From 9878b5ba9fe856bd11b1c0fe10aaf53e100af721 Mon Sep 17 00:00:00 2001 From: David Papp Date: Wed, 27 Aug 2025 11:47:11 +0200 Subject: [PATCH 1/4] feat: Add Docker Bake configuration and update GitHub Actions workflow for NGINX preview deployment --- .github/workflows/pull.yaml | 166 +++++++++++++++++++++++++++--------- docker-bake.hcl | 30 +++++++ 2 files changed, 155 insertions(+), 41 deletions(-) create mode 100644 docker-bake.hcl diff --git a/.github/workflows/pull.yaml b/.github/workflows/pull.yaml index 4e7f8e8..16173f5 100644 --- a/.github/workflows/pull.yaml +++ b/.github/workflows/pull.yaml @@ -1,48 +1,34 @@ -name: nginx pull +name: nginx preview deployment on: pull_request: - branches: - - main + branches: + - main +env: + REGISTRY_IMAGE: ghcr.io/arxignis/nginx jobs: - pull: - name: nginx pull - runs-on: ubicloud-standard-8-ubuntu-2404 + prepare: + runs-on: ubicloud-standard-16-ubuntu-2404 + outputs: + matrix: ${{ steps.platforms.outputs.matrix }} steps: - - name: Login to Github Packages - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Set up QEMU - id: qemu - uses: docker/setup-qemu-action@v3 - with: - image: tonistiigi/binfmt:latest - platforms: all - - - name: 🏗 Setup repo + - name: Checkout uses: actions/checkout@v4 - with: - token: ${{ secrets.GITHUB_TOKEN }} - submodules: recursive - - name: Set up Docker Context for Buildx - run: docker context create builders + - name: Create matrix + id: platforms + run: | + echo "matrix=$(docker buildx bake image-all --print | jq -cr '.target."image-all".platforms')" >>${GITHUB_OUTPUT} - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - version: latest - endpoint: builders + - name: Show matrix + run: | + echo ${{ steps.platforms.outputs.matrix }} - name: Docker meta id: nginx uses: docker/metadata-action@v5 with: - images: ghcr.io/arxignis/nginx + images: ${{ env.REGISTRY_IMAGE }} tags: | type=sha,format=short type=match,pattern=v(\d+\.\d+\.\d+),group=1 @@ -50,14 +36,112 @@ jobs: type=match,pattern=v(\d+),group=1 type=raw,value=latest + - name: Rename meta bake definition file + run: | + mv "${{ steps.meta.outputs.bake-file }}" "${{ runner.temp }}/bake-meta.json" + + - name: Upload meta bake definition + uses: actions/upload-artifact@v4 + with: + name: bake-meta + path: ${{ runner.temp }}/bake-meta.json + if-no-files-found: error + retention-days: 1 + + build: + runs-on: ${{ matrix.platform == 'linux/arm64' && 'ubicloud-standard-16-arm-ubuntu-2404' || 'ubicloud-standard-16-ubuntu-2404' }} + needs: + - prepare + strategy: + fail-fast: false + matrix: + platform: ${{ fromJson(needs.prepare.outputs.matrix) }} + steps: + - name: Prepare + run: | + platform=${{ matrix.platform }} + echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + + - name: Download meta bake definition + uses: actions/download-artifact@v4 + with: + name: bake-meta + path: ${{ runner.temp }} + + - name: Login to Github Packages + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Build - uses: docker/build-push-action@v6 - id: build-image + id: bake + uses: docker/bake-action@v6 with: - context: . - platforms: linux/arm64,linux/amd64 - push: false - tags: ${{ steps.nginx.outputs.tags }} - labels: ${{ steps.nginx.outputs.labels }} - cache-from: type=gha - cache-to: type=gha,mode=max + files: | + ./docker-bake.hcl + cwd://${{ runner.temp }}/bake-meta.json + targets: image + set: | + *.tags=${{ env.REGISTRY_IMAGE }} + *.platform=${{ matrix.platform }} + *.output=type=image,push-by-digest=true,name-canonical=true,push=true + + - name: Export digest + run: | + mkdir -p ${{ runner.temp }}/digests + digest="${{ fromJSON(steps.bake.outputs.metadata).image['containerimage.digest'] }}" + touch "${{ runner.temp }}/digests/${digest#sha256:}" + + # - name: Upload digest + # uses: actions/upload-artifact@v4 + # with: + # name: digests-${{ env.PLATFORM_PAIR }} + # path: ${{ runner.temp }}/digests/* + # if-no-files-found: error + # retention-days: 1 + + # merge: + # runs-on: ubicloud-standard-16-ubuntu-2404 + # needs: + # - build + # steps: + # - name: Download