fix: docker manifest using digests

This commit is contained in:
Dominik Schröter 2025-02-02 21:36:08 +01:00
parent 23ca254f87
commit 4b9ba45eb3
2 changed files with 69 additions and 33 deletions

View file

@ -1,2 +1,3 @@
.env .env
Dockerfile Dockerfile
.github

View file

@ -58,32 +58,30 @@ jobs:
build-amd64: build-amd64:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: test needs: test
outputs:
digest: ${{ steps.build_amd64.outputs.digest }}
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3
- name: Log in to Docker Hub - name: Log in to Docker Hub
if: ${{ github.event_name != 'pull_request' }} if: ${{ github.event_name != 'pull_request' }}
uses: docker/login-action@v3 uses: docker/login-action@v3
with: with:
username: ${{ secrets.DOCKER_USERNAME }} username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }} password: ${{ secrets.DOCKER_PASSWORD }}
- name: Set Docker tags - name: Set Docker tags
id: set_tags id: set_tags
run: | run: |
echo "TAGS=icereed/paperless-gpt:unreleased-amd64" >> $GITHUB_ENV if [[ "${GITHUB_REF_TYPE}" == "tag" ]]; then
if [[ "${GITHUB_REF}" == "refs/heads/main" ]]; then
echo "TAGS=icereed/paperless-gpt:unreleased-amd64" >> $GITHUB_ENV
elif [[ "${GITHUB_REF_TYPE}" == "tag" ]]; then
VERSION=${GITHUB_REF#refs/tags/} VERSION=${GITHUB_REF#refs/tags/}
echo "TAGS=icereed/paperless-gpt:${VERSION}-amd64" >> $GITHUB_ENV echo "TAGS=icereed/paperless-gpt:${VERSION}-amd64" >> $GITHUB_ENV
else
echo "TAGS=icereed/paperless-gpt:unreleased-amd64" >> $GITHUB_ENV
fi fi
- name: Build and push AMD64 image - name: Build and push AMD64 image
id: build_amd64
uses: docker/build-push-action@v6 uses: docker/build-push-action@v6
with: with:
context: . context: .
@ -96,36 +94,43 @@ jobs:
VERSION=${{ github.ref_type == 'tag' && github.ref_name || github.sha }} VERSION=${{ github.ref_type == 'tag' && github.ref_name || github.sha }}
COMMIT=${{ github.sha }} COMMIT=${{ github.sha }}
BUILD_DATE=${{ github.event.repository.pushed_at }} BUILD_DATE=${{ github.event.repository.pushed_at }}
- name: Export digest for amd64
run: |
mkdir -p ${{ runner.temp }}/digests
echo "${{ steps.build_amd64.outputs.digest }}" | sed 's/^sha256://g' > ${{ runner.temp }}/digests/digest-amd64.txt
- name: Upload amd64 digest
uses: actions/upload-artifact@v4
with:
name: digest-amd64
path: ${{ runner.temp }}/digests/digest-amd64.txt
build-arm64: build-arm64:
runs-on: ubuntu-24.04-arm runs-on: ubuntu-24.04-arm
needs: test needs: test
outputs:
digest: ${{ steps.build_arm64.outputs.digest }}
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3
- name: Log in to Docker Hub - name: Log in to Docker Hub
if: ${{ github.event_name != 'pull_request' }} if: ${{ github.event_name != 'pull_request' }}
uses: docker/login-action@v3 uses: docker/login-action@v3
with: with:
username: ${{ secrets.DOCKER_USERNAME }} username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }} password: ${{ secrets.DOCKER_PASSWORD }}
- name: Set Docker tags - name: Set Docker tags
id: set_tags id: set_tags
run: | run: |
echo "TAGS=icereed/paperless-gpt:unreleased-arm64" >> $GITHUB_ENV if [[ "${GITHUB_REF_TYPE}" == "tag" ]]; then
if [[ "${GITHUB_REF}" == "refs/heads/main" ]]; then
echo "TAGS=icereed/paperless-gpt:unreleased-arm64" >> $GITHUB_ENV
elif [[ "${GITHUB_REF_TYPE}" == "tag" ]]; then
VERSION=${GITHUB_REF#refs/tags/} VERSION=${GITHUB_REF#refs/tags/}
echo "TAGS=icereed/paperless-gpt:${VERSION}-arm64" >> $GITHUB_ENV echo "TAGS=icereed/paperless-gpt:${VERSION}-arm64" >> $GITHUB_ENV
else
