diff --git a/.github/workflows/addon-ci.yaml b/.github/workflows/addon-ci.yaml new file mode 100644 index 0000000..7850a96 --- /dev/null +++ b/.github/workflows/addon-ci.yaml @@ -0,0 +1,209 @@ +--- +name: CI + +# yamllint disable-line rule:truthy +on: + workflow_call: + inputs: + slug: + description: Overrides the detected slug + required: false + type: string + +jobs: + information: + name: Gather add-on information + runs-on: ubuntu-latest + outputs: + architectures: ${{ steps.information.outputs.architectures }} + base_image_signer: ${{ steps.information.outputs.codenotary_base_image }} + build: ${{ steps.information.outputs.build }} + description: ${{ steps.information.outputs.description }} + name: ${{ steps.information.outputs.name }} + slug: ${{ steps.override.outputs.slug }} + target: ${{ steps.information.outputs.target }} + steps: + - name: โคต๏ธ Check out code from GitHub + uses: actions/checkout@v3 + - name: ๐Ÿš€ Run add-on information action + id: information + uses: frenck/action-addon-information@v1.4.0 + - name: ๐Ÿš€ Process possible slug override + id: override + run: | + slug="${{ steps.information.outputs.slug }}" + if [[ ! -z "${{ inputs.slug }}" ]]; then + slug="${{ inputs.slug }}" + fi + echo "::set-output name=slug::$slug" + + lint-addon: + name: Lint Add-on + needs: + - information + runs-on: ubuntu-latest + steps: + - name: โคต๏ธ Check out code from GitHub + uses: actions/checkout@v3 + - name: ๐Ÿš€ Run Add-on Lint + uses: frenck/action-addon-linter@v2.9.0 + with: + community: true + path: "./${{ needs.information.outputs.target }}" + + lint-hadolint: + name: Hadolint + needs: + - information + runs-on: ubuntu-latest + steps: + - name: โคต๏ธ Check out code from GitHub + uses: actions/checkout@v3 + - name: ๐Ÿš€ Run Hadolint + uses: brpaz/hadolint-action@v1.5.0 + with: + dockerfile: "./${{ needs.information.outputs.target }}/Dockerfile" + + lint-json: + name: JSON Lint + runs-on: ubuntu-latest + steps: + - name: โคต๏ธ Check out code from GitHub + uses: actions/checkout@v3 + - name: ๐Ÿš€ Run JQ + run: | + shopt -s globstar + cat **/*.json | jq '.' + + lint-markdown: + name: MarkdownLint + runs-on: ubuntu-latest + steps: + - name: โคต๏ธ Check out code from GitHub + uses: actions/checkout@v3 + - name: ๐Ÿš€ Run mdl + uses: actionshub/markdownlint@2.0.2 + + lint-shellcheck: + name: Shellcheck + runs-on: ubuntu-latest + steps: + - name: โคต๏ธ Check out code from GitHub + uses: actions/checkout@v3 + - name: ๐Ÿš€ Run Shellcheck + uses: ludeeus/action-shellcheck@1.1.0 + env: + SHELLCHECK_OPTS: -s bash + + lint-yamllint: + name: YAMLLint + runs-on: ubuntu-latest + steps: + - name: โคต๏ธ Check out code from GitHub + uses: actions/checkout@v3 + - name: ๐Ÿš€ Run YAMLLint + uses: frenck/action-yamllint@v1.2 + + lint-prettier: + name: Prettier + runs-on: ubuntu-latest + steps: + - name: โคต๏ธ Check out code from GitHub + uses: actions/checkout@v3 + - name: ๐Ÿš€ Run Prettier + uses: creyD/prettier_action@v4.2 + with: + prettier_options: --write **/*.{json,js,md,yaml} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + build: + name: Build ${{ matrix.architecture }} + needs: + - information + - lint-addon + - lint-hadolint + - lint-json + - lint-markdown + - lint-prettier + - lint-shellcheck + - lint-yamllint + runs-on: ubuntu-latest + strategy: + matrix: + architecture: ${{ fromJson(needs.information.outputs.architectures) }} + steps: + - name: โคต๏ธ Check out code from GitHub + uses: actions/checkout@v3 + - name: ๐Ÿ— Set up build cache + id: cache + uses: actions/cache@v3.0.5 + with: + path: /tmp/.docker-cache + key: docker-${{ matrix.architecture }}-${{ github.sha }} + restore-keys: | + docker-${{ matrix.architecture }} + - name: ๐Ÿ— Set up QEMU + uses: docker/setup-qemu-action@v2.0.0 + - name: ๐Ÿ— Set up Docker Buildx + uses: docker/setup-buildx-action@v2.0.0 + - name: ๐Ÿ— Set up Codenotary Community Attestation Service (CAS) + uses: frenck/action-setup-cas@v0.1.0 + - name: โ„น๏ธ Compose build flags + id: flags + run: | + echo "::set-output name=date::$(date +"%Y-%m-%dT%H:%M:%SZ")" + from=$(yq --no-colors eval ".build_from.${{ matrix.architecture }}" "${{ needs.information.outputs.build }}") + echo "::set-output name=from::${from}" + + if [[ "${{ matrix.architecture}}" = "amd64" ]]; then + echo "::set-output name=platform::linux/amd64" + elif [[ "${{ matrix.architecture }}" = "i386" ]]; then + echo "::set-output name=platform::linux/386" + elif [[ "${{ matrix.architecture }}" = "armhf" ]]; then + echo "::set-output name=platform::linux/arm/v6" + elif [[ "${{ matrix.architecture }}" = "armv7" ]]; then + echo "::set-output name=platform::linux/arm/v7" + elif [[ "${{ matrix.architecture }}" = "aarch64" ]]; then + echo "::set-output name=platform::linux/arm64/v8" + else + echo "::error ::Could not determine platform for architecture ${{ matrix.architecture }}" + exit 1 + fi + - name: โคต๏ธ Download base image + if: steps.flags.outputs.from != 'null' + run: docker pull "${{ steps.flags.outputs.from }}" + - name: โœ… Verify authenticity of base image + if: steps.flags.outputs.from != 'null' && needs.information.outputs.base_image_signer != 'null' + run: | + cas authenticate \ + --signerID "${{ needs.information.outputs.base_image_signer }}" \ + "docker://${{ steps.flags.outputs.from }}" + - name: ๐Ÿš€ Build + uses: docker/build-push-action@v3.1.0 + with: + push: false + context: ${{ needs.information.outputs.target }} + file: ${{ needs.information.outputs.target }}/Dockerfile + cache-from: | + type=local,src=/tmp/.docker-cache + ghcr.io/${{ github.repository_owner }}/${{ needs.information.outputs.slug }}/${{ matrix.architecture }}:edge + cache-to: type=local,mode=max,dest=/tmp/.docker-cache-new + platforms: ${{ steps.flags.outputs.platform }} + build-args: | + BUILD_ARCH=${{ matrix.architecture }} + BUILD_DATE=${{ steps.flags.outputs.date }} + BUILD_DESCRIPTION=${{ needs.information.outputs.description }} + BUILD_FROM=${{ steps.flags.outputs.from }} + BUILD_NAME=${{ needs.information.outputs.name }} + BUILD_REF=${{ github.sha }} + BUILD_REPOSITORY=${{ github.repository }} + BUILD_VERSION=edge + # This ugly bit is necessary, or our cache will grow forever... + # Well until we hit GitHub's limit of 5GB :) + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + - name: ๐Ÿšš Swap build cache + run: | + rm -rf /tmp/.docker-cache + mv /tmp/.docker-cache-new /tmp/.docker-cache