on: push: branches: - 'main' env: RAILS_SERVE_STATIC_FILES: 'true' RAILS_ENV: 'production' NODE_ENV: 'production' GIT_BRANCH: 'asonix/downstream' GIT_REPOSITORY: 'asonix/mastodon' GIT_HOST: 'https://git.asonix.dog' REGISTRY_IMAGE: 'asonix/mastodon' MASTODON_VERSION: 'v4.2.7' REVISION: '1' jobs: build-assets: runs-on: base-image steps: - name: Clone mastodon uses: https://github.com/actions/checkout@v4 with: repository: ${{ env.GIT_REPOSITORY }} ref: ${{ env.GIT_BRANCH }} - name: Install Ruby run: | apt-get -y install ruby-full libidn-dev gem install bundler - name: Configure Bundler run: | bundle config set --local deployment true bundle config set --local without 'development test' bundle config set --local path vendor/bundle bundle config set silence_root_warning true - name: Fetch gem cache id: gem-cache uses: https://github.com/actions/cache/restore@v4 with: path: | vendor/bundle/ key: gem-${{ hashFiles('Gemfile') }}-${{ hashFiles('Gemfile.lock') }} - name: Install gems if: steps.gem-cache.outputs.cache-hit != 'true' run: | bundle install -j$(nproc) - name: Save gem cache if: steps.gem-cache.outputs.cache-hit != 'true' uses: https://github.com/actions/cache/save@v4 with: path: | vendor/bundle/ key: ${{ steps.gem-cache.outputs.cache-primary-key }} - name: Fetch node cache id: node-cache uses: https://github.com/actions/cache/restore@v4 with: path: | node_modules/ key: node-${{ hashFiles('package.json') }}-${{ hashFiles('yarn.lock') }} - name: Install node packages if: steps.node-cache.outputs.cache-hit != 'true' run: | yarn install --pure-lockfile --production --network-timeout=30000 - name: Save node cache if: steps.node-cache.outputs.cache-hit != 'true' uses: https://github.com/actions/cache/save@v4 with: path: | node_modules/ key: ${{ steps.node-cache.outputs.cache-primary-key }} - name: Build Assets run: bundle exec rails assets:precompile env: OTP_SECRET: precompile_placeholder SECRET_KEY_BASE: precompile_placeholder - name: GZip Assets run: tar -zcf public.tar.gz public - name: Upload Assets uses: https://github.com/actions/upload-artifact@v3 with: name: assets path: public.tar.gz prepare-suffix: runs-on: base-image outputs: SUFFIX: ${{ steps.prepare-suffix.outputs.suffix }} steps: - name: Prepare suffix id: prepare-suffix run: | suffix=${{ env.GIT_BRANCH }} echo "suffix=${suffix//\//-}" >> "$GITHUB_OUTPUT" shell: bash build-containers: needs: [build-assets, prepare-suffix] runs-on: base-image strategy: fail-fast: false matrix: info: - platform: amd64 name: amd64 - platform: arm64 name: arm64v8 steps: - name: Clone self uses: https://github.com/actions/checkout@v4 - name: Download assets uses: https://github.com/actions/download-artifact@v3 with: name: assets path: . - name: GUnzip Assets run: | tar -zxf public.tar.gz - name: Prepare Platform run: | platform=${{ matrix.info.platform }} echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV shell: bash - name: Docker meta id: meta uses: https://github.com/docker/metadata-action@v5 with: images: ${{ env.REGISTRY_IMAGE }} flavor: | latest=auto suffix=-${{ needs.prepare-suffix.outputs.suffix }}-${{ matrix.info.name }} tags: | type=semver,pattern={{version}}-r${{ env.REVISION }},value=${{ env.MASTODON_VERSION }} type=semver,pattern={{version}},value=${{ env.MASTODON_VERSION }} type=semver,pattern={{major}}.{{minor}},value=${{ env.MASTODON_VERSION }} type=semver,pattern={{major}},value=${{ env.MASTODON_VERSION }} - name: Set up QEMU uses: https://github.com/docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: https://github.com/docker/setup-buildx-action@v3 - name: Docker login uses: https://github.com/docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build and push docker image id: build uses: docker/build-push-action@v5 with: context: . build-args: | GIT_REPOSITORY=${{ env.GIT_HOST }}/${{ env.GIT_REPOSITORY }} GIT_BRANCH=${{ env.GIT_BRANCH }} platforms: ${{ matrix.info.platform }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} outputs: type=image,name=${{ env.REGISTRY_IMAGE }},name-canonical=true,push=true - name: Export digest run: | mkdir -p /tmp/digests digest="${{ steps.build.outputs.digest }}" touch "/tmp/digests/${digest#sha256:}" echo "Created /tmp/digests/${digest#sha256:}" shell: bash - name: Upload ${{ matrix.info.platform }} digest uses: https://github.com/actions/upload-artifact@v3 with: name: digests path: /tmp/digests/* if-no-files-found: error retention-days: 1 publish-docker: runs-on: base-image needs: [build-containers, prepare-suffix] steps: - name: Download digests uses: https://github.com/actions/download-artifact@v3 with: name: digests path: /tmp/digests pattern: digests-* merge-multiple: true - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Docker login uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Docker meta id: meta uses: https://github.com/docker/metadata-action@v5 with: images: ${{ env.REGISTRY_IMAGE }} flavor: | latest=auto suffix=-${{ needs.prepare-suffix.outputs.suffix }} tags: | type=semver,pattern={{version}}-r${{ env.REVISION }},value=${{ env.MASTODON_VERSION }} type=semver,pattern={{version}},value=${{ env.MASTODON_VERSION }} type=semver,pattern={{major}}.{{minor}},value=${{ env.MASTODON_VERSION }} type=semver,pattern={{major}},value=${{ env.MASTODON_VERSION }} - name: Create manifest list and push working-directory: /tmp/digests run: | tags=$(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "${DOCKER_METADATA_OUTPUT_JSON}") images=$(printf "${{ env.REGISTRY_IMAGE }}@sha256:%s " *) echo "Running 'docker buildx imagetools create ${tags[@]} ${images[@]}'" docker buildx imagetools create ${tags[@]} ${images[@]} shell: bash - name: Inspect Image run: | docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }}