REPOSITORY="${REPOSITORY}" >> "$GITHUB_OUTPUT"
echo BASE_IMAGE_DIGEST="$(digest_of "$SOURCE_IMAGE")" >> "$GITHUB_OUTPUT"
-
name: Build deps
uses: docker/build-push-action@v6
with:
load: true
context: "."
file: Dockerfile.alpine
target: buildroot
cache-from: |
type=registry,ref=${{ steps.image_env.outputs.IMAGE_TAG }}-buildroot
build-args: |
ALPINE_VERSION=${{ steps.image_env.outputs.ALPINE_VERSION }}
BASE_IMAGE_DIGEST=${{ steps.image_env.outputs.BASE_IMAGE_DIGEST }}
PYTHON_VERSION=${{ steps.image_env.outputs.PYTHON_VERSION }}
SOURCE_IMAGE=${{ steps.image_env.outputs.SOURCE_IMAGE }}
BUILD_ROOT=/d
tags: "${{ steps.image_env.outputs.IMAGE_TAG }}-buildroot"
-
name: Build
uses: docker/build-push-action@v6
with:
load: true
context: "."
file: Dockerfile.alpine
cache-from: |
type=registry,ref=${{ steps.image_env.outputs.IMAGE_TAG }}
type=registry,ref=${{ steps.image_env.outputs.IMAGE_TAG }}-buildroot
type=registry,ref=${{ steps.image_env.outputs.SOURCE_IMAGE }}
build-args: |
ALPINE_VERSION=${{ steps.image_env.outputs.ALPINE_VERSION }}
BASE_IMAGE_DIGEST=${{ steps.image_env.outputs.BASE_IMAGE_DIGEST }}
PYTHON_VERSION=${{ steps.image_env.outputs.PYTHON_VERSION }}
SOURCE_IMAGE=${{ steps.image_env.outputs.SOURCE_IMAGE }}
BUILD_ROOT=/d
tags: "${{ steps.image_env.outputs.IMAGE_TAG }}"
-
name: Do some tests
run: |
docker run --rm -t '${{ steps.image_env.outputs.IMAGE_TAG }}' -c 'import weakref,string,zipfile,tarfile,urllib.request;print(urllib.request.urlopen("https://www.google.com").read()[:100])'
-
name: Login to GitHub Container Registry
if: ${{ matrix.repository == 'ghcr.io' }}
uses: docker/login-action@v3
with:
registry: 'ghcr.io'
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
-
name: Upload
uses: docker/build-push-action@v6
with:
push: true
context: "."
file: Dockerfile.alpine
cache-from: |
type=registry,ref=${{ steps.image_env.outputs.IMAGE_TAG }}
type=registry,ref=${{ steps.image_env.outputs.IMAGE_TAG }}-buildroot
type=registry,ref=${{ steps.image_env.outputs.SOURCE_IMAGE }}
cache-to: |
type=registry,ref=${{ steps.image_env.outputs.IMAGE_TAG }}-buildroot,mode=max
build-args: |
ALPINE_VERSION=${{ steps.image_env.outputs.ALPINE_VERSION }}
BASE_IMAGE_DIGEST=${{ steps.image_env.outputs.BASE_IMAGE_DIGEST }}
PYTHON_VERSION=${{ steps.image_env.outputs.PYTHON_VERSION }}
SOURCE_IMAGE=${{ steps.image_env.outputs.SOURCE_IMAGE }}
BUILD_ROOT=/d
tags: "${{ steps.image_env.outputs.IMAGE_TAG }}"