buildkit updates #1322

Workflow file for this run

	name: CI

	on:
	push:
	branches: [ main ]
	tags: [ 'v[0-9]+.[0-9]+.[0-9]+*' ]
	pull_request: {}

	env:
	GO_VERSION: "1.23"
	BUILD_PLATFORMS: linux/amd64,linux/arm64

	jobs:
	build:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Set up Go
	uses: actions/setup-go@v5
	with:
	go-version: ${{ env.GO_VERSION }}

	- name: Cache Go tools
	uses: actions/cache@v4
	with:
	path: ~/go/bin
	key: ${{ runner.os }}-go-tools-${{ hashFiles('tools/go.sum') }}
	restore-keys: \|
	${{ runner.os }}-go-tools-

	- name: Sanity check
	run: make check

	- name: Build
	run: make build

	- name: Lint
	run: make lint

	- name: Unit test
	run: make test

	docker:
	runs-on: ubuntu-latest
	needs: build
	outputs:
	version: ${{ steps.docker_push.outputs.version }}
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	# Don't use merge ref to ensure sha- image tag is accurate
	ref: ${{ github.event.pull_request.head.sha }}

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- id: docker_push
	name: Push Docker image to GHCR
	uses: ./.github/actions/push-docker-image
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}
	platforms: ${{ env.BUILD_PLATFORMS }}

	- name: Push Docker image to Quay
	uses: ./.github/actions/push-docker-image
	with:
	registry: quay.io
	repository: domino/hephaestus
	username: ${{ secrets.QUAY_USERNAME }}
	password: ${{ secrets.QUAY_PASSWORD }}
	platforms: ${{ env.BUILD_PLATFORMS }}

	vendor-buildkit-rootless:
	runs-on: ubuntu-latest
	needs: build
	if: github.ref == 'refs/heads/main' \|\| startsWith(github.ref, 'refs/tags/v')
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- id: image_tag
	name: Extract image details from Helm values
	uses: mikefarah/yq@v4.43.1
	with:
	cmd: yq '.buildkit.image.tag' deployments/helm/hephaestus/values.yaml

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Login to container registry
	uses: docker/login-action@v3
	with:
	registry: quay.io
	username: ${{ secrets.QUAY_USERNAME }}
	password: ${{ secrets.QUAY_PASSWORD }}

	- name: Build and push rootless Buildkit image to Quay
	uses: docker/build-push-action@v5
	with:
	push: true
	target: rootless
	context: build/buildkit
	platforms: ${{ env.BUILD_PLATFORMS }}
	build-args: BUILDKIT_TAG=${{ steps.image_tag.outputs.result }}
	tags: quay.io/domino/buildkit:${{ steps.image_tag.outputs.result }}

	vendor-buildkit:
	runs-on: ubuntu-latest
	needs: build
	if: github.ref == 'refs/heads/main' \|\| startsWith(github.ref, 'refs/tags/v')
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- id: image_tag
	name: Extract image details from Helm values
	uses: mikefarah/yq@v4.43.1
	with:
	cmd: yq '.buildkit.image.tag' deployments/helm/hephaestus/values.yaml \| sed 's/-rootless//'

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Login to container registry
	uses: docker/login-action@v3
	with:
	registry: quay.io
	username: ${{ secrets.QUAY_USERNAME }}
	password: ${{ secrets.QUAY_PASSWORD }}

	- name: Build and push rootless Buildkit image to Quay
	uses: docker/build-push-action@v5
	with:
	push: true
	target: root
	context: build/buildkit
	platforms: ${{ env.BUILD_PLATFORMS }}
	build-args: BUILDKIT_TAG=${{ steps.image_tag.outputs.result }}
	tags: quay.io/domino/buildkit:${{ steps.image_tag.outputs.result }}

	vendor-vector:
	runs-on: ubuntu-latest
	needs: build
	if: github.ref == 'refs/heads/main' \|\| startsWith(github.ref, 'refs/tags/v')
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Push Vector image to Quay
	uses: ./.github/actions/vendor-docker-image
	with:
	query: ".controller.vector.image"
	username: ${{ secrets.QUAY_USERNAME }}
	password: ${{ secrets.QUAY_PASSWORD }}

	helm:
	runs-on: ubuntu-latest
	needs: docker
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Install Helm
	uses: azure/setup-helm@v4
	with:
	version: v3.15.4

