From 290f501d011aacfe445633cafda8a5617c0ff3e8 Mon Sep 17 00:00:00 2001 From: 7-Zark-7 <1085655+zx8086@users.noreply.github.com> Date: Mon, 20 Jan 2025 13:11:03 +0100 Subject: [PATCH] Multi-build manifests --- .github/workflows/docker-ci-cd.yml | 99 ++---------------------------- 1 file changed, 6 insertions(+), 93 deletions(-) diff --git a/.github/workflows/docker-ci-cd.yml b/.github/workflows/docker-ci-cd.yml index f9941b3..20c92ef 100644 --- a/.github/workflows/docker-ci-cd.yml +++ b/.github/workflows/docker-ci-cd.yml @@ -182,10 +182,12 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} platforms: linux/amd64,linux/arm64 - cache-from: type=registry,ref=docker.io/zx8086/capella-document-search:buildcache - cache-to: type=registry,ref=docker.io/zx8086/capella-document-search:buildcache,mode=max + cache-from: | + type=registry,ref=docker.io/zx8086/capella-document-search:buildcache + cache-to: | + type=registry,ref=docker.io/zx8086/capella-document-search:buildcache,mode=max + outputs: ${{ github.event_name == 'pull_request' && 'type=cacheonly' || 'type=registry' }} provenance: false - outputs: type=registry - name: Verify image if: github.event_name != 'pull_request' @@ -197,58 +199,6 @@ jobs: echo "Verifying image manifest..." docker buildx imagetools inspect docker.io/zx8086/capella-document-search:latest - - name: Create multi-arch manifest - if: github.event_name != 'pull_request' - run: | - # Wait for images to be available - sleep 15 - - # Create and push manifest lists - docker manifest create docker.io/zx8086/capella-document-search:latest \ - --amend docker.io/zx8086/capella-document-search:latest-linux-amd64 \ - --amend docker.io/zx8086/capella-document-search:latest-linux-arm64 - - docker manifest push docker.io/zx8086/capella-document-search:latest - - # Verify the manifest - echo "Verifying manifest..." - docker buildx imagetools inspect docker.io/zx8086/capella-document-search:latest - - - name: Push image with digest - if: github.event_name != 'pull_request' - run: | - echo "Waiting for image to be available..." - sleep 15 # Increased wait time - - # Try multiple methods to get the digest - echo "Attempting to get digest..." - - # Method 1: Direct inspect - DIGEST=$(docker buildx imagetools inspect docker.io/zx8086/capella-document-search:latest --raw 2>/dev/null | jq -r '.manifests[0].digest' 2>/dev/null || echo "") - - # Method 2: Pull and inspect if Method 1 fails - if [ -z "$DIGEST" ] || [ "$DIGEST" = "null" ]; then - echo "Trying alternative method..." - docker pull docker.io/zx8086/capella-document-search:latest 2>/dev/null - DIGEST=$(docker inspect docker.io/zx8086/capella-document-search:latest --format='{{index .RepoDigests 0}}' 2>/dev/null | cut -d'@' -f2 || echo "") - fi - - # Verify digest before using - if [ -n "$DIGEST" ] && [ "$DIGEST" != "null" ]; then - echo "Image digest: $DIGEST" - echo "Creating tagged images..." - docker buildx imagetools create \ - --tag docker.io/zx8086/capella-document-search:latest \ - --tag docker.io/zx8086/capella-document-search:${{ github.sha }} \ - docker.io/zx8086/capella-document-search@${DIGEST} - else - echo "Warning: Could not obtain valid digest, skipping digest push" - # List available images for debugging - echo "Available images:" - docker images | grep capella-document-search - exit 0 - fi - - name: Validate image metadata if: github.event_name != 'pull_request' run: | @@ -256,13 +206,6 @@ jobs: echo "Validating image metadata..." docker buildx imagetools inspect ${IMAGE_REF} --format '{{json .}}' | jq . - - name: Verify image manifest - if: github.event_name != 'pull_request' - run: | - echo "Checking manifest..." - MANIFEST=$(docker buildx imagetools inspect docker.io/zx8086/capella-document-search:latest --raw) - echo "$MANIFEST" | jq . - - name: Verify image attestations if: github.event_name != 'pull_request' continue-on-error: true @@ -493,50 +436,20 @@ jobs: rm -rf /usr/local/bin/syft rm -rf ~/.sigstore echo "Cleanup completed" - - name: Verify metadata continue-on-error: true shell: bash run: | echo "Verifying metadata output..." - # Check if metadata environment variables are set - REQUIRED_LABELS=( - "org.opencontainers.image.description" - "org.opencontainers.image.licenses" - "org.opencontainers.image.title" - "org.opencontainers.image.version" - "org.opencontainers.image.revision" - ) - # Store metadata JSON in a file to avoid shell interpretation issues echo '${{ steps.meta.outputs.json }}' > metadata.json if [ -s metadata.json ]; then echo "Processing metadata..." - - # Extract labels using jq - for label in "${REQUIRED_LABELS[@]}"; do - VALUE=$(jq -r ".labels[\"$label\"] // \"\"" metadata.json) - if [ -z "$VALUE" ] || [ "$VALUE" = "null" ]; then - echo "⚠️ Warning: Missing or empty metadata: $label" - else - echo "✅ $label: $VALUE" - fi - done - - # Print all available labels for debugging - echo -e "\nAll available labels:" jq -r '.labels | keys[]' metadata.json 2>/dev/null || echo "No labels found" - - # Cleanup - rm metadata.json else echo "⚠️ Warning: No metadata JSON output found" - - # Print environment variables for debugging - echo -e "\nAvailable environment variables:" - env | grep -i "DOCKER_METADATA" || echo "No metadata environment variables found" fi - echo "Metadata verification completed" \ No newline at end of file + echo "Metadata verification completed"