pre-commit-terraform/.github/workflows/build-image-test.yaml at dea6ba17ce06344fc9d929ce2a7677692d4e2910 · antonbabenko/pre-commit-terraform · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
name: Build Dockerfile if changed and run smoke tests

on:
  merge_group:
  pull_request:

permissions:
  contents: read

env:
  IMAGE_TAG: pr-test

jobs:
  build:
    permissions:
      # for MaxymVlasov/dive-action to write comments to PRs
      pull-requests: write

    strategy:
      matrix:
        arch:
        - amd64
        - arm64
        include:
        - os-name: Ubuntu x64
          os: ubuntu-latest
          arch: amd64

        - os-name: Ubuntu ARM
          os: ubuntu-24.04-arm
          arch: arm64

    name: ${{ matrix.os-name }}
    runs-on: ${{ matrix.os }}
    steps:
    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
      with:
        fetch-depth: 0
        persist-credentials: false

    - name: Get changed Docker related files
      id: changed-files-specific
      uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c  # v46.0.5
      with:
        files: |
          .dockerignore
          .github/workflows/build-image-test.yaml
          Dockerfile
          tools/entrypoint.sh
          tools/install/*.sh

    - name: Set IMAGE environment variable
      if: steps.changed-files-specific.outputs.any_changed == 'true'
      # Lowercase the org/repo name to allow for workflow to run in forks,
      # which owners have uppercase letters in username
      run: >-
        echo "IMAGE=ghcr.io/${GITHUB_REPOSITORY@L}:${{ env.IMAGE_TAG }}"
        >> $GITHUB_ENV

    - name: Set up Docker Buildx
      uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2  # v3.10.0
      if: steps.changed-files-specific.outputs.any_changed == 'true'

    - name: Build if Dockerfile changed
      if: steps.changed-files-specific.outputs.any_changed == 'true'
      uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83  # v6.18.0
      with:
        context: .
        build-args: |
          INSTALL_ALL=true
        push: false
        load: true
        tags: ${{ env.IMAGE }}
        # Fix multi-platform: https://github.com/docker/buildx/issues/1533
        provenance: false
        secrets: |
          "github_token=${{ secrets.GITHUB_TOKEN }}"

    - name: Setup Container Structure Tests
      if: steps.changed-files-specific.outputs.any_changed == 'true'
      env:
        # yamllint disable-line rule:line-length
        # renovate: datasource=github-releases depName=container-structure-test lookupName=GoogleContainerTools/container-structure-test
        CST_VERSION: 1.19.3
        CST_REPO: github.com/GoogleContainerTools/container-structure-test
      run: >-
        curl -L "https://${{ env.CST_REPO }}/releases/download/v${{
        env.CST_VERSION }}/container-structure-test-linux-${{ matrix.arch }}"
        > container-structure-test
        && chmod +x container-structure-test
        && mkdir -p $HOME/bin/
        && mv container-structure-test $HOME/bin/
        && echo $HOME/bin/ >> $GITHUB_PATH

    - name: Run structure tests
      if: steps.changed-files-specific.outputs.any_changed == 'true'
      run: >-
        container-structure-test test
        --config ${{ github.workspace
        }}/.github/.container-structure-test-config.yaml
        --image ${{ env.IMAGE }}

    - name: Dive - check image for waste files
      if: steps.changed-files-specific.outputs.any_changed == 'true'
      uses: MaxymVlasov/dive-action@43dafd0015826beaca5110157c9262c5dc10672a  # v1.4.0
      with:
        image: ${{ env.IMAGE }}
        config-file: ${{ github.workspace }}/.github/.dive-ci.yaml
        github-token: ${{ secrets.GITHUB_TOKEN }}

    # Can't build both platforms and use --load at the same time
    # https://github.com/docker/buildx/issues/59#issuecomment-1433097926
    - name: Build Multi-arch docker-image
      if: >-
        steps.changed-files-specific.outputs.any_changed == 'true'
        && matrix.os == 'ubuntu-latest'
      uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83  # v6.18.0
      with:
        context: .
        build-args: |
          INSTALL_ALL=true
        platforms: linux/amd64,linux/arm64
        push: false
        tags: ${{ env.IMAGE }}
        # Fix multi-platform: https://github.com/docker/buildx/issues/1533
        provenance: false
        secrets: |
          "github_token=${{ secrets.GITHUB_TOKEN }}"