echo "TAGS=icereed/paperless-gpt:unreleased-arm64" >> $GITHUB_ENV
fi fi
- name: Build and push ARM64 image - name: Build and push ARM64 image
id: build_arm64
uses: docker/build-push-action@v6 uses: docker/build-push-action@v6
with: with:
context: . context: .
@ -138,34 +143,64 @@ jobs:
VERSION=${{ github.ref_type == 'tag' && github.ref_name || github.sha }} VERSION=${{ github.ref_type == 'tag' && github.ref_name || github.sha }}
COMMIT=${{ github.sha }} COMMIT=${{ github.sha }}
BUILD_DATE=${{ github.event.repository.pushed_at }} BUILD_DATE=${{ github.event.repository.pushed_at }}
- name: Export digest for arm64
run: |
mkdir -p ${{ runner.temp }}/digests
echo "${{ steps.build_arm64.outputs.digest }}" | sed 's/^sha256://g' > ${{ runner.temp }}/digests/digest-arm64.txt
- name: Upload arm64 digest
uses: actions/upload-artifact@v4
with:
name: digest-arm64
path: ${{ runner.temp }}/digests/digest-arm64.txt
merge-manifests: merge-manifests:
needs: [build-amd64, build-arm64] needs: [build-amd64, build-arm64]
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: github.event_name != 'pull_request' if: github.event_name != 'pull_request'
env:
DOCKERHUB_REPO: icereed/paperless-gpt
steps: steps:
- name: Download amd64 digest
uses: actions/download-artifact@v4
with:
name: digest-amd64
path: ${{ runner.temp }}/digests
- name: Download arm64 digest
uses: actions/download-artifact@v4
with:
name: digest-arm64
path: ${{ runner.temp }}/digests
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub - name: Login to Docker Hub
uses: docker/login-action@v3 uses: docker/login-action@v3
with: with:
username: ${{ secrets.DOCKER_USERNAME }} username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }} password: ${{ secrets.DOCKER_PASSWORD }}
- name: Determine version/tag
- name: Create and push manifest id: get_version
run: | run: |
if [[ "${GITHUB_REF_TYPE}" == "tag" ]]; then if [[ "${GITHUB_REF_TYPE}" == "tag" ]]; then
VERSION=${GITHUB_REF#refs/tags/} VERSION=${GITHUB_REF#refs/tags/}
docker manifest create icereed/paperless-gpt:${VERSION} --amend \ echo "VERSION=${VERSION}" >> $GITHUB_ENV
icereed/paperless-gpt:${VERSION}-amd64 \
icereed/paperless-gpt:${VERSION}-arm64
docker manifest push --purge icereed/paperless-gpt:${VERSION}
docker manifest create icereed/paperless-gpt:latest --amend \
icereed/paperless-gpt:${VERSION}-amd64 \
icereed/paperless-gpt:${VERSION}-arm64
docker manifest push --purge icereed/paperless-gpt:latest
else else
docker manifest create icereed/paperless-gpt:unreleased --amend \ echo "VERSION=unreleased" >> $GITHUB_ENV
icereed/paperless-gpt:unreleased-amd64 \ fi
icereed/paperless-gpt:unreleased-arm64 - name: Create and push manifest list
docker manifest push --purge icereed/paperless-gpt:unreleased run: |
AMD64_DIGEST=$(cat ${{ runner.temp }}/digests/digest-amd64.txt)
ARM64_DIGEST=$(cat ${{ runner.temp }}/digests/digest-arm64.txt)
# Create manifest with the single-arch image digests
docker buildx imagetools create -t ${DOCKERHUB_REPO}:${VERSION} \
${DOCKERHUB_REPO}@sha256:${AMD64_DIGEST} ${DOCKERHUB_REPO}@sha256:${ARM64_DIGEST}
# Also push "latest" tag when on a tag
if [[ "${GITHUB_REF_TYPE}" == "tag" ]]; then
docker buildx imagetools create -t ${DOCKERHUB_REPO}:latest \
${DOCKERHUB_REPO}@sha256:${AMD64_DIGEST} ${DOCKERHUB_REPO}@sha256:${ARM64_DIGEST}
fi
- name: Inspect manifest
run: |
docker buildx imagetools inspect ${DOCKERHUB_REPO}:${VERSION}
if [[ "${GITHUB_REF_TYPE}" == "tag" ]]; then
docker buildx imagetools inspect ${DOCKERHUB_REPO}:latest
fi fi