hailey.at / cocoon
An atproto PDS written in Go
fork atom

Create multiplatform image, add curl to image for healthcheck (#45)

authored by Aadi Desai and committed by GitHub 113ced56 3bff74e0

options
unified split
Changed files
+57 -9
.github
workflows
docker-image.yml
Dockerfile
+56 -8
.github/workflows/docker-image.yml
··· 14 14 15 15 jobs: 16 16 build-and-push-image: 17 - runs-on: ubuntu-latest 17 + strategy: 18 + matrix: 19 + include: 20 + - arch: amd64 21 + runner: ubuntu-latest 22 + - arch: arm64 23 + runner: ubuntu-24.04-arm 24 + runs-on: ${{ matrix.runner }} 18 25 # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job. 19 26 permissions: 20 27 contents: read 21 28 packages: write 22 29 attestations: write 23 30 id-token: write 24 - # 31 + outputs: 32 + digest-amd64: ${{ matrix.arch == 'amd64' && steps.push.outputs.digest || '' }} 33 + digest-arm64: ${{ matrix.arch == 'arm64' && steps.push.outputs.digest || '' }} 25 34 steps: 26 35 - name: Checkout repository 27 36 uses: actions/checkout@v4 ··· 41 50 with: 42 51 images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} 43 52 tags: | 44 - type=raw,value=latest,enable={{is_default_branch}} 45 - type=sha 46 - type=sha,format=long 47 - type=semver,pattern={{version}} 48 - type=semver,pattern={{major}}.{{minor}} 53 + type=raw,value=latest,enable={{is_default_branch}},suffix=-${{ matrix.arch }} 54 + type=sha,suffix=-${{ matrix.arch }} 55 + type=sha,format=long,suffix=-${{ matrix.arch }} 56 + type=semver,pattern={{version}},suffix=-${{ matrix.arch }} 57 + type=semver,pattern={{major}}.{{minor}},suffix=-${{ matrix.arch }} 49 58 50 59 # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages. 51 60 # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository. ··· 59 68 tags: ${{ steps.meta.outputs.tags }} 60 69 labels: ${{ steps.meta.outputs.labels }} 61 70 71 + publish-manifest: 72 + needs: build-and-push-image 73 + runs-on: ubuntu-latest 74 + permissions: 75 + packages: write 76 + attestations: write 77 + id-token: write 78 + steps: 79 + - name: Log in to the Container registry 80 + uses: docker/login-action@v3 81 + with: 82 + registry: ${{ env.REGISTRY }} 83 + username: ${{ github.actor }} 84 + password: ${{ secrets.GITHUB_TOKEN }} 85 + 86 + - name: Extract metadata (tags, labels) for Docker 87 + id: meta 88 + uses: docker/metadata-action@v5 89 + with: 90 + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} 91 + tags: | 92 + type=raw,value=latest,enable={{is_default_branch}} 93 + type=sha 94 + type=sha,format=long 95 + type=semver,pattern={{version}} 96 + type=semver,pattern={{major}}.{{minor}} 97 + 98 + - name: Create and push manifest 99 + run: | 100 + # Split tags into an array 101 + readarray -t tags <<< "${{ steps.meta.outputs.tags }}" 102 + 103 + # Create and push manifest for each tag 104 + for tag in "${tags[@]}"; do 105 + docker buildx imagetools create -t "$tag" \ 106 + "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ needs.build-and-push-image.outputs.digest-amd64 }}" \ 107 + "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ needs.build-and-push-image.outputs.digest-arm64 }}" 108 + done 109 + 62 110 # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see "[AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)." 63 111 - name: Generate artifact attestation 64 112 uses: actions/attest-build-provenance@v1 65 113 with: 66 114 subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} 67 - subject-digest: ${{ steps.push.outputs.digest }} 115 + subject-digest: ${{ needs.build-and-push-image.outputs.digest-amd64 }} 68 116 push-to-registry: true
+1 -1
Dockerfile
··· 11 11 ### Run stage 12 12 FROM debian:bookworm-slim AS run 13 13 14 - RUN apt-get update && apt-get install -y dumb-init runit ca-certificates && rm -rf /var/lib/apt/lists/* 14 + RUN apt-get update && apt-get install -y dumb-init runit ca-certificates curl && rm -rf /var/lib/apt/lists/* 15 15 ENTRYPOINT ["dumb-init", "--"] 16 16 17 17 WORKDIR /