From fc802fe1a2a0547382e6d5e502b489e4d1f7dd50 Mon Sep 17 00:00:00 2001 From: Barry d'Hoine Date: Wed, 11 Dec 2024 01:35:39 +0100 Subject: [PATCH 1/5] Split up runners --- .github/workflows/build.yml | 38 +++++++++++++++++++------------------ Dockerfile | 3 +-- 2 files changed, 21 insertions(+), 20 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 565fbe2..7b09011 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,19 +1,13 @@ name: Create and publish AEM images -on: - push: - branches: ["main"] - workflow_dispatch: +on: [ push ] env: - REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }} - AEM_SDK_VERSION: 2024.10.18459.20241031T210302Z-241000 + registry: ghcr.io + aem_sdk_version: 2024.10.18459.20241031T210302Z-241000 jobs: - build-and-push-image: - name: Build and push AEM image - runs-on: ubuntu-latest + build-images: permissions: contents: read packages: write @@ -21,16 +15,20 @@ jobs: id-token: write strategy: matrix: - runmode: ["author", "publish"] + arch: [ arm64, amd64 ] + runmode: [ author, publish ] + runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v4 - name: Cache SDK uses: actions/cache@v4 + id: cache-sdk with: path: aem-sdk-artifacts - key: aem-sdk-${{ env.AEM_SDK_VERSION }}.zip + key: aem-sdk-${{ env.aem_sdk_version }}.zip - name: Checkout AEM SDK artifacts repository + if: steps.cache-sdk.outputs.cache-hit != 'true' uses: actions/checkout@v4 with: repository: orbinson/aem-sdk-artifacts @@ -41,33 +39,37 @@ jobs: uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + with: + platforms: linux/${{ matrix.arch }} - name: Log in to the Container registry + if: github.ref == 'refs/heads/main' uses: docker/login-action@v3 with: - registry: ${{ env.REGISTRY }} + registry: ${{ env.registry }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Extract metadata id: meta uses: docker/metadata-action@v3 with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + images: ${{ env.registry }}/${{ github.repository }} - name: Build and push docker image id: push uses: docker/build-push-action@v3 with: context: . - push: true - tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}:${{ matrix.runmode }}-${{ env.AEM_SDK_VERSION }} - platforms: linux/amd64,linux/arm64 + push: ${{ github.ref == 'refs/heads/main' }} + tags: ${{ env.registry }}/${{ github.repository }}:${{ matrix.runmode }}-${{ env.aem_sdk_version }}-${{ matrix.arch }} + platforms: linux/${{ matrix.arch }} labels: ${{ steps.meta.outputs.labels }} build-args: | RUNMODE=${{ matrix.runmode }} PORT=${{ matrix.runmode == 'author' && '4502' || '4503' }} - name: Generate artifact attestation + if: github.ref == 'refs/heads/develop' uses: actions/attest-build-provenance@v1 with: - subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} + subject-name: ${{ env.registry }}/${{ github.repository }} subject-digest: ${{ steps.push.outputs.digest }} push-to-registry: true diff --git a/Dockerfile b/Dockerfile index a138425..90b7ecb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,5 @@ FROM azul/zulu-openjdk:11-jre-headless -ARG TARGETOS ARG TARGETARCH ARG AEMC_VERSION=2.0.3 @@ -19,7 +18,7 @@ RUN apt-get update &&\ apt-get install -y --no-install-recommends curl &&\ apt-get clean &&\ rm -rf /var/cache/apk/* &&\ - curl -L https://github.com/wttech/aemc/releases/download/v${AEMC_VERSION}/aemc-cli_${TARGETOS}_${TARGETARCH}.tar.gz | tar -xz -C /usr/local/bin + curl -L https://github.com/wttech/aemc/releases/download/v${AEMC_VERSION}/aemc-cli_linux_${TARGETARCH}.tar.gz | tar -xz -C /usr/local/bin COPY aem-sdk-artifacts/aem-sdk-*.zip aem/home/lib/ COPY aem/default/etc/aem.yml aem/default/etc/aem.yml From 29c19e4f07bcff90a0fd0e2ed9bb74d81f2ad02c Mon Sep 