ci(GHA): modify Github Actions to use docker bake

Signed-off-by: András Jáky <[email protected]>
openclarity · Jan 25, 2024 · b1d7dde · b1d7dde
1 parent d982d3d
commit b1d7dde
Show file tree

Hide file tree

Showing 5 changed files with 161 additions and 184 deletions.
diff --git a/.github/workflows/build-and-push-component.yaml b/.github/workflows/build-and-push-component.yaml
@@ -3,10 +3,6 @@ name: 'Build and Push Component'
 on:
   workflow_call:
     inputs:
-      dockerfile:
-        required: true
-        type: string
-        description: 'Dockerfile to build and push'
       image_name:
         required: true
         type: string
@@ -24,34 +20,24 @@ on:
         required: true
         type: string
         description: 'The build timestamp to be used for binaries.'
+      bake_target:
+        required: true
+        type: string
+        description: 'Docker Bake target name.'
+      cache-name-prefix:
+        required: true
+        type: string
+        description: 'A prefix for image names and digests to be cached temporarily.'
+      post_image_tags:
+        required: false
+        type: boolean
+        description: |
+          If set to true the image tags pushed to the repository are posted as comment for the Pull Request.
+          Only works if the event type is `pull_request`.
 
 jobs:
-  build-vars:
-    runs-on: ubuntu-latest
-    outputs:
-      digests-cache-name: ${{ steps.build-vars.outputs.digests-cache-name }}
-    steps:
-      - name: Set build variables
-        id: build-vars
-        run: |
-          
-          ##
-          ## Extract the image name
-          ##
-          ##    $ basename ghcr.io/openclarity/vmclarity-ui-dev
-          ##    vmclarity-ui-dev
-          ##
-          image_name="$(basename ${{ inputs.image_name }})"
-          
-          ##
-          ## Set digests cache name
-          ##
-
-          echo "digests-cache-name=digests-${{ github.run_id }}-${image_name}" >> "$GITHUB_OUTPUT"
-
   build-and-push:
     runs-on: ubuntu-latest
-    needs: build-vars
     strategy:
       fail-fast: false
       matrix:
@@ -81,35 +67,33 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build
-        uses: docker/build-push-action@v5
-        id: build
+        uses: docker/bake-action@v4
+        id: bake
         with:
-          context: .
-          platforms: ${{ matrix.platform }}
-          file: ${{ inputs.dockerfile }}
-          outputs: type=image,name=${{ inputs.image_name }},push-by-digest=true,name-canonical=true,push=${{ inputs.push }}
-          cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache
-          build-args: |
-            VERSION=${{ inputs.image_tag }}
-            BUILD_TIMESTAMP=${{ inputs.timestamp }}
-            COMMIT_HASH=${{ github.sha }}
+          targets: ${{ inputs.bake_target }}
+          set: |
+            *.platform=${{ matrix.platform }}
+            *.output=type=image,name=${{ inputs.image_name }},push-by-digest=true,name-canonical=true,push=${{ inputs.push }}
+            *.tags=
+        env:
+          VERSION: ${{ inputs.image_tag }}
+          BUILD_TIMESTAMP: ${{ inputs.timestamp }}
+          COMMIT_HASH: ${{ github.sha }}
 
       - name: Export digest
         if: inputs.push
         id: digest
         run: |
           mkdir -p /tmp/digests
-          digest="${{ steps.build.outputs.digest }}"
+          digest=$(jq -r '."${{ inputs.bake_target }}"."containerimage.digest"'<<< '${{ steps.bake.outputs.metadata }}')
           touch "/tmp/digests/${digest#sha256:}"
-          
           echo "digest=${digest#sha256:}" >> "$GITHUB_OUTPUT"
 
       - name: Upload digests
         if: inputs.push
         uses: actions/upload-artifact@v4
         with:
-          name: ${{ needs.build-vars.outputs.digests-cache-name }}-${{ steps.digest.outputs.digest }}
+          name: ${{ inputs.cache-name-prefix }}-${{ inputs.bake_target }}-${{ steps.digest.outputs.digest }}
           path: /tmp/digests/*
           if-no-files-found: error
           retention-days: 1
@@ -119,13 +103,12 @@ jobs:
     if: inputs.push
     runs-on: ubuntu-latest
     needs:
-      - build-vars
       - build-and-push
     steps:
       - name: Download digests
         uses: actions/download-artifact@v4
         with:
-          pattern: ${{ needs.build-vars.outputs.digests-cache-name }}-*
+          pattern: ${{ inputs.cache-name-prefix }}-${{ inputs.bake_target }}-*
           merge-multiple: true
           path: /tmp/digests
 
@@ -149,4 +132,20 @@ jobs:
 
       - name: Inspect image
         run: |
-          docker buildx imagetools inspect ${{ inputs.image_name }}:${{ inputs.image_tag }} 
+          docker buildx imagetools inspect ${{ inputs.image_name }}:${{ inputs.image_tag }}
+
+      - name: Save image name
+        if: inputs.post_image_tags
+        run: |
+          mkdir -p /tmp/images
+          echo "* \`${{ inputs.image_name }}:${{ inputs.image_tag }}\`" >> "/tmp/images/${{ inputs.bake_target }}"
+
+      - name: Upload image names
+        if: inputs.post_image_tags
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ inputs.cache-name-prefix }}-${{ inputs.bake_target }}
+          path: /tmp/images/*
+          if-no-files-found: error
+          retention-days: 1
+          compression-level: 0
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -79,6 +79,7 @@ jobs:
       push: true
       use_release_repository: false
       post_image_tags: true
+      bake-group: e2e
 
   e2e:
     needs: build

diff --git a/.github/workflows/reusable-build-and-push.yml b/.github/workflows/reusable-build-and-push.yml
@@ -3,6 +3,11 @@ name: Build & Push
 on:
   workflow_call:
     inputs:
+      registry_name:
+        required: false
+        type: string
+        description: 'Registry name used for container image names. Default is `ghcr.io/openclarity`.'
+        default: ghcr.io/openclarity
       image_tag:
         required: true
         type: string
@@ -17,6 +22,11 @@ on:
         type: boolean
         description: 'If set to true the image is pushed to the release repository otherwise it is pushed to the development.'
         default: false
+      bake-group:
+        required: false
+        type: string
+        description: 'Name of the Docker Bake group of targets'
+        default: default
       post_image_tags:
         required: false
         type: boolean
@@ -25,10 +35,14 @@ on:
           Only works if the event type is `pull_request`.
 
 jobs:
-  timestamp:
+  build-vars:
     runs-on: ubuntu-latest
     outputs:
       timestamp: ${{ steps.timestamp.outputs.timestamp }}
+      registry: ${{ steps.registry.outputs.registry }}
+      suffix: ${{ steps.suffix.outputs.suffix }}
+      targets: ${{ steps.targets.outputs.targets }}
+      cache-name-prefix: ${{ steps.cache-name-prefix.outputs.cache-name-prefix }}
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -39,99 +53,94 @@ jobs:
           ##
           ## Set timestamp variable
           ##
-          
+
           echo "timestamp=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> "$GITHUB_OUTPUT"
 
-  images:
-    uses: ./.github/workflows/reusable-image-names.yml
-    with:
-      use_release_repository: ${{ inputs.use_release_repository }}
+      - name: Set registry
+        id: registry
+        run: |
+          ##
+          ## Determine the image name registry
+          ##
 
-  vmclarity-apiserver:
-    needs:
-      - images
-      - timestamp
-    uses: ./.github/workflows/build-and-push-component.yaml
-    with:
-      dockerfile: Dockerfile.apiserver
-      image_name: ${{ needs.images.outputs.apiserver-image }}
-      image_tag: ${{ inputs.image_tag }}
-      push: ${{ inputs.push }}
-      timestamp: ${{ needs.timestamp.outputs.timestamp }}
+          # Remove trailing slash characters(s)
+          # shellcheck disable=SC2001
+          echo "registry=$(sed -e 's@/*$@@' <<< ${{ inputs.registry_name }})" >> "$GITHUB_OUTPUT"
 
-  vmclarity-orchestrator:
-    needs:
-      - images
-      - timestamp
-    uses: ./.github/workflows/build-and-push-component.yaml
-    with:
-      dockerfile: Dockerfile.orchestrator
-      image_name: ${{ needs.images.outputs.orchestrator-image }}
-      image_tag: ${{ inputs.image_tag }}
-      push: ${{ inputs.push }}
-      timestamp: ${{ needs.timestamp.outputs.timestamp }}
+      - name: Set suffix
+        id: suffix
+        run: |
+          ##
+          ## Determine the image name suffix based on the release type
+          ##
 