meta bake definition + # uses: actions/download-artifact@v4 + # with: + # name: bake-meta + # path: ${{ runner.temp }} + + # - name: Download digests + # uses: actions/download-artifact@v4 + # with: + # path: ${{ runner.temp }}/digests + # pattern: digests-* + # merge-multiple: true + + # - name: Login to Github Packages + # uses: docker/login-action@v3 + # with: + # registry: ghcr.io + # username: ${{ github.actor }} + # password: ${{ secrets.GITHUB_TOKEN }} + + # - name: Set up Docker Buildx + # uses: docker/setup-buildx-action@v3 + + # - name: Create manifest list and push + # working-directory: ${{ runner.temp }}/digests + # run: | + # docker buildx imagetools create $(jq -cr '.target."docker-metadata-action".tags | map(select(startswith("${{ env.REGISTRY_IMAGE }}")) | "-t " + .) | join(" ")' ${{ runner.temp }}/bake-meta.json) \ + # $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *) + + # - name: Inspect image + # run: | + # docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:$(jq -r '.target."docker-metadata-action".args.DOCKER_META_VERSION' ${{ runner.temp }}/bake-meta.json) diff --git a/docker-bake.hcl b/docker-bake.hcl new file mode 100644 index 0000000..8b13b49 --- /dev/null +++ b/docker-bake.hcl @@ -0,0 +1,30 @@ +variable "DEFAULT_TAG" { + default = "ax-nginx:local" +} + +// Special target: https://github.com/docker/metadata-action#bake-definition +target "docker-metadata-action" { + tags = ["${DEFAULT_TAG}"] +} + +// Default target if none specified +group "default" { + targets = ["image-local"] +} + +target "image" { + inherits = ["docker-metadata-action"] +} + +target "image-local" { + inherits = ["image"] + output = ["type=docker"] +} + +target "image-all" { + inherits = ["image"] + platforms = [ + "linux/amd64", + "linux/arm64", + ] +} From 422f104960553b42334e4976745562812806353f Mon Sep 17 00:00:00 2001 From: David Papp Date: Wed, 27 Aug 2025 11:51:24 +0200 Subject: [PATCH 2/4] refactor: Rename Docker meta step ID in GitHub Actions workflow for clarity --- .github/workflows/pull.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pull.yaml b/.github/workflows/pull.yaml index 16173f5..3d2d7ea 100644 --- a/.github/workflows/pull.yaml +++ b/.github/workflows/pull.yaml @@ -25,7 +25,7 @@ jobs: echo ${{ steps.platforms.outputs.matrix }} - name: Docker meta - id: nginx + id: meta uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY_IMAGE }} From 3582c64f6ffa70febde6f4ba9d189f308c14fd0d Mon Sep 17 00:00:00 2001 From: David Papp Date: Wed, 27 Aug 2025 12:41:56 +0200 Subject: [PATCH 3/4] chore: Enhance GitHub Actions workflow for Docker image preparation, building, and manifest creation --- .github/workflows/release.yaml | 156 +++++++++++++++++++++++++-------- 1 file changed, 120 insertions(+), 36 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index d835c35..937a56c 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -4,11 +4,70 @@ on: push: tags: - "v*.*.*" +env: + REGISTRY_IMAGE: ghcr.io/arxignis/nginx jobs: - deploy: - name: nginx release + prepare: runs-on: ubicloud-standard-16-ubuntu-2404 + outputs: + matrix: ${{ steps.platforms.outputs.matrix }} steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Create matrix + id: platforms + run: | + echo "matrix=$(docker buildx bake image-all --print | jq -cr '.target."image-all".platforms')" >>${GITHUB_OUTPUT} + + - name: Show matrix + run: | + echo ${{ steps.platforms.outputs.matrix }} + + - name: Docker meta + id: nginx + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY_IMAGE }} + tags: | + type=sha,format=short + type=match,pattern=v(\d+\.\d+\.\d+),group=1 + type=match,pattern=v(\d+\.