From a586cf595a24250d0d0ad5775734cab28007a712 Mon Sep 17 00:00:00 2001 From: Alexander Essenwanger Date: Thu, 10 Oct 2024 11:07:09 +0200 Subject: [PATCH 1/2] reduce unnessecary images and build-steps, also provide all changes to all built image versions again --- .github/workflows/docker.yaml | 131 +++------------------------------- Dockerfile | 24 +++---- 2 files changed, 21 insertions(+), 134 deletions(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 6c63223..bc1552b 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -10,136 +10,26 @@ on: paths: - ".github/workflows/*.yaml" - "Dockerfile" + pull_request: + paths: + - ".github/workflows/*.yaml" + - "Dockerfile" env: # Use docker.io for Docker Hub if empty REGISTRY: ghcr.io # github.repository as / IMAGE_NAME: ${{ github.repository }} - SUSHI_VERSION: "3.11.0" TARGET_PLATFORMS: linux/amd64,linux/arm64 jobs: - node-base: - name: Node Base - runs-on: ubuntu-latest - strategy: - matrix: - base: [alpine, ubuntu] - permissions: - contents: read - packages: write - # This is used to complete the identity challenge - # with sigstore/fulcio when running outside of PRs. - id-token: write - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - # Adds static libs for multi-platform builds - - name: Setup QEMU - uses: docker/setup-qemu-action@v3 - - - name: Setup Docker buildx - uses: docker/setup-buildx-action@v3 - with: - platforms: ${{ env.TARGET_PLATFORMS }} - - # Login against a Docker registry except on PR - # https://github.com/docker/login-action - - name: Log into registry ${{ env.REGISTRY }} - uses: docker/login-action@v2 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - # Extract metadata (tags, labels) for Docker - # https://github.com/docker/metadata-action - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@v4 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/node - tags: | - ${{ matrix.base }} - - # Build and push Docker image with Buildx (push on tag) - # https://github.com/docker/build-push-action - - name: Build and push Docker image - id: build-and-push - uses: docker/build-push-action@v4 - with: - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - target: node-${{ matrix.base }} - - pub-base: - name: IG Publisher Base - needs: node-base - runs-on: ubuntu-latest - strategy: - matrix: - base: [alpine, ubuntu] - permissions: - contents: read - packages: write - # This is used to complete the identity challenge - # with sigstore/fulcio when running outside of PRs. - id-token: write - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - # Adds static libs for multi-platform builds - - name: Setup QEMU - uses: docker/setup-qemu-action@v3 - - - name: Setup Docker buildx - uses: docker/setup-buildx-action@v3 - with: - platforms: ${{ env.TARGET_PLATFORMS }} - - # Login against a Docker registry except on PR - # https://github.com/docker/login-action - - name: Log into registry ${{ env.REGISTRY }} - uses: docker/login-action@v2 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - # Extract metadata (tags, labels) for Docker - # https://github.com/docker/metadata-action - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@v4 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/pub-base - tags: | - ${{ matrix.base }} - - # Build and push Docker image with Buildx (push on tag) - # https://github.com/docker/build-push-action - - name: Build and push Docker image - id: build-and-push - uses: docker/build-push-action@v4 - with: - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - target: pub-base-${{ matrix.base }} - sushi: name: FSH Sushi - needs: node-base runs-on: ubuntu-latest strategy: matrix: base: [alpine, ubuntu] + sushi: ["2.10.2", "3.0.0", "3.4.0", "3.5.0", "3.10.0", "3.11.0", "3.11.1"] permissions: contents: read packages: write @@ -177,7 +67,7 @@ jobs: with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/fsh-sushi tags: | - ${{ env.SUSHI_VERSION }}-${{ matrix.base }} + ${{ matrix.sushi }}-${{ matrix.base }} # Build and push Docker image with Buildx (push on tag) # https://github.com/docker/build-push-action @@ -189,15 +79,16 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} target: fsh-sushi-${{ matrix.base }} - build-args: SUSHI_VERSION=${{ env.SUSHI_VERSION }} + build-args: SUSHI_VERSION=${{ matrix.sushi }} ig-publisher: name: IG Publisher - needs: [node-base, pub-base] + needs: sushi runs-on: ubuntu-latest strategy: matrix: base: [alpine, ubuntu] + sushi: ["2.10.2", "3.0.0", "3.4.0", "3.5.0", "3.10.0", "3.11.0", "3.11.1"] permissions: contents: read packages: write @@ -235,7 +126,7 @@ jobs: with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/ig-publisher tags: | - ${{ env.SUSHI_VERSION }}-${{ matrix.base }} + ${{ matrix.sushi }}-${{ matrix.base }} # Build and push Docker image with Buildx (push on tag) # https://github.com/docker/build-push-action @@ -247,4 +138,4 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} target: ig-publisher-${{ matrix.base }} - build-args: SUSHI_VERSION=${{ env.SUSHI_VERSION }} + build-args: SUSHI_VERSION=${{ matrix.sushi }} diff --git a/Dockerfile b/Dockerfile index 0cef532..2cee3df 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,7 @@ -### NODE ALPINE -FROM mcr.microsoft.com/devcontainers/base:alpine as node-alpine +ARG SUSHI_VERSION= + +### SUSHI ALPINE +FROM mcr.microsoft.com/devcontainers/base:alpine as fsh-sushi-alpine RUN apk update \ && apk add nodejs npm # Update sources for nodejs @@ -7,27 +9,21 @@ RUN apk update \ # RUN apt update \ # && apt install -y \ # nodejs +ARG SUSHI_VERSION= +RUN npm install -g fsh-sushi@${SUSHI_VERSION} -### NODE UBUNTU -FROM mcr.microsoft.com/devcontainers/base:ubuntu as node-ubuntu +### SUSHI UBUNTU +FROM mcr.microsoft.com/devcontainers/base:ubuntu as fsh-sushi-ubuntu # Update sources for nodejs RUN curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash - RUN apt update \ && apt install -y \ nodejs - -### SUSHI ALPINE -FROM ghcr.io/cybernop/vscode-fhir-devcontainer/node:alpine as fsh-sushi-alpine -ARG SUSHI_VERSION= -RUN npm install -g fsh-sushi@${SUSHI_VERSION} - -### SUSHI UBUNTU -FROM ghcr.io/cybernop/vscode-fhir-devcontainer/node:ubuntu as fsh-sushi-ubuntu ARG SUSHI_VERSION= RUN npm install -g fsh-sushi@${SUSHI_VERSION} ### PUB BASE ALPINE -FROM ghcr.io/cybernop/vscode-fhir-devcontainer/node:alpine AS pub-base-alpine +FROM ghcr.io/cybernop/vscode-fhir-devcontainer/fsh-sushi:${SUSHI_VERSION}-alpine AS pub-base-alpine RUN apk update \ && apk add --no-cache \ linux-headers \ @@ -44,7 +40,7 @@ RUN wget -q -P /workspaces https://github.com/hapifhir/org.hl7.fhir.core/release && chmod a+x /workspaces/validate.sh ### RUB BASE UBUNTU -FROM ghcr.io/cybernop/vscode-fhir-devcontainer/node:ubuntu AS pub-base-ubuntu +FROM ghcr.io/cybernop/vscode-fhir-devcontainer/fsh-sushi:${SUSHI_VERSION}-ubuntu AS pub-base-ubuntu RUN apt update \ && apt install -y \ openjdk-17-jdk \ From 6e592aa0f2ce683a75cd889f2aeefba2454a3d05 Mon Sep 17 00:00:00 2001 From: Alexander Essenwanger Date: Thu, 10 Oct 2024 11:23:09 +0200 Subject: [PATCH 2/2] update version to build and update to latest action versions --- .github/workflows/docker.yaml | 46 ++++++++++++++++++----------------- 1 file changed, 24 insertions(+), 22 deletions(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index