dangeroustech/zerotierbridge
1
0
Fork 0
mirror of https://github.com/dangeroustech/ZeroTierBridge.git synced 2025-12-06 00:56:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

ci: simplify multi-arch build, add cache & concurrency; fix release token

Browse Source 
- Add workflow-level concurrency to avoid overlapping releases
- Enable BuildKit cache (GHA) for faster Docker builds
- Simplify to a single multi-arch build (linux/amd64, linux/arm64)
  - Remove digest export/upload and manifest merge steps
  - Push manifest directly from buildx with tag `latest`
- Fix GitHub Release token casing to use `secrets.GITHUB_TOKEN`
- Update Dockerfile to use TARGETARCH for correct package selection
  - Pass VERSION consistently; write version to image

No functional change to runtime behavior expected; improves speed, reliability, and maintainability of the release pipeline.
This commit is contained in:
Josh Jacobs
2025-10-26 15:38:44 +00:00
parent aa8459d5e7
commit 9ab36f2593
2 changed files with 14 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
.github/workflows/docker-build.yml vendored
View File

@@ -13,6 +13,10 @@ permissions:
security-events: write
statuses: read
concurrency:
group: docker-release-${{ github.ref }}
cancel-in-progress: true
on:
pull_request:
branches:
@@ -28,11 +32,6 @@ jobs:
Docker_Build:
name: Docker Build And Release
runs-on: ubuntu-latest
strategy:
fail-fast: true
matrix:
arch: [amd64, arm64]
version: [1.12.2]
steps:
- name: Checkout Repository
uses: actions/checkout@v5
@@ -57,26 +56,13 @@ jobs:
with:
context: .
build-args: |
ARCH=${{ matrix.arch }}
VERSION=${{ matrix.version }}
VERSION=1.12.2
push: true
platforms: linux/${{ matrix.arch }}
outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true
platforms: linux/amd64,linux/arm64
tags: ${{ env.REGISTRY_IMAGE }}:latest
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Export Digests
run: |
mkdir -p /tmp/digests
digest="${{ steps.docker_build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v5
with:
name: digests-${{ matrix.arch }}
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1
overwrite: true
MergeRefs:
name: Publish Multi-Arch Image And Release
@@ -85,16 +71,6 @@ jobs:
needs:
- Docker_Build
steps:
- name: Download digests
uses: actions/download-artifact@v6
with:
pattern: digests-*
path: /tmp/digests
merge-multiple: true
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Registry
id: login
uses: docker/login-action@v3
@@ -103,25 +79,6 @@ jobs:
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY_IMAGE }}
tags: |
# set latest tag for default branch
# https://github.com/docker/metadata-action#latest-tag
type=raw,value=latest,enable={{is_default_branch}}
- name: Create manifest list and push
working-directory: /tmp/digests
run: |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)
- name: Inspect image
run: |
docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }}
- name: Generate SBOM
uses: anchore/sbom-action@v0
id: sbom
@@ -167,7 +124,7 @@ jobs:
id: release
if: ${{ steps.changelog.outputs.skipped == 'false' }}
env:
GITHUB_TOKEN: ${{ secrets.github_token }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.changelog.outputs.tag }}
name: ${{ steps.changelog.outputs.tag }}