# Copyright 2024 RustFS Team # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Docker Images Workflow # # This workflow builds Docker images using pre-built binaries from the build workflow. # # Trigger Types: # 1. workflow_run: Automatically triggered when "Build and Release" workflow completes # 2. workflow_dispatch: Manual trigger for standalone Docker builds # # Key Features: # - Only triggers when Linux builds (x86_64 + aarch64) are successful # - Independent of macOS/Windows build status # - Uses workflow_run event for precise control name: Docker Images # Permissions needed for workflow_run event and Docker registry access permissions: contents: read packages: write on: # Automatically triggered when build workflow completes workflow_run: workflows: ["Build and Release"] types: [completed] branches: [main] # Manual trigger with same parameters for consistency workflow_dispatch: inputs: push_images: description: "Push images to registries" required: false default: true type: boolean version: description: "Version to build (latest, main-latest, dev-latest, or specific version like v1.0.0 or dev-abc123)" required: false default: "main-latest" type: string force_rebuild: description: "Force rebuild even if binary exists (useful for testing)" required: false default: false type: boolean env: DOCKERHUB_USERNAME: rustfs CARGO_TERM_COLOR: always REGISTRY_DOCKERHUB: rustfs/rustfs REGISTRY_GHCR: ghcr.io/${{ github.repository }} DOCKER_PLATFORMS: linux/amd64,linux/arm64 jobs: # Check if we should build Docker images build-check: name: Docker Build Check runs-on: ubuntu-latest outputs: should_build: ${{ steps.check.outputs.should_build }} should_push: ${{ steps.check.outputs.should_push }} build_type: ${{ steps.check.outputs.build_type }} version: ${{ steps.check.outputs.version }} short_sha: ${{ steps.check.outputs.short_sha }} is_prerelease: ${{ steps.check.outputs.is_prerelease }} create_latest: ${{ steps.check.outputs.create_latest }} steps: - name: Checkout repository uses: actions/checkout@v4 with: fetch-depth: 0 - name: Check build conditions id: check run: | should_build=false should_push=false build_type="none" version="" short_sha="" is_prerelease=false create_latest=false if [[ "${{ github.event_name }}" == "workflow_run" ]]; then # Triggered by build workflow completion echo "๐Ÿ”— Triggered by build workflow completion" # Check if the triggering workflow was successful # If the workflow succeeded, it means ALL builds (including Linux x86_64 and aarch64) succeeded if [[ "${{ github.event.workflow_run.conclusion }}" == "success" ]]; then echo "โœ… Build workflow succeeded, all builds including Linux are successful" should_build=true should_push=true else echo "โŒ Build workflow failed (conclusion: ${{ github.event.workflow_run.conclusion }}), skipping Docker build" should_build=false fi # Extract version info from commit message or use commit SHA short_sha=$(echo "${{ github.event.workflow_run.head_sha }}" | cut -c1-7) # Determine build type based on branch and commit if [[ "${{ github.event.workflow_run.head_branch }}" == "main" ]]; then build_type="development" version="dev-${short_sha}" elif [[ "${{ github.event.workflow_run.event }}" == "push" ]] && [[ "${{ github.event.workflow_run.head_branch }}" =~ ^refs/tags/ ]]; then # Tag push tag_name="${{ github.event.workflow_run.head_branch }}" version="${tag_name#refs/tags/}" if [[ "$version" == *"alpha"* ]] || [[ "$version" == *"beta"* ]] || [[ "$version" == *"rc"* ]]; then build_type="prerelease" is_prerelease=true else build_type="release" create_latest=true fi else build_type="development" version="dev-${short_sha}" fi