bc1552b..35c1d9a 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -10,10 +10,6 @@ on: paths: - ".github/workflows/*.yaml" - "Dockerfile" - pull_request: - paths: - - ".github/workflows/*.yaml" - - "Dockerfile" env: # Use docker.io for Docker Hub if empty @@ -21,6 +17,8 @@ env: # github.repository as / IMAGE_NAME: ${{ github.repository }} TARGET_PLATFORMS: linux/amd64,linux/arm64 + LATEST_SUSHI: "3.11.0" + MAIN_OS: "alpine" jobs: sushi: @@ -28,8 +26,8 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - base: [alpine, ubuntu] - sushi: ["2.10.2", "3.0.0", "3.4.0", "3.5.0", "3.10.0", "3.11.0", "3.11.1"] + os: [alpine, ubuntu] + sushi: ["2.10.2", "3.0.0", "3.5.0", "3.10.0", "3.11.0", "3.11.1"] permissions: contents: read packages: write @@ -39,7 +37,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 # Adds static libs for multi-platform builds - name: Setup QEMU @@ -53,7 +51,7 @@ jobs: # Login against a Docker registry except on PR # https://github.com/docker/login-action - name: Log into registry ${{ env.REGISTRY }} - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -63,22 +61,24 @@ jobs: # https://github.com/docker/metadata-action - name: Extract Docker metadata id: meta - uses: docker/metadata-action@v4 + uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/fsh-sushi tags: | - ${{ matrix.sushi }}-${{ matrix.base }} + type=raw,value=${{ matrix.sushi }}-${{ matrix.os }} + type=raw,value=${{ matrix.os }},enable=${{ matrix.sushi == env.LATEST_SUSHI }} + type=raw,value=latest,enable=${{ matrix.sushi == env.LATEST_SUSHI && matrix.os == env.MAIN_OS }} # Build and push Docker image with Buildx (push on tag) # https://github.com/docker/build-push-action - name: Build and push Docker image id: build-and-push - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: - push: true + push: ${{ github.ref_name == 'main'}} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - target: fsh-sushi-${{ matrix.base }} + target: fsh-sushi-${{ matrix.os }} build-args: SUSHI_VERSION=${{ matrix.sushi }} ig-publisher: @@ -87,8 +87,8 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - base: [alpine, ubuntu] - sushi: ["2.10.2", "3.0.0", "3.4.0", "3.5.0", "3.10.0", "3.11.0", "3.11.1"] + os: [alpine, ubuntu] + sushi: ["2.10.2", "3.0.0", "3.5.0", "3.10.0", "3.11.0", "3.11.1"] permissions: contents: read packages: write @@ -98,7 +98,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 # Adds static libs for multi-platform builds - name: Setup QEMU @@ -112,7 +112,7 @@ jobs: # Login against a Docker registry except on PR # https://github.com/docker/login-action - name: Log into registry ${{ env.REGISTRY }} - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -122,20 +122,22 @@ jobs: # https://github.com/docker/metadata-action - name: Extract Docker metadata id: meta - uses: docker/metadata-action@v4 + uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/ig-publisher tags: | - ${{ matrix.sushi }}-${{ matrix.base }} + type=raw,value=${{ matrix.sushi }}-${{ matrix.os }} + type=raw,value=${{ matrix.os }},enable=${{ matrix.sushi == env.LATEST_SUSHI }} + type=raw,value=latest,enable=${{ matrix.sushi == env.LATEST_SUSHI && matrix.os == env.MAIN_OS }} # Build and push Docker image with Buildx (push on tag) # https://github.com/docker/build-push-action - name: Build and push Docker image id: build-and-push - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: - push: true + push: ${{ github.ref_name == 'main'}} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - target: ig-publisher-${{ matrix.base }} + target: ig-publisher-${{ matrix.os }} build-args: SUSHI_VERSION=${{ matrix.sushi }}