Merge pull request #21016 from Homebrew/cleanup-old-code #9934
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| merge_group: | |
| release: | |
| types: | |
| - published | |
| permissions: | |
| contents: read | |
| defaults: | |
| run: | |
| shell: bash -xeuo pipefail {0} | |
| env: | |
| VERSIONS: '["22.04", "24.04"]' | |
| jobs: | |
| generate-tags: | |
| if: github.repository_owner == 'Homebrew' | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.attributes.outputs.matrix }} | |
| tags: ${{ steps.attributes.outputs.tags }} | |
| labels: ${{ steps.attributes.outputs.labels }} | |
| push: ${{ steps.attributes.outputs.push }} | |
| merge: ${{ steps.attributes.outputs.merge }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: Fetch origin/HEAD from Git | |
| run: git fetch origin HEAD | |
| - name: Determine build attributes | |
| id: attributes | |
| run: | | |
| date="$(date --rfc-3339=seconds --utc)" | |
| brew_version="$(git describe --tags --dirty --abbrev=7)" | |
| DELIMITER="END_LABELS_$(uuidgen)" | |
| cat <<EOS | tee -a "${GITHUB_OUTPUT}" | |
| labels<<${DELIMITER} | |
| org.opencontainers.image.created=${date} | |
| org.opencontainers.image.url=https://brew.sh | |
| org.opencontainers.image.documentation=https://docs.brew.sh | |
| org.opencontainers.image.source=https://github.com/${GITHUB_REPOSITORY} | |
| org.opencontainers.image.version=${brew_version} | |
| org.opencontainers.image.revision=${GITHUB_SHA} | |
| org.opencontainers.image.vendor=${GITHUB_REPOSITORY_OWNER} | |
| org.opencontainers.image.licenses=BSD-2-Clause | |
| ${DELIMITER} | |
| EOS | |
| typeset -A tag_hash | |
| typeset -A push_hash | |
| matrix=() | |
| merge=false | |
| while IFS=$'\n' read -r version; do | |
| tags=() | |
| if [[ "${GITHUB_EVENT_NAME}" == "release" ]]; then | |
| tags+=( | |
| "ghcr.io/homebrew/ubuntu${version}:${brew_version}" | |
| "ghcr.io/homebrew/ubuntu${version}:latest" | |
| ) | |
| if [[ "${version}" == "22.04" ]]; then | |
| tags+=( | |
| "ghcr.io/homebrew/brew:${brew_version}" | |
| "ghcr.io/homebrew/brew:latest" | |
| ) | |
| fi | |
| elif [[ "${GITHUB_EVENT_NAME}" == "push" && | |
| ("${GITHUB_REF}" == "refs/heads/main") && | |
| "${version}" == "22.04" ]]; then | |
| tags+=( | |
| "ghcr.io/homebrew/brew:main" | |
| "ghcr.io/homebrew/ubuntu${version}:main" | |
| ) | |
| fi | |
| if [[ "${#tags[@]}" -ne 0 ]]; then | |
| tags_as_json_array="$( | |
| jq --null-input --compact-output '$ARGS.positional' --args "${tags[@]}" | |
| )" | |
| tag_hash["${version}"]="${tags_as_json_array}" | |
| push_hash["${version}"]=true | |
| merge=true | |
| matrix+=("${version}") | |
| else | |
| push_hash["${version}"]=false | |
| fi | |
| done <<<"$(jq --raw-output '.[]' <<<"${VERSIONS}")" | |
| # Transform the `matrix` variable into a JSON array. | |
| echo "matrix=$(jq --null-input --compact-output '$ARGS.positional' --args "${matrix[@]}")" >>"${GITHUB_OUTPUT}" | |
| echo "merge=${merge}" >>"${GITHUB_OUTPUT}" | |
| { | |
| DELIMITER="END_TAGS_$(uuidgen)" | |
| has_previous= | |
| echo "tags<<${DELIMITER}" | |
| printf '{' | |
| for version in "${!tag_hash[@]}"; do | |
| [[ -n "${has_previous:-}" ]] && printf ',' | |
| printf '"%s": %s' "${version}" "${tag_hash[$version]}" | |
| has_previous=1 | |
| done | |
| echo '}' | |
| echo "${DELIMITER}" | |
| } | tee -a "${GITHUB_OUTPUT}" | |
| { | |
| DELIMITER="END_PUSH_$(uuidgen)" | |
| has_previous= | |
| echo "push<<${DELIMITER}" | |
| printf '{' | |
| for version in "${!push_hash[@]}"; do | |
| [[ -n "${has_previous:-}" ]] && printf ',' | |
| printf '"%s": %s' "${version}" "${push_hash[$version]}" | |
| has_previous=1 | |
| done | |
| echo '}' | |
| echo "${DELIMITER}" | |
| } | tee -a "${GITHUB_OUTPUT}" | |
| build: | |
| needs: generate-tags | |
| if: github.repository_owner == 'Homebrew' | |
| name: docker (${{ matrix.arch }} Ubuntu ${{ matrix.version }}) | |
| runs-on: ${{ matrix.arch == 'arm64' && 'ubuntu-24.04-arm' || 'ubuntu-latest' }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| version: ["22.04", "24.04"] | |
| arch: ["x86_64", "arm64"] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: Fetch origin/HEAD from Git | |
| run: git fetch origin HEAD | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 | |
| with: | |
| cache-binary: false | |
| - name: Retrieve build attributes | |
