Skip to content

Commit 747ce92

Browse files
anthony-nhsanthony-nhs
committed
refactor workflow
1 parent d79c799 commit 747ce92

1 file changed

Lines changed: 34 additions & 66 deletions

File tree

.github/workflows/build_multi_arch_image.yml

Lines changed: 34 additions & 66 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,12 @@ jobs:
4040
google-chrome-stable firefox postgresql* temurin-* *llvm* mysql*
4141
dotnet-sdk-*
4242
remove_packages_one_command: true
43+
- name: Login to github container registry
44+
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9
45+
with:
46+
registry: ghcr.io
47+
username: ${{github.actor}}
48+
password: ${{secrets.GITHUB_TOKEN}}
4349
- name: Checkout code
4450
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
4551
with:
@@ -54,10 +60,11 @@ jobs:
5460
make install-node
5561
- name: Build container
5662
run: |
63+
echo "Building image..."
5764
make build-image
5865
docker tag "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:latest" "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}-${ARCHITECTURE}"
59-
docker save "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}-${ARCHITECTURE}" -o "eps-devcontainer-${CONTAINER_NAME}-${DOCKER_TAG}-${ARCHITECTURE}.img"
6066
67+
echo "Creating combined trivy ignore file"
6168
# create combined trivy ignore file for use in trivy scan, combining common and specific ignore files if they exist
6269
combined="src/${CONTAINER_NAME}/.trivyignore_combined.yaml"
6370
common="src/common/.trivyignore.yaml"
@@ -73,18 +80,6 @@ jobs:
7380
CONTAINER_NAME: '${{ inputs.container_name }}'
7481
BASE_VERSION: ${{ inputs.docker_tag}}
7582
PLATFORM: linux/${{ matrix.arch }}
76-
- uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f
77-
name: Upload combined trivy ignore file
78-
with:
79-
name: "trivyigonre-${{ inputs.container_name }}-${{ matrix.arch }}"
80-
path: src/${{ inputs.container_name }}/.trivyignore_combined.yaml
81-
include-hidden-files: true
82-
- uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f
83-
name: Upload docker images
84-
with:
85-
name: "eps-devcontainer-${{ inputs.container_name }}-${{ inputs.docker_tag }}-${{ matrix.arch }}.img"
86-
path: |
87-
eps-devcontainer-${{ inputs.container_name }}-${{ inputs.docker_tag }}-${{ matrix.arch }}.img
8883
- name: Check docker vulnerabilities - json output
8984
uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
9085
with:
@@ -125,6 +120,24 @@ jobs:
125120
env:
126121
ARCHITECTURE: '${{ matrix.arch }}'
127122
DOCKER_TAG: '${{ inputs.docker_tag }}'
123+
- name: Push tagged image
124+
run: |
125+
echo "Pushing image..."
126+
docker push "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}-${ARCHITECTURE}"
127+
env:
128+
DOCKER_TAG: ${{ inputs.docker_tag }}
129+
CONTAINER_NAME: '${{ inputs.container_name }}'
130+
ARCHITECTURE: '${{ matrix.arch }}'
131+
- name: Push latest image
132+
if: ${{ inputs.tag_latest }}
133+
run: |
134+
docker tag "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}-${ARCHITECTURE}" "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:latest-${ARCHITECTURE}"
135+
echo "Pushing image..."
136+
docker push "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:latest-${ARCHITECTURE}"
137+
env:
138+
DOCKER_TAG: ${{ inputs.docker_tag }}
139+
CONTAINER_NAME: '${{ inputs.container_name }}'
140+
ARCHITECTURE: '${{ matrix.arch }}'
128141

129142
publish_image:
130143
name: Publish image for ${{ inputs.container_name }}
@@ -136,73 +149,28 @@ jobs:
136149
attestations: write
137150
id-token: write
138151
steps:
139-
- name: Free Disk Space for Docker
140-
uses: endersonmenezes/free-disk-space@e6ed9b02e683a3b55ed0252f1ee469ce3b39a885
141-
with:
142-
remove_android: true
143-
remove_dotnet: true
144-
remove_haskell: true
145-
remove_tool_cache: true
146-
rm_cmd: rm
147-
remove_packages: >-
148-
azure-cli google-cloud-cli microsoft-edge-stable
149-
google-chrome-stable firefox postgresql* temurin-* *llvm* mysql*
150-
dotnet-sdk-*
151-
remove_packages_one_command: true
152-
- name: Download amd64 images
153-
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
154-
with:
155-
name: eps-devcontainer-${{ inputs.container_name }}-${{ inputs.docker_tag }}-amd64.img
156-
- name: Download arm64 images
157-
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
158-
with:
159-
name: eps-devcontainer-${{ inputs.container_name }}-${{ inputs.docker_tag }}-arm64.img
160152
- name: Login to github container registry
161153
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9
162154
with:
163155
registry: ghcr.io
164156
username: ${{github.actor}}
165157
password: ${{secrets.GITHUB_TOKEN}}
166158

167-
- name: Load and push multi-arch tagged image
159+
- name: Push multi-arch tagged image
168160
run: |
169-
echo "loading images"
170-
docker load -i "eps-devcontainer-${CONTAINER_NAME}-${DOCKER_TAG}-amd64.img"
171-
docker load -i "eps-devcontainer-${CONTAINER_NAME}-${DOCKER_TAG}-arm64.img"
172-
173-
echo "pushing images"
174-
docker push "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}-amd64"
175-
docker push "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}-arm64"
176-
177-
echo "creating manifest"
178-
docker manifest create "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}" \
179-
--amend "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}-amd64" \
180-
--amend "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}-arm64"
181-
182-
echo "pushing manifest"
183-
docker manifest push "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}"
161+
docker buildx imagetools create -t "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}" \
162+
"ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}-amd64" \
163+
"ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}-arm64"
184164
env:
185165
DOCKER_TAG: ${{ inputs.docker_tag }}
186166
CONTAINER_NAME: '${{ inputs.container_name }}'
187167

188-
- name: Load and push multi-arch latest image
168+
- name: Push multi-arch latest image
189169
if: ${{ inputs.tag_latest }}
190170
run: |
191-
echo "Tagging latest images"
192-
docker tag "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}-amd64" "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:latest-amd64"
193-
docker tag "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:${DOCKER_TAG}-arm64" "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:latest-arm64"
194-
195-
echo "pushing images"
196-
docker push "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:latest-amd64"
197-
docker push "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:latest-arm64"
198-
199-
echo "creating manifest"
200-
docker manifest create "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:latest" \
201-
--amend "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:latest-amd64" \
202-
--amend "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:latest-arm64"
203-
204-
echo "pushing manifest"
205-
docker manifest push "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:latest"
171+
docker buildx imagetools create -t "ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:latest" \
172+
"ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:latest-amd64" \
173+
"ghcr.io/nhsdigital/eps-devcontainers/${CONTAINER_NAME}:latest-arm64"
206174
env:
207175
DOCKER_TAG: ${{ inputs.docker_tag }}
208176
CONTAINER_NAME: '${{ inputs.container_name }}'

0 commit comments

Comments
 (0)