docker-base #130
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: docker-base | |
on: | |
push: | |
branches: | |
- main | |
paths: | |
- scripts/Dockerfile.base | |
- scripts/Dockerfile | |
schedule: | |
# Run every week at 09:43 on Monday, Wednesday and Friday. We build this | |
# frequently to ensure that packages are up-to-date. | |
- cron: "43 9 * * 1,3,5" | |
workflow_dispatch: | |
permissions: | |
contents: read | |
# Necessary to push docker images to ghcr.io. | |
packages: write | |
# Necessary for depot.dev authentication. | |
id-token: write | |
# Avoid running multiple jobs for the same commit. | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }}-docker-base | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
if: github.repository_owner == 'coder' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Docker login | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Create empty base-build-context directory | |
run: mkdir base-build-context | |
- name: Install depot.dev CLI | |
uses: depot/setup-action@v1 | |
# This uses OIDC authentication, so no auth variables are required. | |
- name: Build base Docker image via depot.dev | |
uses: depot/build-push-action@v1 | |
with: | |
project: wl5hnrrkns | |
context: base-build-context | |
file: scripts/Dockerfile.base | |
platforms: linux/amd64,linux/arm64,linux/arm/v7 | |
pull: true | |
no-cache: true | |
push: true | |
tags: | | |
ghcr.io/coder/coder-base:latest | |
- name: Verify that images are pushed properly | |
run: | | |
# retry 10 times with a 5 second delay as the images may not be | |
# available immediately | |
for i in {1..10}; do | |
rc=0 | |
raw_manifests=$(docker buildx imagetools inspect --raw ghcr.io/coder/coder-base:latest) || rc=$? | |
if [[ "$rc" -eq 0 ]]; then | |
break | |
fi | |
if [[ "$i" -eq 10 ]]; then | |
echo "Failed to pull manifests after 10 retries" | |
exit 1 | |
fi | |
echo "Failed to pull manifests, retrying in 5 seconds" | |
sleep 5 | |
done | |
manifests=$( | |
echo "$raw_manifests" | \ | |
jq -r '.manifests[].platform | .os + "/" + .architecture + (if .variant then "/" + .variant else "" end)' | |
) | |
# Verify all 3 platforms are present. | |
set -euxo pipefail | |
echo "$manifests" | grep -q linux/amd64 | |
echo "$manifests" | grep -q linux/arm64 | |
echo "$manifests" | grep -q linux/arm/v7 |