| id: attributes | |
| env: | |
| VERSION: ${{ matrix.version }} | |
| PUSH: ${{ needs.generate-tags.outputs.push }} | |
| run: | | |
| filter="$(printf '.["%s"]' "${VERSION}")" | |
| echo "push=$(jq --raw-output "${filter}" <<<"${PUSH}")" >>"${GITHUB_OUTPUT}" | |
| - name: Log in to GitHub Packages (github-actions[bot]) | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| with: | |
| registry: ghcr.io | |
| username: github-actions[bot] | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build Docker image | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 | |
| with: | |
| context: . | |
| load: true | |
| tags: brew | |
| cache-from: type=registry,ref=ghcr.io/homebrew/ubuntu${{ matrix.version }}:cache | |
| build-args: version=${{ matrix.version }} | |
| labels: ${{ needs.generate-tags.outputs.labels }} | |
| - name: Run brew test-bot --only-setup | |
| run: docker run --rm brew brew test-bot --only-setup | |
| - name: Log in to GitHub Packages (BrewTestBot) | |
| if: fromJSON(steps.attributes.outputs.push) | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| with: | |
| registry: ghcr.io | |
| username: BrewTestBot | |
| password: ${{ secrets.HOMEBREW_BREW_GITHUB_PACKAGES_TOKEN }} | |
| - name: Deploy the Docker image by digest | |
| id: digest | |
| if: fromJSON(steps.attributes.outputs.push) | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 | |
| with: | |
| context: . | |
| cache-from: type=registry,ref=ghcr.io/homebrew/ubuntu${{ matrix.version }}:cache | |
| cache-to: type=registry,ref=ghcr.io/homebrew/ubuntu${{ matrix.version }}:cache,mode=max | |
| build-args: version=${{ matrix.version }} | |
| labels: ${{ needs.generate-tags.outputs.labels }} | |
| outputs: type=image,name=ghcr.io/homebrew/ubuntu${{ matrix.version }},name-canonical=true,push=true,push-by-digest=true | |
| - name: Export the Docker image digest | |
| if: fromJSON(steps.attributes.outputs.push) | |
| run: | | |
| mkdir -p "${RUNNER_TEMP}"/digests | |
| echo "${DIGEST#sha256:}" >"${RUNNER_TEMP}/digests/${VERSION}-${ARCH}" | |
| env: | |
| DIGEST: ${{ steps.digest.outputs.digest }} | |
| VERSION: ${{ matrix.version }} | |
| ARCH: ${{ matrix.arch }} | |
| - name: Upload the Docker image digest | |
| if: fromJSON(steps.attributes.outputs.push) | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| with: | |
| name: digest-${{ matrix.version }}-${{ matrix.arch }} | |
| path: ${{ runner.temp }}/digests/* | |
| merge: | |
| needs: [generate-tags, build] | |
| if: github.repository_owner == 'Homebrew' && fromJSON(needs.generate-tags.outputs.merge) | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| version: ${{ fromJSON(needs.generate-tags.outputs.matrix) }} | |
| steps: | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 | |
| with: | |
| cache-binary: false | |
| - name: Download Docker image digests | |
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 | |
| with: | |
| path: ${{ runner.temp }}/digests | |
| pattern: digest-${{ matrix.version }}-* | |
| merge-multiple: true | |
| - name: Log in to GitHub Packages (BrewTestBot) | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| with: | |
| registry: ghcr.io | |
| username: BrewTestBot | |
| password: ${{ secrets.HOMEBREW_BREW_GITHUB_PACKAGES_TOKEN }} | |
| - name: Merge and push Docker image | |
| env: | |
| TAGS: ${{ needs.generate-tags.outputs.tags }} | |
| VERSION: ${{ matrix.version }} | |
| run: | | |
| filter="$(printf '.["%s"].[]' "${VERSION}")" | |
| tag_args=() | |
| while IFS=$'\n' read -r tag; do | |
| [[ -n "${tag}" ]] || continue | |
| tag_args+=("--tag=${tag}") | |
| done <<<"$(jq --raw-output "${filter}" <<<"${TAGS}")" | |
| image_args=("ghcr.io/homebrew/ubuntu${VERSION}@sha256:$(<"${RUNNER_TEMP}/digests/${VERSION}-x86_64")") | |
| image_args+=("ghcr.io/homebrew/ubuntu${VERSION}@sha256:$(<"${RUNNER_TEMP}/digests/${VERSION}-arm64")") | |
| attempts=0 | |
| until docker buildx imagetools create "${tag_args[@]}" "${image_args[@]}"; do | |
| attempts=$((attempts + 1)) | |
| if [[ $attempts -ge 3 ]]; then | |
| echo "[$(date -u)] ERROR: Failed after 3 attempts." >&2 | |
| exit 1 | |
| fi | |
| delay=$((2 ** attempts)) | |
| if [[ $delay -gt 15 ]]; then delay=15; fi | |
| echo "Push failed (attempt $attempts). Retrying in ${delay} seconds..." | |
| sleep ${delay} | |
| done |