mirror of
https://github.com/simstudioai/sim.git
synced 2026-01-09 06:58:07 -05:00
181 lines
5.5 KiB
YAML
181 lines
5.5 KiB
YAML
name: Build and Push Images
|
|
|
|
on:
|
|
workflow_call:
|
|
workflow_dispatch:
|
|
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
id-token: write
|
|
|
|
jobs:
|
|
build-amd64:
|
|
name: Build AMD64
|
|
runs-on: blacksmith-8vcpu-ubuntu-2404
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- dockerfile: ./docker/app.Dockerfile
|
|
ghcr_image: ghcr.io/simstudioai/simstudio
|
|
ecr_repo_secret: ECR_APP
|
|
- dockerfile: ./docker/db.Dockerfile
|
|
ghcr_image: ghcr.io/simstudioai/migrations
|
|
ecr_repo_secret: ECR_MIGRATIONS
|
|
- dockerfile: ./docker/realtime.Dockerfile
|
|
ghcr_image: ghcr.io/simstudioai/realtime
|
|
ecr_repo_secret: ECR_REALTIME
|
|
outputs:
|
|
registry: ${{ steps.login-ecr.outputs.registry }}
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Configure AWS credentials
|
|
uses: aws-actions/configure-aws-credentials@v4
|
|
with:
|
|
role-to-assume: ${{ github.ref == 'refs/heads/main' && secrets.AWS_ROLE_TO_ASSUME || secrets.STAGING_AWS_ROLE_TO_ASSUME }}
|
|
aws-region: ${{ github.ref == 'refs/heads/main' && secrets.AWS_REGION || secrets.STAGING_AWS_REGION }}
|
|
|
|
- name: Login to Amazon ECR
|
|
id: login-ecr
|
|
uses: aws-actions/amazon-ecr-login@v2
|
|
|
|
- name: Login to Docker Hub
|
|
uses: docker/login-action@v3
|
|
with:
|
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
|
|
- name: Login to GHCR
|
|
if: github.ref == 'refs/heads/main'
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.repository_owner }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: useblacksmith/setup-docker-builder@v1
|
|
|
|
- name: Generate tags
|
|
id: meta
|
|
run: |
|
|
ECR_REGISTRY="${{ steps.login-ecr.outputs.registry }}"
|
|
ECR_REPO="${{ secrets[matrix.ecr_repo_secret] }}"
|
|
GHCR_IMAGE="${{ matrix.ghcr_image }}"
|
|
|
|
# ECR tags (always build for ECR)
|
|
if [ "${{ github.ref }}" = "refs/heads/main" ]; then
|
|
ECR_TAG="latest"
|
|
else
|
|
ECR_TAG="staging"
|
|
fi
|
|
ECR_IMAGE="${ECR_REGISTRY}/${ECR_REPO}:${ECR_TAG}"
|
|
|
|
# Build tags list
|
|
TAGS="${ECR_IMAGE}"
|
|
|
|
# Add GHCR tags only for main branch
|
|
if [ "${{ github.ref }}" = "refs/heads/main" ]; then
|
|
GHCR_AMD64="${GHCR_IMAGE}:latest-amd64"
|
|
GHCR_SHA="${GHCR_IMAGE}:${{ github.sha }}-amd64"
|
|
TAGS="${TAGS},$GHCR_AMD64,$GHCR_SHA"
|
|
fi
|
|
|
|
echo "tags=${TAGS}" >> $GITHUB_OUTPUT
|
|
|
|
- name: Build and push images
|
|
uses: useblacksmith/build-push-action@v2
|
|
with:
|
|
context: .
|
|
file: ${{ matrix.dockerfile }}
|
|
platforms: linux/amd64
|
|
push: true
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
provenance: false
|
|
sbom: false
|
|
|
|
build-ghcr-arm64:
|
|
name: Build ARM64 (GHCR Only)
|
|
runs-on: blacksmith-8vcpu-ubuntu-2404-arm
|
|
if: github.ref == 'refs/heads/main'
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- dockerfile: ./docker/app.Dockerfile
|
|
image: ghcr.io/simstudioai/simstudio
|
|
- dockerfile: ./docker/db.Dockerfile
|
|
image: ghcr.io/simstudioai/migrations
|
|
- dockerfile: ./docker/realtime.Dockerfile
|
|
image: ghcr.io/simstudioai/realtime
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Login to GHCR
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.repository_owner }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: useblacksmith/setup-docker-builder@v1
|
|
|
|
- name: Generate ARM64 tags
|
|
id: meta
|
|
run: |
|
|
IMAGE="${{ matrix.image }}"
|
|
echo "tags=${IMAGE}:latest-arm64,${IMAGE}:${{ github.sha }}-arm64" >> $GITHUB_OUTPUT
|
|
|
|
- name: Build and push ARM64 to GHCR
|
|
uses: useblacksmith/build-push-action@v2
|
|
with:
|
|
context: .
|
|
file: ${{ matrix.dockerfile }}
|
|
platforms: linux/arm64
|
|
push: true
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
provenance: false
|
|
sbom: false
|
|
|
|
create-ghcr-manifests:
|
|
name: Create GHCR Manifests
|
|
runs-on: blacksmith-8vcpu-ubuntu-2404
|
|
needs: [build-amd64, build-ghcr-arm64]
|
|
if: github.ref == 'refs/heads/main'
|
|
strategy:
|
|
matrix:
|
|
include:
|
|
- image: ghcr.io/simstudioai/simstudio
|
|
- image: ghcr.io/simstudioai/migrations
|
|
- image: ghcr.io/simstudioai/realtime
|
|
|
|
steps:
|
|
- name: Login to GHCR
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.repository_owner }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Create and push manifests
|
|
run: |
|
|
IMAGE_BASE="${{ matrix.image }}"
|
|
|
|
# Create latest manifest
|
|
docker manifest create "${IMAGE_BASE}:latest" \
|
|
"${IMAGE_BASE}:latest-amd64" \
|
|
"${IMAGE_BASE}:latest-arm64"
|
|
docker manifest push "${IMAGE_BASE}:latest"
|
|
|
|
# Create SHA manifest
|
|
docker manifest create "${IMAGE_BASE}:${{ github.sha }}" \
|
|
"${IMAGE_BASE}:${{ github.sha }}-amd64" \
|
|
"${IMAGE_BASE}:${{ github.sha }}-arm64"
|
|
docker manifest push "${IMAGE_BASE}:${{ github.sha }}" |