Skip to content

chore(deps): bump github.com/containerd/containerd from 1.7.18 to 1.7.21 #2350

chore(deps): bump github.com/containerd/containerd from 1.7.18 to 1.7.21

chore(deps): bump github.com/containerd/containerd from 1.7.18 to 1.7.21 #2350

Workflow file for this run

name: build
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
push:
branches:
- 'master'
tags:
- 'v*'
pull_request:
env:
DOCKERHUB_SLUG: crazymax/diun
GHCR_SLUG: ghcr.io/crazy-max/diun
DESTDIR: ./bin
jobs:
prepare:
runs-on: ubuntu-latest
outputs:
validate-targets: ${{ steps.validate-targets.outputs.matrix }}
artifact-platforms: ${{ steps.artifact-platforms.outputs.matrix }}
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Validate targets matrix
id: validate-targets
run: |
echo "matrix=$(docker buildx bake validate --print | jq -cr '.target | keys')" >> $GITHUB_OUTPUT
-
name: Artifact platforms matrix
id: artifact-platforms
run: |
echo "matrix=$(docker buildx bake artifact-all --print | jq -cr '.target."artifact-all".platforms')" >> $GITHUB_OUTPUT
validate:
runs-on: ubuntu-latest
needs:
- prepare
strategy:
fail-fast: false
matrix:
target: ${{ fromJson(needs.prepare.outputs.validate-targets) }}
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Validate
uses: docker/bake-action@v5
with:
targets: ${{ matrix.target }}
test:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Test
uses: docker/bake-action@v5
with:
targets: test
pull: true
-
name: Upload coverage
uses: codecov/codecov-action@v4
with:
directory: ${{ env.DESTDIR }}/coverage
token: ${{ secrets.CODECOV_TOKEN }}
artifact:
runs-on: ubuntu-latest
needs:
- prepare
- validate
strategy:
fail-fast: false
matrix:
platform: ${{ fromJson(needs.prepare.outputs.artifact-platforms) }}
steps:
-
name: Prepare
run: |
platform=${{ matrix.platform }}
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
-
name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Build
uses: docker/bake-action@v5
with:
targets: artifact
provenance: mode=max
sbom: true
pull: true
set: |
*.platform=${{ matrix.platform }}
*.cache-from=type=gha,scope=artifact-${{ env.PLATFORM_PAIR }}
*.cache-to=type=gha,scope=artifact-${{ env.PLATFORM_PAIR }},mode=max
-
name: Rename provenance and sbom
working-directory: ${{ env.DESTDIR }}/artifact
run: |
binname=$(find . -name 'diun_*')
filename=$(basename "$binname" | sed -E 's/\.(tar\.gz|zip)$//')
mv "provenance.json" "${filename}.provenance.json"
mv "sbom-binary.spdx.json" "${filename}.sbom.json"
find . -name 'sbom*.json' -exec rm {} \;
-
name: List artifacts
run: |
tree -nh ${{ env.DESTDIR }}
-
name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: diun-${{ env.PLATFORM_PAIR }}
path: ${{ env.DESTDIR }}
if-no-files-found: error
release:
runs-on: ubuntu-latest
needs:
- artifact
- test
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Download artifacts
uses: actions/download-artifact@v4
with:
path: ${{ env.DESTDIR }}
pattern: diun-*
merge-multiple: true
-
name: List artifacts
run: |
tree -nh ${{ env.DESTDIR }}
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Build
uses: docker/bake-action@v5
with:
targets: release
provenance: false
-
name: GitHub Release
uses: softprops/action-gh-release@v2
if: startsWith(github.ref, 'refs/tags/')
with:
draft: true
files: |
${{ env.DESTDIR }}/release/*
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
image:
runs-on: ubuntu-latest
needs:
- artifact
- test
steps:
-
name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
-
name: Prepare
run: |
cfroms=
while read -r platform; do
if [ -n "$cfroms" ]; then cfroms="${cfroms}\n"; fi
cfroms="${cfroms}*.cache-from=type=gha,scope=artifact-${platform//\//-}"
done < <(docker buildx bake artifact-all --print | jq -r '.target."artifact-all".platforms[]')
echo "CACHE_FROMS<<EOF" >> $GITHUB_ENV
echo -e "$cfroms" >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
-
name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ env.DOCKERHUB_SLUG }}
${{ env.GHCR_SLUG }}
tags: |
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=ref,event=pr
type=edge
labels: |
org.opencontainers.image.title=Diun
org.opencontainers.image.description=Docker image update notifier
org.opencontainers.image.vendor=CrazyMax
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Login to DockerHub
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
-
name: Login to GHCR
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
-
name: Build
uses: docker/bake-action@v5
with:
files: |
./docker-bake.hcl
${{ steps.meta.outputs.bake-file }}
targets: image-all
provenance: mode=max
sbom: true
pull: true
push: ${{ github.event_name != 'pull_request' }}
set: |
${{ env.CACHE_FROMS }}
-
name: Check manifest
if: github.event_name != 'pull_request'
run: |
docker buildx imagetools inspect ${{ env.DOCKERHUB_SLUG }}:${{ steps.meta.outputs.version }}
docker buildx imagetools inspect ${{ env.GHCR_SLUG }}:${{ steps.meta.outputs.version }}
-
name: Inspect image
if: github.event_name != 'pull_request'
run: |
docker pull ${{ env.DOCKERHUB_SLUG }}:${{ steps.meta.outputs.version }}
docker image inspect ${{ env.DOCKERHUB_SLUG }}:${{ steps.meta.outputs.version }}
docker pull ${{ env.GHCR_SLUG }}:${{ steps.meta.outputs.version }}
docker image inspect ${{ env.GHCR_SLUG }}:${{ steps.meta.outputs.version }}