Compare commits
5 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 01a1e24a7b | |||
| 59625a53b2 | |||
| afb5bf2bc8 | |||
| a5e252b3b1 | |||
| 011bc1c113 |
114
.github/workflows/docker-build-publish.yml
vendored
114
.github/workflows/docker-build-publish.yml
vendored
@@ -10,6 +10,35 @@ on:
|
||||
required: true
|
||||
type: string
|
||||
|
||||
checkout_repo:
|
||||
description: >
|
||||
Optional external repo to checkout (owner/name). If set, repo is checked out
|
||||
into checkout_path.
|
||||
required: false
|
||||
type: string
|
||||
default: ""
|
||||
|
||||
checkout_ref:
|
||||
description: >
|
||||
Optional git ref (branch/tag/SHA) for checkout_repo. Defaults to repo default branch.
|
||||
required: false
|
||||
type: string
|
||||
default: ""
|
||||
|
||||
checkout_path:
|
||||
description: >
|
||||
Path to checkout checkout_repo into.
|
||||
required: false
|
||||
type: string
|
||||
default: "external-src"
|
||||
|
||||
checkout_fetch_depth:
|
||||
description: >
|
||||
Fetch depth for checkout_repo (0 = full history).
|
||||
required: false
|
||||
type: string
|
||||
default: "0"
|
||||
|
||||
registry_host:
|
||||
required: true
|
||||
type: string
|
||||
@@ -21,6 +50,21 @@ on:
|
||||
description: >
|
||||
Multiline build args, one per line: KEY=VALUE (values may include spaces)
|
||||
|
||||
extra_tags:
|
||||
description: >
|
||||
Optional extra tags to apply to each image.
|
||||
Accepts JSON array (e.g. ["latest", "main"]) or newline-separated list.
|
||||
required: false
|
||||
type: string
|
||||
default: ""
|
||||
|
||||
skip_if_tag_exists:
|
||||
description: >
|
||||
If true, skip build when all images already have sha-<commit> tags.
|
||||
required: false
|
||||
type: string
|
||||
default: "false"
|
||||
|
||||
env:
|
||||
description: >
|
||||
Multiline env vars, one per line: KEY=VALUE
|
||||
@@ -53,6 +97,17 @@ jobs:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Checkout external repository
|
||||
if: ${{ inputs.checkout_repo != '' }}
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
repository: ${{ inputs.checkout_repo }}
|
||||
ref: ${{ inputs.checkout_ref }}
|
||||
server-url: ${{ github.server_url }}
|
||||
token: ${{ secrets.ci_token }}
|
||||
path: ${{ inputs.checkout_path }}
|
||||
fetch-depth: ${{ inputs.checkout_fetch_depth }}
|
||||
|
||||
- name: Load env vars
|
||||
if: ${{ inputs.env != '' }}
|
||||
run: |
|
||||
@@ -98,6 +153,10 @@ jobs:
|
||||
env:
|
||||
IMAGES: ${{ inputs.images }}
|
||||
BUILD_ARGS: ${{ inputs.build_args }}
|
||||
EXTRA_TAGS_INPUT: ${{ inputs.extra_tags }}
|
||||
CHECKOUT_REPO: ${{ inputs.checkout_repo }}
|
||||
CHECKOUT_PATH: ${{ inputs.checkout_path }}
|
||||
SKIP_IF_TAG_EXISTS: ${{ inputs.skip_if_tag_exists }}
|
||||
CI_TOKEN: ${{ secrets.ci_token }}
|
||||
TRIVY_SEVERITY: ${{ inputs.trivy_severity }}
|
||||
run: |
|
||||
@@ -127,8 +186,38 @@ jobs:
|
||||
|
||||
RAW_REF="${{ github.ref }}"
|
||||
SHA_FULL="${{ github.sha }}"
|
||||
SOURCE_SHA_FULL="$SHA_FULL"
|
||||
if [ -n "$CHECKOUT_REPO" ] && [ -d "$CHECKOUT_PATH/.git" ]; then
|
||||
SOURCE_SHA_FULL=$(git -C "$CHECKOUT_PATH" rev-parse HEAD)
|
||||
fi
|
||||
SHA_FULL="$SOURCE_SHA_FULL"
|
||||
SHA_SHORT="${SHA_FULL:0:12}"
|
||||
|
||||
truthy() {
|
||||
case "${1,,}" in
|
||||
1|true|yes|y|on) return 0;;
|
||||
*) return 1;;
|
||||
esac
|
||||
}
|
||||
|
||||
if truthy "$SKIP_IF_TAG_EXISTS"; then
|
||||
missing=0
|
||||
while read -r img; do
|
||||
IMAGE_NAME=$(echo "$img" | jq -r '.name')
|
||||
FULL_IMAGE="${{ inputs.registry_host }}/$IMAGE_NAME"
|
||||
if docker manifest inspect "$FULL_IMAGE:sha-$SHA_SHORT" >/dev/null 2>&1; then
|
||||
echo "==== Found existing tag $FULL_IMAGE:sha-$SHA_SHORT ===="
|
||||
else
|
||||
echo "==== Missing tag $FULL_IMAGE:sha-$SHA_SHORT (will build) ===="
|
||||
missing=1
|
||||
fi
|
||||
done < <(echo "$IMAGES" | jq -c '.[]')
|
||||
if [ "$missing" -eq 0 ]; then
|
||||
echo "All images already have sha-$SHA_SHORT tag. Skipping build."