echo "๐Ÿ”„ Build triggered by workflow_run:" echo " ๐Ÿ“‹ Conclusion: ${{ github.event.workflow_run.conclusion }}" echo " ๐ŸŒฟ Branch: ${{ github.event.workflow_run.head_branch }}" echo " ๐Ÿ“Ž SHA: ${{ github.event.workflow_run.head_sha }}" echo " ๐ŸŽฏ Event: ${{ github.event.workflow_run.event }}" elif [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then # Manual trigger input_version="${{ github.event.inputs.version }}" version="${input_version}" should_push="${{ github.event.inputs.push_images }}" should_build=true # Get short SHA short_sha=$(git rev-parse --short HEAD) echo "๐ŸŽฏ Manual Docker build triggered:" echo " ๐Ÿ“‹ Requested version: $input_version" echo " ๐Ÿ”ง Force rebuild: ${{ github.event.inputs.force_rebuild }}" echo " ๐Ÿš€ Push images: $should_push" case "$input_version" in "latest") build_type="release" create_latest=true echo "๐Ÿš€ Building with latest stable release version" ;; "main-latest") build_type="development" version="main-latest" echo "๐Ÿ› ๏ธ Building with main branch latest development version" ;; "dev-latest") build_type="development" version="dev-latest" echo "๐Ÿ› ๏ธ Building with development latest version" ;; v[0-9]*) build_type="release" create_latest=true echo "๐Ÿ“ฆ Building with specific release version: $input_version" ;; v*alpha*|v*beta*|v*rc*) build_type="prerelease" is_prerelease=true echo "๐Ÿงช Building with prerelease version: $input_version" ;; dev-[a-f0-9]*) build_type="development" echo "๐Ÿ”ง Building with specific development version: $input_version" ;; *) build_type="development" echo "๐Ÿ”ง Building with custom version: $input_version" echo "โš ๏ธ Warning: Custom version format may not follow standard patterns" ;; esac fi echo "should_build=$should_build" >> $GITHUB_OUTPUT echo "should_push=$should_push" >> $GITHUB_OUTPUT echo "build_type=$build_type" >> $GITHUB_OUTPUT echo "version=$version" >> $GITHUB_OUTPUT echo "short_sha=$short_sha" >> $GITHUB_OUTPUT echo "is_prerelease=$is_prerelease" >> $GITHUB_OUTPUT echo "create_latest=$create_latest" >> $GITHUB_OUTPUT echo "๐Ÿณ Docker Build Summary:" echo " - Should build: $should_build" echo " - Should push: $should_push" echo " - Build type: $build_type" echo " - Version: $version" echo " - Short SHA: $short_sha" echo " - Is prerelease: $is_prerelease" echo " - Create latest: $create_latest" # Build multi-arch Docker images # Strategy: Build images using pre-built binaries from dl.rustfs.com # Supports both release and dev channel binaries based on build context # Only runs when should_build is true (which includes workflow success check) build-docker: name: Build Docker Images needs: build-check if: needs.build-check.outputs.should_build == 'true' runs-on: ubuntu-latest timeout-minutes: 60 steps: - name: Checkout repository uses: actions/checkout@v4 - name: Login to Docker Hub uses: docker/login-action@v3 with: username: ${{ env.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} scopes: repository:rustfs/rustfs:pull,push # - name: Login to GitHub Container Registry # uses: docker/login-action@v3 # with: # registry: ghcr.io # username: ${{ github.actor }} # password: ${{ secrets.GITHUB_TOKEN }} - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Extract metadata and generate tags id: meta run: | BUILD_TYPE="${{ needs.build-check.outputs.build_type }}" VERSION="${{ needs.build-check.outputs.version }}" SHORT_SHA="${{ needs.build-check.outputs.short_sha }}" CREATE_LATEST="${{ needs.build-check.outputs.create_latest }}" # Generate tags based on build type TAGS="" if [[ "$BUILD_TYPE" == "development" ]]; then # Development build: dev-${short_sha} and dev TAGS="${{ env.REGISTRY_DOCKERHUB }}:dev-${SHORT_SHA}" TAGS="$TAGS,${{ env.REGISTRY_DOCKERHUB }}:dev" else # Release/Prerelease build: ${version} TAGS="${{ env.REGISTRY_DOCKERHUB }}:${VERSION}" # Add channel tags for prereleases and latest for stable if [[ "$CREATE_LATEST" == "true" ]]; then # Stable release TAGS="$TAGS,${{ env.REGISTRY_DOCKERHUB }}:latest" elif [[ "$BUILD_TYPE" == "prerelease" ]]; then # Prerelease channel tags (alpha, beta, rc) if [[ "$VERSION" == *"alpha"* ]]; then CHANNEL="alpha" elif [[ "$VERSION" == *"beta"* ]]; then CHANNEL="beta" elif [[ "$VERSION" == *"rc"* ]]; then CHANNEL="rc" fi if [[ -n "$CHANNEL" ]]; then TAGS="$TAGS,${{ env.REGISTRY_DOCKERHUB }}:${CHANNEL}" fi fi fi # Output tags echo "tags=$TAGS" >> $GITHUB_OUTPUT # Generate labels LABELS="org.opencontainers.image.title=RustFS" LABELS="$LABELS,org.opencontainers.image.description=RustFS distributed object storage system" LABELS="$LABELS,org.opencontainers.image.version=$VERSION" LABELS="$LABELS,org.opencontainers.image.revision=${{ github.sha }}" LABELS="$LABELS,org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}" LABELS="$LABELS,org.opencontainers.image.created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" LABELS="$LABELS,org.opencontainers.image.build-type=$BUILD_TYPE" echo "labels=$LABELS" >> $GITHUB_OUTPUT echo "๐Ÿณ Generated Docker tags:" echo "$TAGS" | tr ',' '\n' | sed 's/^/ - /' echo "๐Ÿ“‹ Build type: $BUILD_TYPE" echo "๐Ÿ”– Version: $VERSION" - name: Build and push Docker image uses: docker/build-push-action@v6 with: context: . file: Dockerfile platforms: ${{ env.DOCKER_PLATFORMS }} push: ${{ needs.build-check.outputs.should_push == 'true' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: | type=gha,scope=docker-binary cache-to: | type=gha,mode=max,scope=docker-binary build-args: | BUILDTIME=$(date -u +'%Y-%m-%dT%H:%M:%SZ') VERSION=${{ needs.build-check.outputs.version }} BUILD_TYPE=${{ needs.build-check.outputs.build_type }} REVISION=${{ github.sha }} RELEASE=${{ needs.build-check.outputs.version }} BUILDKIT_INLINE_CACHE=1 # Enable advanced BuildKit features for better performance provenance: false sbom: false # Add retry mechanism by splitting the build process no-cache: false pull: true # Note: Manifest creation is no longer needed as we only build one variant # Multi-arch manifests are automatically created by docker/build-push-action # Docker build summary docker-summary: name: Docker Build Summary needs: [build-check, build-docker] if: always() && needs.build-check.outputs.should_build == 'true' runs-on: ubuntu-latest steps: - name: Docker build completion summary run: | BUILD_TYPE="${{ needs.build-check.outputs.build_type }}" VERSION="${{ needs.build-check.outputs.version }}" CREATE_LATEST="${{ needs.build-check.outputs.create_latest }}" echo "๐Ÿณ Docker build completed successfully!" echo "๐Ÿ“ฆ Build type: $BUILD_TYPE" echo "๐Ÿ”ข Version: $VERSION" echo "๐Ÿš€ Strategy: Images using pre-built binaries (supports both release and dev channels)" echo "" case "$BUILD_TYPE" in "development") echo "๐Ÿ› ๏ธ Development Docker image has been built with dev-${VERSION} tags" echo "โš ๏ธ This is a development image - not suitable for production use" ;; "release") echo "๐Ÿš€ Release Docker image has been built with ${VERSION} tags" echo "โœ… This image is ready for production use" if [[ "$CREATE_LATEST" == "true" ]]; then echo "๐Ÿท๏ธ Latest tag has been created for stable release" fi ;; "prerelease") echo "๐Ÿงช Prerelease Docker image has been built with ${VERSION} tags" echo "โš ๏ธ This is a prerelease image - use with caution" echo "๐Ÿšซ Latest tag NOT created for prerelease" ;; esac