\d+),group=1 + type=match,pattern=v(\d+),group=1 + type=raw,value=latest + + - name: Rename meta bake definition file + run: | + mv "${{ steps.meta.outputs.bake-file }}" "${{ runner.temp }}/bake-meta.json" + + - name: Upload meta bake definition + uses: actions/upload-artifact@v4 + with: + name: bake-meta + path: ${{ runner.temp }}/bake-meta.json + if-no-files-found: error + retention-days: 1 + + build: + runs-on: ${{ matrix.platform == 'linux/arm64' && 'ubicloud-standard-16-arm-ubuntu-2404' || 'ubicloud-standard-16-ubuntu-2404' }} + needs: + - prepare + strategy: + fail-fast: false + matrix: + platform: ${{ fromJson(needs.prepare.outputs.matrix) }} + steps: + - name: Prepare + run: | + platform=${{ matrix.platform }} + echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + + - name: Download meta bake definition + uses: actions/download-artifact@v4 + with: + name: bake-meta + path: ${{ runner.temp }} + - name: Login to Github Packages uses: docker/login-action@v3 with: @@ -17,47 +76,72 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Set up QEMU - id: qemu uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build + id: bake + uses: docker/bake-action@v6 with: - image: tonistiigi/binfmt:latest - platforms: all + files: | + ./docker-bake.hcl + cwd://${{ runner.temp }}/bake-meta.json + targets: image + set: | + *.tags=${{ env.REGISTRY_IMAGE }} + *.platform=${{ matrix.platform }} + *.output=type=image,push-by-digest=true,name-canonical=true,push=true - - name: 🏗 Setup repo - uses: actions/checkout@v4 + - name: Export digest + run: | + mkdir -p ${{ runner.temp }}/digests + digest="${{ fromJSON(steps.bake.outputs.metadata).image['containerimage.digest'] }}" + touch "${{ runner.temp }}/digests/${digest#sha256:}" + + - name: Upload digest + uses: actions/upload-artifact@v4 with: - token: ${{ secrets.GITHUB_TOKEN }} - submodules: recursive + name: digests-${{ env.PLATFORM_PAIR }} + path: ${{ runner.temp }}/digests/* + if-no-files-found: error + retention-days: 1 - - name: Set up Docker Context for Buildx - run: docker context create builders + merge: + runs-on: ubicloud-standard-16-ubuntu-2404 + needs: + - build + steps: + - name: Download meta bake definition + uses: actions/download-artifact@v4 + with: + name: bake-meta + path: ${{ runner.temp }} - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + - name: Download digests + uses: actions/download-artifact@v4 with: - version: latest - endpoint: builders + path: ${{ runner.temp }}/digests + pattern: digests-* + merge-multiple: true - - name: Docker meta - id: nginx - uses: docker/metadata-action@v5 + - name: Login to Github Packages + uses: docker/login-action@v3 with: - images: ghcr.io/arxignis/nginx - tags: | - type=sha,format=short - type=match,pattern=v(\d+\.\d+\.\d+),group=1 - type=match,pattern=v(\d+\.\d+),group=1 - type=match,pattern=v(\d+),group=1 - type=raw,value=latest + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - - name: Build - uses: docker/build-push-action@v6 - id: build-image - with: - context: . - platforms: linux/arm64,linux/amd64 - push: true - tags: ${{ steps.nginx.outputs.tags }} - labels: ${{ steps.nginx.outputs.labels }} - cache-from: type=gha - cache-to: type=gha,mode=max + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Create manifest list and push + working-directory: ${{ runner.temp }}/digests + run: | + docker buildx imagetools create $(jq -cr '.target."docker-metadata-action".tags | map(select(startswith("${{ env.REGISTRY_IMAGE }}")) | "-t " + .) | join(" ")' ${{ runner.temp }}/bake-meta.json) \ + $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *) + + - name: Inspect image + run: | + docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:$(jq -r '.target."docker-metadata-action".args.DOCKER_META_VERSION' ${{ runner.temp }}/bake-meta.json) From e95fd696f04805f832d3466d801b4b6803ff6bac Mon Sep 17 00:00:00 2001 From: David Papp Date: Thu, 28 Aug 2025 14:03:32 +0200 Subject: [PATCH 4/4] chore: Update ARXIGNIS version to 1.2-1 and set working directory in Dockerfile --- Dockerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 66a2efd..c144073 100644 --- a/Dockerfile +++ b/Dockerfile @@ -292,7 +292,9 @@ CMD ["/usr/local/openresty/nginx/sbin/nginx", "-g", "daemon off;"] STOPSIGNAL SIGQUIT FROM openresty-builder AS runtime -ENV ARXIGNIS_VERSION="1.2-0" +ENV ARXIGNIS_VERSION="1.2-1" + +WORKDIR /etc/nginx RUN apk --no-cache add git \ && luarocks install lua-resty-arxignis ${ARXIGNIS_VERSION}