diff --git a/.github/workflows/beta.yml b/.github/workflows/beta.yml index 759462d01..2c69ba28f 100644 --- a/.github/workflows/beta.yml +++ b/.github/workflows/beta.yml @@ -17,11 +17,10 @@ jobs: DOCKERFILE: src/bw/Dockerfile CACHE: false PUSH: false + CACHE_SUFFIX: amd64 secrets: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} - PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }} - PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} build-bw-386: uses: ./.github/workflows/container-build.yml with: @@ -31,11 +30,10 @@ jobs: DOCKERFILE: src/bw/Dockerfile CACHE: false PUSH: false + CACHE_SUFFIX: 386 secrets: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} - PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }} - PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} # Build SC amd64 + i386 images build-sc-amd64: @@ -47,11 +45,10 @@ jobs: DOCKERFILE: src/scheduler/Dockerfile CACHE: false PUSH: false + CACHE_SUFFIX: amd64 secrets: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} - PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }} - PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} build-sc-386: uses: ./.github/workflows/container-build.yml with: @@ -61,11 +58,10 @@ jobs: DOCKERFILE: src/scheduler/Dockerfile CACHE: false PUSH: false + CACHE_SUFFIX: 386 secrets: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} - PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }} - PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} # Build AU amd64 + i386 images build-au-amd64: @@ -77,11 +73,10 @@ jobs: DOCKERFILE: src/autoconf/Dockerfile CACHE: false PUSH: false + CACHE_SUFFIX: amd64 secrets: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} - PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }} - PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} build-au-386: uses: ./.github/workflows/container-build.yml with: @@ -91,11 +86,10 @@ jobs: DOCKERFILE: src/autoconf/Dockerfile CACHE: false PUSH: false + CACHE_SUFFIX: 386 secrets: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} - PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }} - PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} # Build UI amd64 + i386 images build-ui-amd64: @@ -107,11 +101,10 @@ jobs: DOCKERFILE: src/ui/Dockerfile CACHE: false PUSH: false + CACHE_SUFFIX: amd64 secrets: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} - PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }} - PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} build-ui-386: uses: ./.github/workflows/container-build.yml with: @@ -121,11 +114,10 @@ jobs: DOCKERFILE: src/ui/Dockerfile CACHE: false PUSH: false + CACHE_SUFFIX: 386 secrets: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} - PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }} - PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} # Build arm64 + arm/v7 images build-bw-arm: @@ -137,11 +129,11 @@ jobs: DOCKERFILE: src/bw/Dockerfile CACHE: false PUSH: false + CACHE_SUFFIX: arm secrets: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} - PRIVATE_REGISTRY: ${{ secrets.PRIVATE_REGISTRY }} - PRIVATE_REGISTRY_TOKEN: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} + build-sc-arm: needs: ["build-bw-arm"] uses: ./.github/workflows/container-build.yml diff --git a/.github/workflows/container-build.yml b/.github/workflows/container-build.yml index ba4e9e514..a47cc60c4 100644 --- a/.github/workflows/container-build.yml +++ b/.github/workflows/container-build.yml @@ -23,6 +23,10 @@ on: required: false type: boolean default: true + CACHE_SUFFIX: + required: false + type: boolean + default: "" secrets: DOCKER_USERNAME: required: true @@ -32,6 +36,10 @@ on: required: false PRIVATE_REGISTRY_TOKEN: required: false + ARM_SSH_KEY: + required: false + ARM_SSH_CONFIG: + required: false jobs: build: @@ -54,6 +62,20 @@ jobs: registry: ${{ secrets.PRIVATE_REGISTRY }} username: registry password: ${{ secrets.PRIVATE_REGISTRY_TOKEN }} + - name: Setup SSH for ARM node + if: inputs.CACHE_SUFFIX == 'arm' + run: | + mkdir -p ~/.ssh + echo "$SSH_KEY" > ~/.ssh/id_rsa_arm + chmod 600 ~/.ssh/id_rsa_arm + echo "$SSH_CONFIG" > ~/.ssh/config + env: + SSH_KEY: ${{ secrets.ARM_SSH_KEY }} + SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }} + - name: Append ARM node to buildx + if: inputs.CACHE_SUFFIX == 'arm' + run: | + docker buildx create --append --name ${{ steps.buildx.outputs.name }} --node arm --platform linux/arm64,linux/arm/v7,linux/arm/v6 ssh://ubuntu@arm # Build cached image - name: Build image if: inputs.CACHE == true @@ -76,7 +98,7 @@ jobs: platforms: ${{ inputs.ARCH }} load: true tags: local/${{ inputs.IMAGE }} - cache-to: type=registry,ref=bunkerity/cache:${{ inputs.IMAGE }}-${{ inputs.RELEASE }}-${{ inputs.ARCH }},mode=min + cache-to: type=registry,ref=bunkerity/cache:${{ inputs.IMAGE }}-${{ inputs.RELEASE }}-${{ inputs.CACHE_SUFFIX }},mode=min # Check OS vulnerabilities - name: Check OS vulnerabilities uses: aquasecurity/trivy-action@master