Skip to content

build: try a manual docker build for arm64 variant 8 #143

build: try a manual docker build for arm64 variant 8

build: try a manual docker build for arm64 variant 8 #143

Workflow file for this run

name: main
on:
schedule:
# update the pointers once a week
# https://crontab.guru/once-a-week
- cron: "0 0 * * 0"
push:
branches: main
jobs:
docker:
strategy:
fail-fast: false
matrix:
repository:
- 'ghcr.io'
- 'docker.io'
python:
- '3.13'
- '3.12'
- '3.11'
- '3.10'
- '3.9'
- '3.8'
alpine:
- '3.20'
- '3.21'
os:
- 'ubuntu-latest'
exclude:
# No tag
- python: '3.8'
alpine: '3.21'
runs-on: ${{ matrix.os }}
permissions:
packages: write
env:
PLATFORMS: 'linux/amd64 linux/arm64/v8'
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
id: image_env
run: |
. ./env.sh \
'${{ matrix.alpine }}' \
'${{ matrix.python }}' \
'${{ github.repository_owner }}' \
'${{ matrix.repository }}'
docker pull "${SOURCE_IMAGE}" || true
echo "IMAGE_HOME=$(mktemp -d)" >> "$GITHUB_OUTPUT"
echo ALPINE_VERSION="${ALPINE_VERSION}" >> "$GITHUB_OUTPUT"
echo PYTHON_VERSION="${PYTHON_VERSION}" >> "$GITHUB_OUTPUT"
echo SOURCE_IMAGE="${SOURCE_IMAGE}" >> "$GITHUB_OUTPUT"
echo IMAGE_TAG="${IMAGE_TAG}" >> "$GITHUB_OUTPUT"
echo REPOSITORY="${REPOSITORY}" >> "$GITHUB_OUTPUT"
echo BASE_IMAGE_DIGEST="$(digest_of "$SOURCE_IMAGE")" >> "$GITHUB_OUTPUT"
echo 'IMAGE_DESCRIPTION=${{ github.event.repository.description }}. See ${{ github.server_url }}/${{ github.repository }} for more info.' >> "$GITHUB_OUTPUT"
# -
# name: Buildroot
# uses: docker/build-push-action@v6
# with:
# provenance: false
# platforms: |
# linux/amd64
# linux/arm64/v8
# context: "."
# file: Dockerfile.alpine
# target: buildroot
# cache-to: |
# type=gha
# cache-from: |
# type=gha
# type=registry,ref=${{ steps.image_env.outputs.IMAGE_TAG }}-buildroot
# type=registry,ref=${{ steps.image_env.outputs.SOURCE_IMAGE }}@${{ steps.image_env.outputs.BASE_IMAGE_DIGEST }}
# build-args: |
# ALPINE_VERSION=${{ steps.image_env.outputs.ALPINE_VERSION }}
# BASE_IMAGE_DIGEST=${{ steps.image_env.outputs.BASE_IMAGE_DIGEST }}
# PYTHON_VERSION=${{ steps.image_env.outputs.PYTHON_VERSION }}
# SOURCE_IMAGE=${{ steps.image_env.outputs.SOURCE_IMAGE }}
# BUILD_ROOT=/d
# tags: "${{ steps.image_env.outputs.IMAGE_TAG }}-buildroot"
# outputs: type=oci,dest=${{ steps.image_env.outputs.IMAGE_HOME }}/buildroot.tar
# -
# name: distroless
# uses: docker/build-push-action@v6
# with:
# provenance: false
# platforms: |
# linux/amd64
# linux/arm64/v8
# context: "."
# file: Dockerfile.alpine
# # target: distroless-python
# cache-from: |
# type=gha
# type=registry,ref=${{ steps.image_env.outputs.IMAGE_TAG }}
# type=registry,ref=${{ steps.image_env.outputs.IMAGE_TAG }}-buildroot
# type=registry,ref=${{ steps.image_env.outputs.SOURCE_IMAGE }}@${{ steps.image_env.outputs.BASE_IMAGE_DIGEST }}
# cache-to: |
# type=gha
# build-args: |
# ALPINE_VERSION=${{ steps.image_env.outputs.ALPINE_VERSION }}
# BASE_IMAGE_DIGEST=${{ steps.image_env.outputs.BASE_IMAGE_DIGEST }}
# PYTHON_VERSION=${{ steps.image_env.outputs.PYTHON_VERSION }}
# SOURCE_IMAGE=${{ steps.image_env.outputs.SOURCE_IMAGE }}
# BUILD_ROOT=/d
# tags: "${{ steps.image_env.outputs.IMAGE_TAG }}"
# outputs: type=oci,dest=${{ steps.image_env.outputs.IMAGE_HOME }}/image.tar
-
name: Login to GitHub Container Registry
if: ${{ matrix.repository == 'ghcr.io' }}
uses: docker/login-action@v3
with:
registry: 'ghcr.io'
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
-
name: Login to DockerHub
if: ${{ matrix.repository == 'docker.io' }}
uses: docker/login-action@v3
with:
registry: 'docker.io'
username: ${{ github.repository_owner }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
env:
IMAGE_URI: ${{ steps.image_env.outputs.IMAGE_TAG }}-buildroot
IMAGE_HOME: ${{ steps.image_env.outputs.IMAGE_HOME }}
run: |
for platform in $PLATFORMS
do
docker build --platform "$platform" --push --cache-to type=gha --cache-from type=gha --build-arg 'ALPINE_VERSION=${{ steps.image_env.outputs.ALPINE_VERSION }}' --build-arg 'BASE_IMAGE_DIGEST=${{ steps.image_env.outputs.BASE_IMAGE_DIGEST }}' --build-arg 'PYTHON_VERSION=${{ steps.image_env.outputs.PYTHON_VERSION }}' --build-arg 'SOURCE_IMAGE=${{ steps.image_env.outputs.SOURCE_IMAGE }}' --build-arg 'BUILD_ROOT=/d' --tag "${IMAGE_URI}-$(echo "${platform}" | tr '/' '-' )" -f Dockerfile.alpine .