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
|
||||
VERSION_TAGS=()
|
||||
if [[ "$RAW_REF" =~ ^refs/tags/v([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]; then
|
||||
VERSION_TAGS+=("v${BASH_REMATCH[1]}.${BASH_REMATCH[2]}.${BASH_REMATCH[3]}")
|
||||
@@ -137,6 +226,25 @@ jobs:
|
||||
VERSION_TAGS+=("latest")
|
||||
fi
|
||||
|
||||
EXTRA_TAGS=()
|
||||
if [ -n "$EXTRA_TAGS_INPUT" ]; then
|
||||
if echo "$EXTRA_TAGS_INPUT" | jq -e . >/dev/null 2>&1; then
|
||||
if ! echo "$EXTRA_TAGS_INPUT" | jq -e 'type == "array"' >/dev/null 2>&1; then
|
||||
echo "inputs.extra_tags must be a JSON array" >&2
|
||||
exit 1
|
||||
fi
|
||||
mapfile -t EXTRA_TAGS < <(echo "$EXTRA_TAGS_INPUT" | jq -r '.[]')
|
||||
else
|
||||
while IFS= read -r line; do
|
||||
trimmed="${line#"${line%%[![:space:]]*}"}"
|
||||
trimmed="${trimmed%"${trimmed##*[![:space:]]}"}"
|
||||
[ -z "$trimmed" ] && continue
|
||||
case "$trimmed" in \#*) continue;; esac
|
||||
EXTRA_TAGS+=("$trimmed")
|
||||
done <<< "$EXTRA_TAGS_INPUT"
|
||||
fi
|
||||
fi
|
||||
|
||||
BUILD_ARG_FLAGS=()
|
||||
BUILD_ARGS_JSON="{}"
|
||||
if [ -n "$BUILD_ARGS" ]; then
|
||||
@@ -216,6 +324,9 @@ jobs:
|
||||
for ver in "${VERSION_TAGS[@]}"; do
|
||||
TAGS+=("$FULL_IMAGE:$ver")
|
||||
done
|
||||
for extra in "${EXTRA_TAGS[@]}"; do
|
||||
TAGS+=("$FULL_IMAGE:$extra")
|
||||
done
|
||||
TAGS_JSON=$(printf '%s\n' "${TAGS[@]}" | jq -R . | jq -s .)
|
||||
|
||||
TARGET_NAME="img_${IDX}"
|
||||
@@ -275,6 +386,9 @@ jobs:
|
||||
for ver in "${VERSION_TAGS[@]}"; do
|
||||
TAGS+=("$FULL_IMAGE:$ver")
|
||||
done
|
||||
for extra in "${EXTRA_TAGS[@]}"; do
|
||||
TAGS+=("$FULL_IMAGE:$extra")
|
||||
done
|
||||
|
||||
TAG_ARGS=()
|
||||
for tag in "${TAGS[@]}"; do
|
||||
|
||||
40
.github/workflows/python-uv-ci-with-db.yml
vendored
40
.github/workflows/python-uv-ci-with-db.yml
vendored
@@ -101,7 +101,7 @@ jobs:
|
||||
POSTGRES_PASSWORD: ${{ inputs.postgres_password }}
|
||||
POSTGRES_DB: ${{ inputs.postgres_db }}
|
||||
ports:
|
||||
- 5432:5432
|
||||
- 5432
|
||||
options: >-
|
||||
--health-cmd="${{ inputs.postgres_health_cmd }}"
|
||||
--health-interval=${{ inputs.postgres_health_interval }}
|
||||
@@ -123,6 +123,22 @@ jobs:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Configure DB env
|
||||
run: |
|
||||
if [ "${ACT:-}" = "true" ] || [ "${GITEA_ACTIONS:-}" = "true" ]; then
|
||||
host="postgres"
|
||||
port="5432"
|
||||
else
|
||||
host="127.0.0.1"
|
||||
port="${{ job.services.postgres.ports['5432'] }}"
|
||||
fi
|
||||
echo "POSTGRES_HOST=$host" >> "$GITHUB_ENV"
|
||||
echo "POSTGRES_PORT=$port" >> "$GITHUB_ENV"
|
||||
echo "POSTGRES_USER=${{ inputs.postgres_user }}" >> "$GITHUB_ENV"
|
||||
echo "POSTGRES_PASSWORD=${{ inputs.postgres_password }}" >> "$GITHUB_ENV"
|
||||
echo "POSTGRES_DB=${{ inputs.postgres_db }}" >> "$GITHUB_ENV"
|
||||
echo "DATABASE_URL=postgres://${{ inputs.postgres_user }}:${{ inputs.postgres_password }}@$host:$port/${{ inputs.postgres_db }}" >> "$GITHUB_ENV"
|
||||
|
||||
- name: Load env vars
|
||||
if: ${{ inputs.env != '' }}
|
||||
run: |
|
||||
@@ -189,6 +205,28 @@ jobs:
|
||||
echo "$line" >> "$GITHUB_ENV"
|
||||
done <<< "${{ inputs.test_env }}"
|
||||
|
||||
- name: Wait for postgres
|
||||
run: |
|
||||
python - <<'PY'
|
||||
import os
|
||||
import socket
|
||||
import time
|
||||
|
||||
host = os.getenv("POSTGRES_HOST", "127.0.0.1")
|
||||
port = int(os.getenv("POSTGRES_PORT", "5432"))
|
||||
deadline = time.time() + 60
|
||||
|
||||
while True:
|
||||
try:
|
||||
with socket.create_connection((host, port), timeout=2):
|
||||
print(f"Postgres reachable at {host}:{port}")
|
||||
break
|
||||
except OSError:
|
||||
if time.time() > deadline:
|
||||
raise
|
||||
time.sleep(1)
|
||||
PY
|
||||
|
||||
- name: Run format check
|
||||
if: ${{ inputs.format_command != '' }}
|
||||
run: ${{ inputs.format_command }}
|
||||
|
||||
Reference in New Issue
Block a user