# Copyright 2024 RustFS Team # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. name: Docker Images on: push: tags: ["*.*.*"] branches: [main] paths-ignore: - "**.md" - "**.txt" - ".github/**" - "docs/**" - "deploy/**" - "scripts/dev_*.sh" - "LICENSE*" - "README*" - "**/*.png" - "**/*.jpg" - "**/*.svg" - ".gitignore" - ".dockerignore" pull_request: branches: [main] paths-ignore: - "**.md" - "**.txt" - ".github/**" - "docs/**" - "deploy/**" - "scripts/dev_*.sh" - "LICENSE*" - "README*" - "**/*.png" - "**/*.jpg" - "**/*.svg" - ".gitignore" - ".dockerignore" workflow_dispatch: inputs: push_images: description: "Push images to registries" required: false default: true type: boolean version: description: "Version to build (latest, main-latest, or specific version like v1.0.0 or dev-abc123)" required: false default: "main-latest" type: string force_rebuild: description: "Force rebuild even if binary exists (useful for testing)" required: false default: false type: boolean env: CARGO_TERM_COLOR: always REGISTRY_DOCKERHUB: rustfs/rustfs REGISTRY_GHCR: ghcr.io/${{ github.repository }} jobs: # Docker build strategy check build-check: name: Docker Build Check runs-on: ubuntu-latest outputs: should_build: ${{ steps.check.outputs.should_build }} should_push: ${{ steps.check.outputs.should_push }} build_type: ${{ steps.check.outputs.build_type }} version: ${{ steps.check.outputs.version }} short_sha: ${{ steps.check.outputs.short_sha }} is_prerelease: ${{ steps.check.outputs.is_prerelease }} create_latest: ${{ steps.check.outputs.create_latest }} steps: - name: Checkout repository uses: actions/checkout@v4 with: fetch-depth: 0 - name: Check build conditions id: check run: | should_build=false should_push=false build_type="none" version="" short_sha="" is_prerelease=false create_latest=false # Get short SHA for all builds short_sha=$(git rev-parse --short HEAD) # Always build on workflow_dispatch or when changes detected if [[ "${{ github.event_name }}" == "workflow_dispatch" ]] || \ [[ "${{ github.event_name }}" == "push" ]] || \ [[ "${{ github.event_name }}" == "pull_request" ]]; then should_build=true fi # Determine build type and version if [[ "${{ github.event_name }}" == "workflow_dispatch" ]] && [[ -n "${{ github.event.inputs.version }}" ]]; then # Manual trigger with version input input_version="${{ github.event.inputs.version }}" version="${input_version}" force_rebuild="${{ github.event.inputs.force_rebuild }}" echo "๐ŸŽฏ Manual Docker build triggered:" echo " ๐Ÿ“‹ Requested version: $input_version" echo " ๐Ÿ”ง Force rebuild: $force_rebuild" case "$input_version" in "latest") build_type="release" create_latest=true echo "๐Ÿš€ Building with latest stable release version" ;; "main-latest") build_type="development" version="main-latest" echo "๐Ÿ› ๏ธ Building with main branch latest development version" ;; v[0-9]*) build_type="release" create_latest=true echo "๐Ÿ“ฆ Building with specific release version: $input_version" ;; v*alpha*|v*beta*|v*rc*) build_type="prerelease" is_prerelease=true echo "๐Ÿงช Building with prerelease version: $input_version" ;; dev-[a-f0-9]*) build_type="development" echo "๐Ÿ”ง Building with specific development version: $input_version" ;; *) build_type="development" echo "๐Ÿ”ง Building with custom version: $input_version" echo "โš ๏ธ Warning: Custom version format may not follow standard patterns" ;; esac elif [[ "${{ startsWith(github.ref, 'refs/tags/') }}" == "true" ]]; then # Tag push - release or prerelease tag_name="${GITHUB_REF#refs/tags/}" version="${tag_name}" # Check if this is a prerelease if [[ "$tag_name" == *"alpha"* ]] || [[ "$tag_name" == *"beta"* ]] || [[ "$tag_name" == *"rc"* ]]; then build_type="prerelease" is_prerelease=true echo "๐Ÿš€ Docker prerelease build detected: $tag_name" else build_type="release" create_latest=true echo "๐Ÿ“ฆ Docker release build detected: $tag_name" fi elif [[ "${{ github.ref }}" == "refs/heads/main" ]]; then # Main branch push - development build build_type="development" version="dev-${short_sha}" echo "๐Ÿ› ๏ธ Docker development build detected" else # Other branches - development build build_type="development" version="dev-${short_sha}" echo "๐Ÿ”ง Docker development build detected" fi # Push only on main branch, tags, or manual trigger if [[ "${{ github.ref }}" == "refs/heads/main" ]] || \ [[ "${{ startsWith(github.ref, 'refs/tags/') }}" == "true" ]] || \ [[ "${{ github.event.inputs.push_images }}" == "true" ]]; then should_push=true fi echo "should_build=$should_build" >> $GITHUB_OUTPUT echo "should_push=$should_push" >> $GITHUB_OUTPUT echo "build_type=$build_type" >> $GITHUB_OUTPUT echo "version=$version" >> $GITHUB_OUTPUT echo "short_sha=$short_sha" >> $GITHUB_OUTPUT echo "is_prerelease=$is_prerelease" >> $GITHUB_OUTPUT echo "create_latest=$create_latest" >> $GITHUB_OUTPUT echo "๐Ÿณ Docker Build Summary:" echo " - Should build: $should_build" echo " - Should push: $should_push" echo " - Build type: $build_type" echo " - Version: $version" echo " - Short SHA: $short_sha" echo " - Is prerelease: $is_prerelease" echo " - Create latest: $create_latest" # Build multi-arch Docker images build-docker: name: Build Docker Images needs: build-check if: needs.build-check.outputs.should_build == 'true' runs-on: ubuntu-latest timeout-minutes: 60 strategy: fail-fast: false matrix: variant: - name: production dockerfile: Dockerfile platforms: linux/amd64,linux/arm64 - name: alpine dockerfile: .docker/alpine/Dockerfile.prebuild platforms: linux/amd64,linux/arm64 - name: alpine-source dockerfile: .docker/alpine/Dockerfile.source platforms: linux/amd64,linux/arm64 - name: ubuntu dockerfile: .docker/ubuntu/Dockerfile.prebuild platforms: linux/amd64,linux/arm64 - name: ubuntu-source dockerfile: .docker/ubuntu/Dockerfile.source platforms: linux/amd64,linux/arm64 steps: - name: Checkout repository uses: actions/checkout@v4 - name: Login to Docker Hub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} scopes: repository:rustfs/rustfs:pull,push - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Extract metadata and generate tags id: meta run: | BUILD_TYPE="${{ needs.build-check.outputs.build_type }}" VERSION="${{ needs.build-check.outputs.version }}" SHORT_SHA="${{ needs.build-check.outputs.short_sha }}" CREATE_LATEST="${{ needs.build-check.outputs.create_latest }}" VARIANT="${{ matrix.variant.name }}" # Generate tags based on build type TAGS="" if [[ "$BUILD_TYPE" == "development" ]]; then # Development build: dev-${short_sha}-${variant} and dev-${variant} TAGS="${{ env.REGISTRY_DOCKERHUB }}:dev-${SHORT_SHA}-${VARIANT}" TAGS="$TAGS,${{ env.REGISTRY_GHCR }}:dev-${SHORT_SHA}-${VARIANT}" # Add rolling dev tag for each variant TAGS="$TAGS,${{ env.REGISTRY_DOCKERHUB }}:dev-${VARIANT}" TAGS="$TAGS,${{ env.REGISTRY_GHCR }}:dev-${VARIANT}" # Special handling for production variant if [[ "$VARIANT" == "production" ]]; then TAGS="$TAGS,${{ env.REGISTRY_DOCKERHUB }}:dev-${SHORT_SHA}" TAGS="$TAGS,${{ env.REGISTRY_GHCR }}:dev-${SHORT_SHA}" TAGS="$TAGS,${{ env.REGISTRY_DOCKERHUB }}:dev" TAGS="$TAGS,${{ env.REGISTRY_GHCR }}:dev" fi else # Release/Prerelease build: ${version}-${variant} TAGS="${{ env.REGISTRY_DOCKERHUB }}:${VERSION}-${VARIANT}" TAGS="$TAGS,${{ env.REGISTRY_GHCR }}:${VERSION}-${VARIANT}" # Special handling for production variant - create main version tag if [[ "$VARIANT" == "production" ]]; then TAGS="$TAGS,${{ env.REGISTRY_DOCKERHUB }}:${VERSION}" TAGS="$TAGS,${{ env.REGISTRY_GHCR }}:${VERSION}" fi # Add channel tags for prereleases and latest for stable if [[ "$CREATE_LATEST" == "true" ]]; then # Stable release if [[ "$VARIANT" == "production" ]]; then TAGS="$TAGS,${{ env.REGISTRY_DOCKERHUB }}:latest" TAGS="$TAGS,${{ env.REGISTRY_GHCR }}:latest" else TAGS="$TAGS,${{ env.REGISTRY_DOCKERHUB }}:latest-${VARIANT}" TAGS="$TAGS,${{ env.REGISTRY_GHCR }}:latest-${VARIANT}" fi elif [[ "$BUILD_TYPE" == "prerelease" ]]; then # Prerelease channel tags (alpha, beta, rc) if [[ "$VERSION" == *"alpha"* ]]; then CHANNEL="alpha" elif [[ "$VERSION" == *"beta"* ]]; then CHANNEL="beta" elif [[ "$VERSION" == *"rc"* ]]; then CHANNEL="rc" fi if [[ -n "$CHANNEL" ]]; then if [[ "$VARIANT" == "production" ]]; then TAGS="$TAGS,${{ env.REGISTRY_DOCKERHUB }}:${CHANNEL}" TAGS="$TAGS,${{ env.REGISTRY_GHCR }}:${CHANNEL}" else TAGS="$TAGS,${{ env.REGISTRY_DOCKERHUB }}:${CHANNEL}-${VARIANT}" TAGS="$TAGS,${{ env.REGISTRY_GHCR }}:${CHANNEL}-${VARIANT}" fi fi fi fi # Output tags echo "tags=$TAGS" >> $GITHUB_OUTPUT # Generate labels LABELS="org.opencontainers.image.title=RustFS" LABELS="$LABELS,org.opencontainers.image.description=RustFS distributed object storage system" LABELS="$LABELS,org.opencontainers.image.version=$VERSION" LABELS="$LABELS,org.opencontainers.image.revision=${{ github.sha }}" LABELS="$LABELS,org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}" LABELS="$LABELS,org.opencontainers.image.created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" LABELS="$LABELS,org.opencontainers.image.variant=$VARIANT" LABELS="$LABELS,org.opencontainers.image.build-type=$BUILD_TYPE" echo "labels=$LABELS" >> $GITHUB_OUTPUT echo "๐Ÿณ Generated Docker tags:" echo "$TAGS" | tr ',' '\n' | sed 's/^/ - /' echo "๐Ÿ“‹ Build type: $BUILD_TYPE" echo "๐Ÿ”– Version: $VERSION" - name: Build and push Docker image uses: docker/build-push-action@v6 with: context: . file: ${{ matrix.variant.dockerfile }} platforms: ${{ matrix.variant.platforms }} push: ${{ needs.build-check.outputs.should_push == 'true' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: | type=gha,scope=docker-${{ matrix.variant.name }} type=registry,ref=${{ env.REGISTRY_GHCR }}:buildcache-${{ matrix.variant.name }} cache-to: | type=gha,mode=max,scope=docker-${{ matrix.variant.name }} type=registry,ref=${{ env.REGISTRY_GHCR }}:buildcache-${{ matrix.variant.name }},mode=max build-args: | BUILDTIME=$(date -u +'%Y-%m-%dT%H:%M:%SZ') VERSION=${{ needs.build-check.outputs.version }} BUILD_TYPE=${{ needs.build-check.outputs.build_type }} REVISION=${{ github.sha }} BUILDKIT_INLINE_CACHE=1 # Enable advanced BuildKit features for better performance provenance: false sbom: false # Add retry mechanism by splitting the build process no-cache: false pull: true # Create manifest for main production image (only for stable releases) create-manifest: name: Create Manifest needs: [build-check, build-docker] if: needs.build-check.outputs.should_push == 'true' && needs.build-check.outputs.create_latest == 'true' && needs.build-check.outputs.build_type == 'release' runs-on: ubuntu-latest steps: - name: Login to Docker Hub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Create and push manifest run: | VERSION="${{ needs.build-check.outputs.version }}" echo "๐Ÿณ Creating manifest for stable release: $VERSION" # Create main image tag (without variant suffix) for stable releases only # Note: The "production" variant already creates the main tags without suffix echo "Manifest creation is handled by the production variant build step" echo "Main tags ${VERSION} and latest are created directly by the production variant" echo "โœ… Manifest created successfully for stable release" # Docker build summary docker-summary: name: Docker Build Summary needs: [build-check, build-docker] if: always() && needs.build-check.outputs.should_build == 'true' runs-on: ubuntu-latest steps: - name: Docker build completion summary run: | BUILD_TYPE="${{ needs.build-check.outputs.build_type }}" VERSION="${{ needs.build-check.outputs.version }}" CREATE_LATEST="${{ needs.build-check.outputs.create_latest }}" echo "๐Ÿณ Docker build completed successfully!" echo "๐Ÿ“ฆ Build type: $BUILD_TYPE" echo "๐Ÿ”ข Version: $VERSION" echo "" case "$BUILD_TYPE" in "development") echo "๐Ÿ› ๏ธ Development Docker images have been built with dev-${VERSION} tags" echo "โš ๏ธ These are development images - not suitable for production use" ;; "release") echo "๐Ÿš€ Release Docker images have been built with v${VERSION} tags" echo "โœ… These images are ready for production use" if [[ "$CREATE_LATEST" == "true" ]]; then echo "๐Ÿท๏ธ Latest tags have been created for stable release" fi ;; "prerelease") echo "๐Ÿงช Prerelease Docker images have been built with v${VERSION} tags" echo "โš ๏ธ These are prerelease images - use with caution" echo "๐Ÿšซ Latest tags NOT created for prerelease" ;; esac