# # Copyright (C) 2020-2023 Lin Song # # This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 # Unported License: http://creativecommons.org/licenses/by-sa/3.0/ # # Attribution required: please include my name in any derivative and let me # know how you have improved it! name: buildx on: workflow_call: inputs: os_type: required: true type: string secrets: CACHE_NAME: required: true DOCKER_TOKEN: required: true QUAY_USER: required: true QUAY_TOKEN: required: true BUILD_ONLY: required: true jobs: buildx: runs-on: ubuntu-20.04 if: github.repository_owner == 'hwdsl2' steps: - uses: actions/checkout@v3 with: persist-credentials: false - name: Cache uses: actions/cache@v3 with: path: | ${{ runner.temp }}/.buildx-bin ${{ runner.temp }}/.buildx-cache ${{ runner.temp }}/.docker-images key: ${{ secrets.CACHE_NAME }}-${{ github.sha }}-${{ github.run_id }} restore-keys: | ${{ secrets.CACHE_NAME }}- - name: Set up Buildx env: RUNNER_TEMP: ${{ runner.temp }} run: | [ ! -x /usr/bin/docker ] && exit 1 if [ ! -x /usr/bin/wget ] || [ ! -x /usr/bin/jq ]; then export DEBIAN_FRONTEND=noninteractive sudo apt-get -yq update sudo apt-get -yq install wget jq fi BUILDX_VER=$(wget -t 3 -T 30 -qO- "https://api.github.com/repos/docker/buildx/releases/latest" | jq -r ".tag_name") [ -z "${BUILDX_VER}" ] && exit 1 echo "Buildx version: ${BUILDX_VER}" DOCKER_DIR="${HOME}/.docker/cli-plugins" CACHE_DIR="${RUNNER_TEMP}/.buildx-bin" mkdir -p "${DOCKER_DIR}" if [ -s "${CACHE_DIR}/docker-buildx-${BUILDX_VER}" ]; then echo "Using buildx binary from cache..." cp -f "${CACHE_DIR}/docker-buildx-${BUILDX_VER}" "${DOCKER_DIR}/docker-buildx" else echo "Downloading buildx..." BUILDX_URL="https://github.com/docker/buildx/releases/download/${BUILDX_VER}/buildx-${BUILDX_VER}.linux-amd64" wget -t 3 -T 30 -nv -O "${DOCKER_DIR}/docker-buildx" "${BUILDX_URL}" [ ! -s "${DOCKER_DIR}/docker-buildx" ] && exit 1 /bin/rm -rf "${CACHE_DIR}" mkdir -p "${CACHE_DIR}" /bin/cp -f "${DOCKER_DIR}/docker-buildx" "${CACHE_DIR}/docker-buildx-${BUILDX_VER}" fi chmod a+x "${DOCKER_DIR}/docker-buildx" docker info docker buildx version image_cache_dir="${RUNNER_TEMP}/.docker-images" for image in "quay.io/hwdsl2/qemu-user-static:latest" "moby/buildkit:buildx-stable-1"; do image_file=$(printf '%s' "${image}.tar.gz" | tr '/' '-' | tr ':' '-') if [ -s "${image_cache_dir}/${image_file}" ]; then echo "Using ${image} from cache..." docker load -i "${image_cache_dir}/${image_file}" else echo "Downloading ${image}..." docker pull -q "${image}" mkdir -p "${image_cache_dir}" docker save "${image}" | gzip > "${image_cache_dir}/${image_file}" fi done docker run --rm --privileged quay.io/hwdsl2/qemu-user-static:latest --reset -p yes --credential yes docker buildx create --name "builder-${GITHUB_SHA::8}" --driver docker-container --use docker buildx inspect --bootstrap - name: Docker Hub Login env: DOCKER_USER: ${{ github.repository_owner }} DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} run: echo "$DOCKER_TOKEN" | docker login --username "$DOCKER_USER" --password-stdin 2>&1 - name: Quay.io Login env: QUAY_USER: ${{ secrets.QUAY_USER }} QUAY_TOKEN: ${{ secrets.QUAY_TOKEN }} run: echo "$QUAY_TOKEN" | docker login quay.io --username "$QUAY_USER" --password-stdin 2>&1 - name: Docker Buildx env: DOCKER_USER: ${{ github.repository_owner }} BUILD_ONLY: ${{ secrets.BUILD_ONLY }} RUNNER_TEMP: ${{ runner.temp }} OS_TYPE: ${{ inputs.os_type }} run: | cd "$GITHUB_WORKSPACE" pwd ls -ld vpn.env.example [ "$BUILD_ONLY" = "true" ] && BUILD_ONLY="" ts_now=$(date -u +'%Y-%m-%dT%H:%M:%SZ') if [ "$OS_TYPE" = "alpine" ]; then docker buildx build \ --progress plain \ --platform=linux/amd64,linux/arm64,linux/arm/v7 \ --build-arg BUILD_DATE=$ts_now \ --build-arg VCS_REF=${GITHUB_SHA::8} \ --build-arg VERSION=alpine-latest \ --cache-from type=local,src="${RUNNER_TEMP}/.buildx-cache" \ --cache-to type=local,dest="${RUNNER_TEMP}/.buildx-cache-new" \ -t "$DOCKER_USER/ipsec-vpn-server:latest" \ --pull \ ${BUILD_ONLY:+--push} \ . docker buildx build \ --progress plain \ --platform=linux/amd64,linux/arm64,linux/arm/v7 \ --build-arg BUILD_DATE=$ts_now \ --build-arg VCS_REF=${GITHUB_SHA::8} \ --build-arg VERSION=alpine-latest \ --cache-from type=local,src="${RUNNER_TEMP}/.buildx-cache-new" \ -t "quay.io/$DOCKER_USER/ipsec-vpn-server:latest" \ --pull \ ${BUILD_ONLY:+--push} \ . elif [ "$OS_TYPE" = "debian" ]; then docker buildx build \ --progress plain \ --platform=linux/amd64,linux/arm64,linux/arm/v7 \ --build-arg BUILD_DATE=$ts_now \ --build-arg VCS_REF=${GITHUB_SHA::8} \ --build-arg VERSION=debian-latest \ --cache-from type=local,src="${RUNNER_TEMP}/.buildx-cache" \ --cache-to type=local,dest="${RUNNER_TEMP}/.buildx-cache-new" \ -f Dockerfile.debian \ -t "$DOCKER_USER/ipsec-vpn-server:debian" \ --pull \ ${BUILD_ONLY:+--push} \ . docker buildx build \ --progress plain \ --platform=linux/amd64,linux/arm64,linux/arm/v7 \ --build-arg BUILD_DATE=$ts_now \ --build-arg VCS_REF=${GITHUB_SHA::8} \ --build-arg VERSION=debian-latest \ --cache-from type=local,src="${RUNNER_TEMP}/.buildx-cache-new" \ -f Dockerfile.debian \ -t "quay.io/$DOCKER_USER/ipsec-vpn-server:debian" \ --pull \ ${BUILD_ONLY:+--push} \ . else exit 1 fi /bin/rm -rf "${RUNNER_TEMP}/.buildx-cache" /bin/mv -f "${RUNNER_TEMP}/.buildx-cache-new" "${RUNNER_TEMP}/.buildx-cache" - name: Clear if: always() run: | shred -u "${HOME}/.docker/config.json" rm -f "${HOME}/.docker/config.json" docker buildx rm "builder-${GITHUB_SHA::8}" || true