CogStack-NiFi/.github/workflows/_docker_template.yml at main · CogStack/CogStack-NiFi · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
name: Docker Multi-Arch Template

permissions:
  contents: read

on:
  workflow_call:
    inputs:
      image:
        description: "Full image name, e.g. cogstacksystems/cogstack-nifi"
        required: true
        type: string
      context:
        description: "Docker build context path"
        required: true
        type: string
      dockerfile:
        description: "Path to Dockerfile"
        required: true
        type: string
      cache_scope:
        description: "Cache key (unique per image)"
        required: true
        type: string
      build_args:
        description: "Optional Docker build args (newline-separated)"
        required: false
        default: ""
        type: string

concurrency:
  group: docker-${{ inputs.image }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  # -------- Build per-architecture ----------
  build:
    runs-on: ${{ matrix.runner }}
    strategy:
      matrix:
        platform: [amd64, arm64]
        include:
          - platform: amd64
            runner: ubuntu-22.04
          - platform: arm64
            runner: ubuntu-22.04-arm
    outputs:
      digest: ${{ steps.push.outputs.digest }}

    steps:
      - uses: actions/checkout@v6
      - uses: docker/setup-qemu-action@v4
      - uses: docker/setup-buildx-action@v4

      - if: github.event_name != 'pull_request'
        uses: docker/login-action@v4
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}

      - name: Docker metadata
        id: meta
        uses: docker/metadata-action@v6
        with:
          images: ${{ inputs.image }}
          tags: |
            # vX.Y.Z -> X.Y.Z and X.Y (strip leading "v" if present)
            type=semver,pattern={{version}},value={{tag}},match=^v?(.+)$
            type=semver,pattern={{major}}.{{minor}},value={{tag}},match=^v?(.+)$
            # latest on main and on v-tags
            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v') }}
            # branch tag for non-PR branches
            type=ref,event=branch,enable=${{ github.event_name != 'pull_request' }}
            # short sha
            type=sha,format=short

      - name: Prepare architecture tags
        id: tags
        shell: bash
        run: |
          set -euo pipefail
          SUFFIX="-${{ matrix.platform }}"
          echo "tags<<EOF" >> $GITHUB_OUTPUT
          echo "${{ steps.meta.outputs.tags }}" | sed "s/$/${SUFFIX}/" >> $GITHUB_OUTPUT
          echo "EOF" >> $GITHUB_OUTPUT

      - name: Build & push (${{ matrix.platform }})
        id: push
        uses: docker/build-push-action@v7
        with:
          context: ${{ inputs.context }}
          file: ${{ inputs.dockerfile }}
          platforms: linux/${{ matrix.platform }}
          build-args: ${{ inputs.build_args }}
          tags: ${{ steps.tags.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          cache-from: type=gha,scope=${{ inputs.cache_scope }}-${{ matrix.platform }}
          cache-to: type=gha,mode=max,scope=${{ inputs.cache_scope }}-${{ matrix.platform }}
          push: ${{ github.event_name != 'pull_request' }}
          provenance: false


  # -------- Merge both architectures ----------
  manifest:
    runs-on: ubuntu-22.04
    if: github.event_name != 'pull_request'
    needs: build

    steps:
      - uses: docker/setup-buildx-action@v4
      - uses: docker/login-action@v4
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}

      - name: Docker metadata (again)
        id: meta_manifest
        uses: docker/metadata-action@v6
        with:
          images: ${{ inputs.image }}
          tags: |
            type=semver,pattern={{version}},value={{tag}},match=^v?(.+)$
            type=semver,pattern={{major}}.{{minor}},value={{tag}},match=^v?(.+)$
            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v') }}
            type=ref,event=branch,enable=${{ github.event_name != 'pull_request' }}
            type=sha,format=short

      - name: Wait for Docker Hub to register images
        run: sleep 60

      - name: Create multi-arch manifest
        shell: bash
        run: |
          set -euo pipefail
          while IFS= read -r ref; do
            [[ -z "$ref" ]] && continue
            img="${ref%%:*}"
            tag="${ref#*:}"
            echo "🌀 Creating manifest for ${img}:${tag}"
            docker buildx imagetools create \
              --tag "${img}:${tag}" \
              "${img}:${tag}-amd64" \
              "${img}:${tag}-arm64"
          done < <(printf "%s" "${{ steps.meta_manifest.outputs.tags }}")