17 00:00:00 2001 From: Barry d'Hoine Date: Wed, 11 Dec 2024 10:50:30 +0100 Subject: [PATCH 2/5] Create and push manifest --- .github/workflows/build.yml | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7b09011..a4f35c7 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -54,7 +54,7 @@ jobs: with: images: ${{ env.registry }}/${{ github.repository }} - name: Build and push docker image - id: push + id: build-push-image uses: docker/build-push-action@v3 with: context: . @@ -66,10 +66,17 @@ jobs: RUNMODE=${{ matrix.runmode }} PORT=${{ matrix.runmode == 'author' && '4502' || '4503' }} - name: Generate artifact attestation - if: github.ref == 'refs/heads/develop' + if: github.ref == 'refs/heads/main' uses: actions/attest-build-provenance@v1 with: subject-name: ${{ env.registry }}/${{ github.repository }} subject-digest: ${{ steps.push.outputs.digest }} push-to-registry: true - + - name: Push manifest to registry + if: github.ref == 'refs/heads/main' + run: | + IMAGE=${{ env.registry }}/${{ github.repository }}:${{ matrix.runmode }}-${{ env.aem_sdk_version }} + docker manifest create \ + ${IMAGE} \ + --amend ${IMAGE}-amd64 \ + --amend ${IMAGE}-arm64 \ No newline at end of file From cb67f8f47356177c5f078f46f64625d6254a1d79 Mon Sep 17 00:00:00 2001 From: Barry d'Hoine Date: Wed, 11 Dec 2024 10:53:48 +0100 Subject: [PATCH 3/5] Create seperate job for manifest --- .github/workflows/build.yml | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a4f35c7..b0b6a63 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -8,6 +8,7 @@ env: jobs: build-images: + name: Build images permissions: contents: read packages: write @@ -41,7 +42,7 @@ jobs: uses: docker/setup-buildx-action@v3 with: platforms: linux/${{ matrix.arch }} - - name: Log in to the Container registry + - name: Log in to the container registry if: github.ref == 'refs/heads/main' uses: docker/login-action@v3 with: @@ -72,8 +73,25 @@ jobs: subject-name: ${{ env.registry }}/${{ github.repository }} subject-digest: ${{ steps.push.outputs.digest }} push-to-registry: true + + manifest: + name: Create manifest + if: github.ref == 'refs/heads/main' + permissions: + packages: write + id-token: write + strategy: + matrix: + arch: [ arm64, amd64 ] + runs-on: ubuntu-latest + steps: + - name: Log in to the container registry + uses: docker/login-action@v3 + with: + registry: ${{ env.registry }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Push manifest to registry - if: github.ref == 'refs/heads/main' run: | IMAGE=${{ env.registry }}/${{ github.repository }}:${{ matrix.runmode }}-${{ env.aem_sdk_version }} docker manifest create \ From d6c7e922b3c700971571838bf4784b2c8d7cbbf6 Mon Sep 17 00:00:00 2001 From: Barry d'Hoine Date: Wed, 11 Dec 2024 10:56:03 +0100 Subject: [PATCH 4/5] Add dependency between jobs --- .github/workflows/build.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b0b6a63..3e6a4f9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -9,6 +9,7 @@ env: jobs: build-images: name: Build images + id: build-images permissions: contents: read packages: write @@ -84,6 +85,7 @@ jobs: matrix: arch: [ arm64, amd64 ] runs-on: ubuntu-latest + needs: build-images steps: - name: Log in to the container registry uses: docker/login-action@v3 From 124327a3e37bea9e9808fbce728e708bfdef5d69 Mon Sep 17 00:00:00 2001 From: Barry d'Hoine Date: Wed, 11 Dec 2024 10:57:17 +0100 Subject: [PATCH 5/5] No need for id --- .github/workflows/build.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3e6a4f9..b197a90 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -9,7 +9,6 @@ env: jobs: build-images: name: Build images - id: build-images permissions: contents: read packages: write