Skip to content

Commit

Permalink
Multi-build manifests
Browse files Browse the repository at this point in the history
  • Loading branch information
@zx8086
zx8086 committed Jan 20, 2025
1 parent 1a42f20 commit 290f501
Showing 1 changed file with 6 additions and 93 deletions.
99 changes: 6 additions & 93 deletions .github/workflows/docker-ci-cd.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -182,10 +182,12 @@ jobs:
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
platforms: linux/amd64,linux/arm64
cache-from: type=registry,ref=docker.io/zx8086/capella-document-search:buildcache
cache-to: type=registry,ref=docker.io/zx8086/capella-document-search:buildcache,mode=max
cache-from: |
type=registry,ref=docker.io/zx8086/capella-document-search:buildcache
cache-to: |
type=registry,ref=docker.io/zx8086/capella-document-search:buildcache,mode=max
outputs: ${{ github.event_name == 'pull_request' && 'type=cacheonly' || 'type=registry' }}
provenance: false
outputs: type=registry

- name: Verify image
if: github.event_name != 'pull_request'
Expand All @@ -197,72 +199,13 @@ jobs:
echo "Verifying image manifest..."
docker buildx imagetools inspect docker.io/zx8086/capella-document-search:latest
- name: Create multi-arch manifest
if: github.event_name != 'pull_request'
run: |
# Wait for images to be available
sleep 15
# Create and push manifest lists
docker manifest create docker.io/zx8086/capella-document-search:latest \
--amend docker.io/zx8086/capella-document-search:latest-linux-amd64 \
--amend docker.io/zx8086/capella-document-search:latest-linux-arm64
docker manifest push docker.io/zx8086/capella-document-search:latest
# Verify the manifest
echo "Verifying manifest..."
docker buildx imagetools inspect docker.io/zx8086/capella-document-search:latest
- name: Push image with digest
if: github.event_name != 'pull_request'
run: |
echo "Waiting for image to be available..."
sleep 15 # Increased wait time
# Try multiple methods to get the digest
echo "Attempting to get digest..."
# Method 1: Direct inspect
DIGEST=$(docker buildx imagetools inspect docker.io/zx8086/capella-document-search:latest --raw 2>/dev/null | jq -r '.manifests[0].digest' 2>/dev/null || echo "")
# Method 2: Pull and inspect if Method 1 fails
if [ -z "$DIGEST" ] || [ "$DIGEST" = "null" ]; then
echo "Trying alternative method..."
docker pull docker.io/zx8086/capella-document-search:latest 2>/dev/null
DIGEST=$(docker inspect docker.io/zx8086/capella-document-search:latest --format='{{index .RepoDigests 0}}' 2>/dev/null | cut -d'@' -f2 || echo "")
fi
# Verify digest before using
if [ -n "$DIGEST" ] && [ "$DIGEST" != "null" ]; then
echo "Image digest: $DIGEST"
echo "Creating tagged images..."
docker buildx imagetools create \
--tag docker.io/zx8086/capella-document-search:latest \
--tag docker.io/zx8086/capella-document-search:${{ github.sha }} \
docker.io/zx8086/capella-document-search@${DIGEST}
else
echo "Warning: Could not obtain valid digest, skipping digest push"
# List available images for debugging
echo "Available images:"
docker images | grep capella-document-search
exit 0
fi
- name: Validate image metadata
if: github.event_name != 'pull_request'
run: |
IMAGE_REF="docker.io/zx8086/capella-document-search:latest"
echo "Validating image metadata..."
docker buildx imagetools inspect ${IMAGE_REF} --format '{{json .}}' | jq .
- name: Verify image manifest
if: github.event_name != 'pull_request'
run: |
echo "Checking manifest..."
MANIFEST=$(docker buildx imagetools inspect docker.io/zx8086/capella-document-search:latest --raw)
echo "$MANIFEST" | jq .
- name: Verify image attestations
if: github.event_name != 'pull_request'
continue-on-error: true
Expand Down Expand Up @@ -493,50 +436,20 @@ jobs:
rm -rf /usr/local/bin/syft
rm -rf ~/.sigstore
echo "Cleanup completed"
- name: Verify metadata
continue-on-error: true
shell: bash
run: |
echo "Verifying metadata output..."
# Check if metadata environment variables are set
REQUIRED_LABELS=(
"org.opencontainers.image.description"
"org.opencontainers.image.licenses"
"org.opencontainers.image.title"
"org.opencontainers.image.version"
"org.opencontainers.image.revision"
)
# Store metadata JSON in a file to avoid shell interpretation issues
echo '${{ steps.meta.outputs.json }}' > metadata.json
if [ -s metadata.json ]; then
echo "Processing metadata..."
# Extract labels using jq
for label in "${REQUIRED_LABELS[@]}"; do
VALUE=$(jq -r ".labels[\"$label\"] // \"\"" metadata.json)
if [ -z "$VALUE" ] || [ "$VALUE" = "null" ]; then
echo "⚠️ Warning: Missing or empty metadata: $label"
else
echo "✅ $label: $VALUE"
fi
done
# Print all available labels for debugging
echo -e "\nAll available labels:"
jq -r '.labels | keys[]' metadata.json 2>/dev/null || echo "No labels found"
# Cleanup
rm metadata.json
else
echo "⚠️ Warning: No metadata JSON output found"
# Print environment variables for debugging
echo -e "\nAvailable environment variables:"
env | grep -i "DOCKER_METADATA" || echo "No metadata environment variables found"
fi
echo "Metadata verification completed"
echo "Metadata verification completed"

0 comments on commit 290f501

Please sign in to comment.