Upstream: Fix Docker build errors when opening a PR from a fork. #94
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| push: | |
| pull_request: | |
| workflow_dispatch: | |
| name: CI-DOCKER | |
| env: | |
| GTK_VERSION: 4.14.4 | |
| IMAGE_NAME: ${{ github.repository }}-gtk-4.14.4 | |
| IMAGE_TAG: ${{ github.ref_name }} | |
| jobs: | |
| create-docker-image: | |
| permissions: | |
| contents: read | |
| packages: write | |
| attestations: write | |
| id-token: write | |
| name: Create Docker image | |
| runs-on: ubuntu-latest | |
| outputs: | |
| NAME: ${{ env.IMAGE_NAME }} | |
| TAG: ${{ env.IMAGE_TAG }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Escape image tag | |
| run: | | |
| echo "IMAGE_TAG=$(echo ${{ env.IMAGE_TAG }} | sed -e 's/\//-/g')" >> $GITHUB_ENV | |
| echo "IMAGE_NAME: ${{ env.IMAGE_NAME }}" | |
| echo "IMAGE_TAG: ${{ env.IMAGE_TAG }}" | |
| - name: Use 'main' Docker image tag if this is a PR from a fork | |
| id: origin | |
| shell: bash | |
| if: github.event.pull_request.head.repo.fork | |
| run: | | |
| echo 'IMAGE_TAG=main' >> $GITHUB_ENV | |
| - name: Check if Dockerfile has changed | |
| uses: dorny/paths-filter@v3 | |
| id: changed | |
| with: | |
| base: ${{ github.ref_name }} | |
| filters: | | |
| dockerfile: | |
| - "appimage/docker/**" | |
| - name: Check if Docker image exists | |
| id: exists | |
| shell: bash | |
| run: | | |
| declare -a HEADERS=( | |
| '-H' "Accept: application/vnd.oci.image.manifest.v1+json" | |
| '-H' "Accept: application/vnd.oci.image.index.v1+json" | |
| '-H' "Authorization: Bearer $(echo ${{ secrets.GITHUB_TOKEN }} | base64)" | |
| ) | |
| RESULT=$(curl "${HEADERS[@]}" https://ghcr.io/v2/${IMAGE_NAME}/manifests/${IMAGE_TAG}) | |
| echo 'dockerimage<<EOF' >> $GITHUB_OUTPUT | |
| echo ${RESULT} | jq 'has("manifests")' >> $GITHUB_OUTPUT | |
| echo 'EOF' >> $GITHUB_OUTPUT | |
| - name: Check if we need to build the Docker image | |
| id: dockerimage | |
| if: | | |
| ! github.event.pull_request.head.repo.fork && | |
| (steps.changed.outputs.dockerfile == 'true' || steps.exists.outputs.dockerimage == 'false') | |
| run: | | |
| echo 'build=true' >> $GITHUB_OUTPUT | |
| - name: Debug Check | |
| shell: bash | |
| run: | | |
| echo IMAGE_NAME: ${{ env.IMAGE_NAME }} # <repo-owner>/<repo>-test | |
| echo IMAGE_TAG: ${{ env.IMAGE_TAG }} # <gh.ref_name> | |
| echo | |
| echo gh.actor: ${{ github.actor }} # antoinevg antoinevg | |
| echo gh.trig_actor: ${{ github.triggering_actor }} # antoinevg antoinevg | |
| echo gh.repo: ${{ github.repository }} # antoinevg/packetry greatscottgadgets/packetry | |
| echo gh.repo_owner: ${{ github.repository_owner }} # antoinevg greatscottgadgets | |
| echo gh.base_ref: ${{ github.base_ref }} # main | |
| echo gh.head_ref: ${{ github.head_ref }} # antoinevg/fix-pr-403 | |
| echo gh.ref_name: ${{ github.ref_name }} # antoinevg/fix-pr-403 149/merge | |
| echo | |
| echo check.forked: ${{ github.event.pull_request.head.repo.fork }} # true | |
| echo check.changed: ${{ steps.changed.outputs.dockerfile }} # true true | |
| echo check.exists: ${{ steps.exists.outputs.dockerimage }} # false false | |
| echo | |
| echo build: ${{ steps.dockerimage.outputs.build }} | |
| - name: Log in to the Container registry | |
| if: steps.dockerimage.outputs.build | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up Docker Buildx | |
| if: steps.dockerimage.outputs.build | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build and push Docker image | |
| if: steps.dockerimage.outputs.build | |
| id: push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: appimage/docker/ | |
| push: true | |
| tags: ghcr.io/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} | |
| cache-from: type=gha, scope=${{ env.IMAGE_TAG }} | |
| cache-to: type=gha, scope=${{ env.IMAGE_TAG }}, mode=max | |
| - name: Generate artifact attestation | |
| if: steps.dockerimage.outputs.build | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-name: ghcr.io/${{ env.IMAGE_NAME }} | |
| subject-digest: ${{ steps.push.outputs.digest }} | |
| push-to-registry: true | |
| build-linux-appimage: | |
| permissions: | |
| contents: read | |
| packages: read | |
| needs: create-docker-image | |
| name: Build Linux AppImage | |
| runs-on: ubuntu-latest | |
| container: | |
| image: ghcr.io/${{ needs.create-docker-image.outputs.NAME }}:${{ needs.create-docker-image.outputs.TAG }} | |
| credentials: | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Workaround issues when GitHub does not respect the HOME env var | |
| run: | | |
| # GitHub Actions only supports containers running as root | |
| # see: https://github.com/actions/checkout/issues/1014 | |
| mv /home/runner/.cargo $HOME | |
| mv /home/runner/.nvm $HOME | |
| mv /home/runner/.rustup $HOME | |
| - uses: Swatinem/rust-cache@v2 | |
| - name: Install toolchain | |
| run: | | |
| rustup toolchain install stable | |
| rustup default stable | |
| - name: Build packetry binary | |
| run: | | |
| cargo build --release | |
| - name: Test under XVFB (Linux) | |
| run: | | |
| xvfb-run cargo test | |
| if: runner.os == 'Linux' | |
| - name: Install cargo-license (Linux) | |
| uses: taiki-e/cache-cargo-install-action@v2 | |
| with: | |
| tool: cargo-license | |
| - name: Gather licenses (Linux) | |
| # If the default shell is used, one command failing does not fail the action. | |
| shell: bash | |
| run: | | |
| pip install license-expression | |
| python wix/rust_licenses.py > appimage/packetry.AppDir/usr/share/doc/LICENSE-static-libraries.txt | |
| mv wix/full-licenses appimage/packetry.AppDir/usr/share/doc | |
| cp LICENSE appimage/packetry.AppDir/usr/share/doc/LICENSE-packetry.txt | |
| - name: Run build appimage action (Linux) | |
| # NB: The full path to the action is: ./appimage/action.yml | |
| uses: ./appimage/ | |
| with: | |
| executable: target/release/packetry | |
| icon-file: appimage/dist/icon.png | |
| desktop-file: appimage/dist/packetry.desktop | |
| appdir: appimage/packetry.AppDir | |
| - name: Upload AppImage binary (Linux) | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: Linux AppImage binary | |
| path: packetry-x86_64.AppImage | |
| if-no-files-found: error |