	- id: helm_pkg
	name: Package Helm chart
	shell: bash
	run: \|
	app_version="${{ needs.docker.outputs.version }}"
	if [[ $app_version =~ ^(pr-[[:digit:]]+\|main)$ ]]; then
	semantic_version="0.0.0-$app_version"
	else
	semantic_version=$app_version
	fi
	helm package deployments/helm/hephaestus --app-version "$app_version" --version "$semantic_version"
	echo "artifact=hephaestus-${semantic_version}.tgz" >> $GITHUB_OUTPUT

	- name: Push Helm chart to GHCR
	uses: ./.github/actions/push-helm-chart
	with:
	registry: ghcr.io
	namespace: "${{ github.repository_owner }}/helm"
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}
	artifact: ${{ steps.helm_pkg.outputs.artifact }}

	- name: Push Helm chart to GCR
	uses: ./.github/actions/push-helm-chart
	with:
	registry: gcr.io
	namespace: ${{ secrets.GCR_NAMESPACE }}
	username: ${{ secrets.GCR_USERNAME }}
	password: ${{ secrets.GCR_PASSWORD }}
	password_base64_encoded: "true"
	artifact: ${{ steps.helm_pkg.outputs.artifact }}

	sdks:
	runs-on: ubuntu-latest
	needs: build
	env:
	MAVEN_DOCKER_IMAGE: maven:3-eclipse-temurin-17
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Set up Go
	uses: actions/setup-go@v5
	with:
	go-version: ${{ env.GO_VERSION }}

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Generate SDKS
	run: \|
	export BRANCH_NAME=$(echo ${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}} \| sed -r 's\|/+\|-\|g')
	make sdks

	- name: Generate Java JAR
	run: \|
	docker run -q --rm \
	--workdir /wd \
	--volume $HOME/.m2:/root/.m2 \
	--volume $(pwd)/sdks/java:/wd \
	$MAVEN_DOCKER_IMAGE mvn --settings settings.xml package

	- name: Upload artifacts
	uses: actions/upload-artifact@v4
	with:
	name: hephaestus-client-java.jar
	path: sdks/java/target/*.jar
	if-no-files-found: error

	- name: Publish JAR to GitHub
	run: \|
	docker run --rm \
	--workdir /wd \
	--volume $HOME/.m2:/root/.m2 \
	--volume $(pwd)/sdks/java:/wd \
	--env ARTIFACTORY_USERNAME=${{ secrets.ARTIFACTORY_USERNAME }} \
	--env ARTIFACTORY_PASSWORD=${{ secrets.ARTIFACTORY_PASSWORD }} \
	--env GITHUB_USERNAME=${{ github.actor }} \
	--env GITHUB_PASSWORD=${{ secrets.GITHUB_TOKEN }} \
	$MAVEN_DOCKER_IMAGE mvn --settings settings.xml --activate-profiles github -DskipTests deploy

	- name: Publish Jar to Artifactory
	uses: nick-fields/retry@v3
	with:
	retry_on: error
	max_attempts: 10
	timeout_minutes: 1
	retry_wait_seconds: 5
	command: \|
	docker run --rm \
	--workdir /wd \
	--volume $HOME/.m2:/root/.m2 \
	--volume $(pwd)/sdks/java:/wd \
	--env ARTIFACTORY_USERNAME=${{ secrets.ARTIFACTORY_USERNAME }} \
	--env ARTIFACTORY_PASSWORD=${{ secrets.ARTIFACTORY_PASSWORD }} \
	--env GITHUB_USERNAME=${{ github.actor }} \
	--env GITHUB_PASSWORD=${{ secrets.GITHUB_TOKEN }} \
	$MAVEN_DOCKER_IMAGE mvn --settings settings.xml --activate-profiles artifactory -DskipTests deploy

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

buildkit updates #1322

Workflow file

buildkit updates #1322

Jobs

Run details

Workflow file for this run