echo "${IMAGE_URI}-$(echo "${platform}" | tr '/' '-' )" | tee -a $IMAGE_HOME/images.txt
done
docker manifest create "${IMAGE_URI}" $(cat $IMAGE_HOME/images.txt)
docker manifest push "${IMAGE_URI}"
# -
# name: Upload Buildroot
# uses: docker/build-push-action@v6
# with:
# push: true
# provenance: false
# platforms: |
# linux/amd64
# linux/arm64/v8
# context: "."
# file: Dockerfile.alpine
# target: buildroot
# cache-to: |
# type=gha
# cache-from: |
# type=gha
# type=registry,ref=${{ steps.image_env.outputs.IMAGE_TAG }}-buildroot
# type=registry,ref=${{ steps.image_env.outputs.SOURCE_IMAGE }}@${{ steps.image_env.outputs.BASE_IMAGE_DIGEST }}
# build-args: |
# ALPINE_VERSION=${{ steps.image_env.outputs.ALPINE_VERSION }}
# BASE_IMAGE_DIGEST=${{ steps.image_env.outputs.BASE_IMAGE_DIGEST }}
# PYTHON_VERSION=${{ steps.image_env.outputs.PYTHON_VERSION }}
# SOURCE_IMAGE=${{ steps.image_env.outputs.SOURCE_IMAGE }}
# BUILD_ROOT=/d
# tags: "${{ steps.image_env.outputs.IMAGE_TAG }}-buildroot"
-
name: Upload
uses: docker/build-push-action@v6
env:
SOURCE_DATE_EPOCH: 0
with:
push: true
context: "."
provenance: false
platforms: |
linux/amd64
linux/arm64/v8
file: Dockerfile.alpine
cache-to: |
type=gha
cache-from: |
type=gha
type=registry,ref=${{ steps.image_env.outputs.IMAGE_TAG }}
type=registry,ref=${{ steps.image_env.outputs.IMAGE_TAG }}-buildroot
type=registry,ref=${{ steps.image_env.outputs.SOURCE_IMAGE }}@${{ steps.image_env.outputs.BASE_IMAGE_DIGEST }}
build-args: |
ALPINE_VERSION=${{ steps.image_env.outputs.ALPINE_VERSION }}
BASE_IMAGE_DIGEST=${{ steps.image_env.outputs.BASE_IMAGE_DIGEST }}
PYTHON_VERSION=${{ steps.image_env.outputs.PYTHON_VERSION }}
SOURCE_IMAGE=${{ steps.image_env.outputs.SOURCE_IMAGE }}
BUILD_ROOT=/d
tags: "${{ steps.image_env.outputs.IMAGE_TAG }}"
labels: ${{steps.image_env.outputs.IMAGE_LABELS}}
sbom: true
annotations: |
index,manifest:org.opencontainers.image.authors=distroless-python image developers <[email protected]>
index,manifest:org.opencontainers.image.source=https://github.com/autumnjolitz/distroless-python
index,manifest:org.opencontainers.image.title=distroless-python${{ steps.image_env.outputs.PYTHON_VERSION }}-alpine${{ steps.image_env.outputs.ALPINE_VERSION }}
index,manifest:org.opencontainers.image.description=${{ steps.image_env.outputs.IMAGE_DESCRIPTION }}
index,manifest:org.opencontainers.image.base.digest=${{ steps.image_env.outputs.BASE_IMAGE_DIGEST }}
index,manifest:org.opencontainers.image.base.name=${{ steps.image_env.outputs.SOURCE_IMAGE }}
index,manifest:distroless.python-version=${{ steps.image_env.outputs.PYTHON_VERSION }}
index,manifest:distroless.alpine-version=${{ steps.image_env.outputs.ALPINE_VERSION }}
index,manifest:distroless.base-image=alpine${{ steps.image_env.outputs.ALPINE_VERSION }}
-
name: examples/simple-flask
uses: docker/build-push-action@v6
with:
context: "examples/simple-flask"
provenance: false
platforms: |
linux/amd64
linux/arm64/v8
cache-from: |
type=gha
type=registry,ref=${{ steps.image_env.outputs.IMAGE_TAG }}
type=registry,ref=${{ steps.image_env.outputs.IMAGE_TAG }}-buildroot
type=registry,ref=${{ steps.image_env.outputs.SOURCE_IMAGE }}@${{ steps.image_env.outputs.BASE_IMAGE_DIGEST }}
build-args: |
SOURCE_IMAGE=${{ steps.image_env.outputs.IMAGE_TAG }}
tags: "${{ steps.image_env.outputs.IMAGE_TAG }}-example1-amd64"
outputs: type=oci,dest=${{ steps.image_env.outputs.IMAGE_HOME }}/example1.tar
update-dockerhub-desc:
needs: [docker]
runs-on: "ubuntu-latest"
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Convert README.rst to markdown
uses: docker://pandoc/core:2.9
with:
args: >-
-s
--wrap=none
-t gfm
-o README.md
README.rst
- name: Update repo description
uses: peter-evans/dockerhub-description@e98e4d1628a5f3be2be7c231e50981aee98723ae # v4.0.0
with:
username: ${{ github.repository_owner }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
short-description: ${{ github.event.repository.description }}