-  vmclarity-ui-backend:
-    needs:
-      - images
-      - timestamp
-    uses: ./.github/workflows/build-and-push-component.yaml
-    with:
-      dockerfile: Dockerfile.uibackend
-      image_name: ${{ needs.images.outputs.ui-backend-image }}
-      image_tag: ${{ inputs.image_tag }}
-      push: ${{ inputs.push }}
-      timestamp: ${{ needs.timestamp.outputs.timestamp }}
+          # Set image name suffix
+          suffix=-dev
+          if [ "${{ inputs.use_release_repository }}" == "true" ]; then
+            suffix=
+          fi
 
-  vmclarity-ui:
-    needs:
-      - images
-      - timestamp
-    uses: ./.github/workflows/build-and-push-component.yaml
-    with:
-      dockerfile: Dockerfile.ui
-      image_name: ${{ needs.images.outputs.ui-image }}
-      image_tag: ${{ inputs.image_tag }}
-      push: ${{ inputs.push }}
-      timestamp: ${{ needs.timestamp.outputs.timestamp }}
+          echo "suffix=${suffix}" >> "$GITHUB_OUTPUT"
 
-  vmclarity-cli:
+      - name: List targets
+        id: targets
+        uses: docker/bake-action/subaction/list-targets@v4
+        with:
+          target: ${{ inputs.bake-group }}
+
+      - name: Set cache name prefix
+        id: cache-name-prefix
+        run: |
+          echo "cache-name-prefix=cache-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+
+  build-and-push:
     needs:
-      - images
-      - timestamp
+      - build-vars
+    strategy:
+      fail-fast: false
+      matrix:
+        target: ${{ fromJson(needs.build-vars.outputs.targets) }}
     uses: ./.github/workflows/build-and-push-component.yaml
     with:
-      dockerfile: Dockerfile.cli
-      image_name: ${{ needs.images.outputs.cli-image }}
+      image_name: "${{ inputs.registry_name }}/${{ matrix.target }}${{ needs.build-vars.outputs.suffix }}"
       image_tag: ${{ inputs.image_tag }}
       push: ${{ inputs.push }}
-      timestamp: ${{ needs.timestamp.outputs.timestamp }}
+      timestamp: ${{ needs.build-vars.outputs.timestamp }}
+      bake_target: ${{ matrix.target }}
+      cache-name-prefix: ${{ needs.build-vars.outputs.cache-name-prefix }}
+      post_image_tags: ${{ inputs.post_image_tags }}
 
   post-images:
     if: github.event_name == 'pull_request' && inputs.post_image_tags
     runs-on: ubuntu-latest
     needs:
-      - images
-      - vmclarity-apiserver
-      - vmclarity-orchestrator
-      - vmclarity-ui-backend
-      - vmclarity-ui
-      - vmclarity-cli
+      - build-vars
+      - build-and-push
     steps:
+      - name: Download image names
+        uses: actions/download-artifact@v4
+        with:
+          pattern: ${{ needs.build-vars.outputs.cache-name-prefix }}-*
+          merge-multiple: true
+          path: /tmp/images
+
+      - name: Get image names
+        run: |
+          EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
+          {
+            echo "images<<$EOF"; cat /tmp/images/*; echo "$EOF"
+          } >> "$GITHUB_ENV"
+
       - name: Post comment with image tags
         uses: marocchino/sticky-pull-request-comment@v2
         with:
           hide_and_recreate: true
           hide_classify: "OUTDATED"
           skip_unchanged: true
           header: image-tags
+          append: true
           message: |
             Hey!
-            
-            Your images are ready:
-            * `${{ format('{0}:{1}', needs.images.outputs.apiserver-image, inputs.image_tag) }}`
-            * `${{ format('{0}:{1}', needs.images.outputs.orchestrator-image, inputs.image_tag) }}`
-            * `${{ format('{0}:{1}', needs.images.outputs.ui-backend-image, inputs.image_tag) }}`
-            * `${{ format('{0}:{1}', needs.images.outputs.ui-image, inputs.image_tag) }}`
-            * `${{ format('{0}:{1}', needs.images.outputs.cli-image, inputs.image_tag) }}`
 
+            Your images are ready:
+            ${{ env.images }}