Skip to content

allow nginx ubi mainline or stable to build (#6113) #9

allow nginx ubi mainline or stable to build (#6113)

allow nginx ubi mainline or stable to build (#6113) #9

name: Build UBI ppc64le Dependency
on:
push:
branches:
- main
paths:
- build/dependencies/Dockerfile.ubi-ppc64le
workflow_dispatch:
inputs:
nginx_version:
type: string
description: "NGINX Version to build for"
required: false
force:
type: boolean
description: "Force rebuild"
required: false
default: false
env:
IMAGE_NAME: ghcr.io/nginxinc/dependencies/nginx-ubi-ppc64le
concurrency:
group: ${{ github.ref_name }}-ubi-ppc64le-build
cancel-in-progress: true
jobs:
checks:
name: Check versions
runs-on: ubuntu-22.04
permissions:
packages: read
contents: read
strategy:
fail-fast: false
outputs:
nginx_version: ${{ steps.var.outputs.nginx_version }}
njs_version: ${{ steps.var.outputs.njs_version }}
target_exists: ${{ steps.var.outputs.target_image_exists }}
steps:
- name: Checkout Repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Login to GitHub Container Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Output Variables
id: var
run: |
if [ -n "${{ inputs.nginx_version }}" ]; then
nginx_v=${{ inputs.nginx_version }}
else
nginx_v=$(grep -m1 'FROM nginx:' <build/dependencies/Dockerfile.ubi-ppc64le | cut -d '@' -f1 | awk -F'[: ]' '{print $3}')
fi
target_image=${{ env.IMAGE_NAME }}:nginx-${nginx_v}
if docker manifest inspect ${target_image}; then
target_image_exists=true
else
target_image_exists=false
fi
docker pull nginx:$nginx_v || exit 1
njs=$(docker run nginx:$nginx_v env | grep NJS_VERSION | cut -d= -f2)
echo "> Outputs -------------------------------"
echo "NJS_VERSION=$njs"
echo "nginx_version=${nginx_v}"
echo "njs_version=${njs}"
echo "target_image_exists=${target_image_exists}"
echo "nginx_version=${nginx_v}" >> $GITHUB_OUTPUT
echo "njs_version=${njs}" >> $GITHUB_OUTPUT
echo "target_image_exists=${target_image_exists}" >> $GITHUB_OUTPUT
build-binaries:
name: Build Binary Container Image
if: ${{ needs.checks.outputs.target_exists != 'true' || inputs.force }}
needs: checks
runs-on: ubuntu-22.04
permissions:
packages: write
contents: read
strategy:
fail-fast: false
steps:
- name: Checkout Repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup QEMU
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
with:
platforms: arm64,ppc64le,s390x
- name: Docker Buildx
uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
- name: Login to GitHub Container Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Docker meta
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
with:
images: |
name=${{ env.IMAGE_NAME }},enable=true
tags: |
type=raw,value=nginx-${{ needs.checks.outputs.nginx_version }},enable=true
env:
DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
- name: Build and push
uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 # v6.5.0
with:
file: ./build/dependencies/Dockerfile.ubi-ppc64le
context: "."
pull: true
push: true
# build multi-arch so that it can be mounted from any image
# even though only ppc64le will contain binaries
platforms: "linux/amd64,linux/arm64,linux/ppc64le,linux/s390x"
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
annotations: ${{ steps.meta.outputs.annotations }}
cache-from: type=gha,scope=nginx-ubi-ppc64le
cache-to: type=gha,scope=nginx-ubi-ppc64le,mode=max
target: final
sbom: false
provenance: mode=max
build-args: |
NGINX=${{ needs.checks.outputs.nginx_version }}
NJS=${{ needs.checks.outputs.njs_version }}