Skip to content

fixup! [actions] upload docker image tar to artifacts #302

fixup! [actions] upload docker image tar to artifacts

fixup! [actions] upload docker image tar to artifacts #302

Workflow file for this run

#
# Copyright (c) 2023, The OpenThread Authors.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# 3. Neither the name of the copyright holder nor the
# names of its contributors may be used to endorse or promote products
# derived from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#
name: Docker
env:
SHA_TAG: siliconlabsinc/ot-efr32-dev:${{ github.sha }}
LATEST_TAG: siliconlabsinc/ot-efr32-dev:latest
DOCKER_IMAGE_ARTIFACT_NAME: ot-efr32-dev-image-${{ github.sha }}-${{ github.event_name}}.tar
REPO_OWNER: ''
on:
push:
branches-ignore:
- 'dependabot/**'
# pull_request:
# branches:
# - 'main'
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || (github.repository == 'openthread/ot-efr32' && github.run_id) || github.ref }}
cancel-in-progress: true
permissions: # added using https://github.com/step-security/secure-workflows
packages: write
jobs:
build:
name: Build Docker Image
runs-on: ubuntu-22.04
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- uses: actions/checkout@v4 # v3.3.0
with:
submodules: true
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
with:
platforms: linux/amd64
- name: Build and export to Docker context
uses: docker/build-push-action@v5
with:
build-args: |
BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
context: .
file: docker/Dockerfile
load: true
tags: |
${{ env.SHA_TAG }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Inspect Docker image
run: docker inspect ${{ env.SHA_TAG }}
- name: Container image sanity checks
run: |
# Download container-structure-test
curl -LO https://storage.googleapis.com/container-structure-test/latest/container-structure-test-linux-amd64 \
&& chmod +x container-structure-test-linux-amd64
# Run tests
./container-structure-test-linux-amd64 test --config docker/test-ot-efr32-dev.yml --image ${{ env.SHA_TAG }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Lowercase GitHub repository owner
id: lowercase_owner
run: |
echo "REPOSITORY_OWNER=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT"
- name: Tag Docker image
run: |
docker tag ${{ env.SHA_TAG }} ghcr.io/${{ steps.lowercase_owner.outputs.REPOSITORY_OWNER }}/ot-efr32-dev:${{ github.sha }}
- name: Push Docker image
run: |
docker push ghcr.io/${{ steps.lowercase_owner.outputs.REPOSITORY_OWNER }}/ot-efr32-dev:${{ github.sha }}
# - name: Create LFS file hash list
# run: git -C third_party/silabs/gecko_sdk lfs ls-files -l | cut -d' ' -f1 | sort > .lfs-assets-id
# - name: Restore gecko_sdk LFS cache
# uses: actions/cache@v4
# id: lfs-cache
# with:
# path: .git/modules/third_party/silabs/gecko_sdk/lfs
# key: lfs-${{ hashFiles('.lfs-assets-id') }}
# - name: Git LFS Pull
# run: git -C third_party/silabs/gecko_sdk lfs pull
# - name: Test build inside container
# run: |
# docker run -v ${{ github.workspace }}:/ot-efr32/ --user $(id -u) --rm ${{ env.SHA_TAG }} script/build --skip-silabs-apps brd4151a
# - name: Upload docker image
# uses: actions/upload-artifact@v4.3.3
# with:
# name: ${{ env.DOCKER_IMAGE_ARTIFACT_NAME }}
# path: /tmp/${{ env.DOCKER_IMAGE_ARTIFACT_NAME }}
publish-dockerhub:
name: Tag `latest` and publish to DockerHub
runs-on: ubuntu-22.04
needs: [build]
if: |
github.repository == 'SiliconLabs/ot-efr32' &&
github.event_name != 'pull_request' &&
github.ref == 'refs/heads/main'
steps:
- name: Login to DockerHub
if: github.ref == 'refs/heads/main'
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Download Docker image
id: download
uses: actions/download-artifact@v4.1.7
with:
name: ${{ env.DOCKER_IMAGE_ARTIFACT_NAME }}
path: /tmp
- name: Load Docker image
run: |
docker load --input ${{ steps.download.outputs.download-path }}/${{ env.DOCKER_IMAGE_ARTIFACT_NAME }}
docker inspect ${{ env.SHA_TAG }}
- name: Tag `latest` and push
run: |
docker tag ${{ env.SHA_TAG }} ${{ env.LATEST_TAG }}
docker push ${{ env.LATEST_TAG }}
trigger_build:
name: Trigger Build Workflow
uses: ./.github/workflows/build.yml
needs: [build]