diff --git a/.github/workflows/service-extensions-publish.yml b/.github/workflows/service-extensions-publish.yml index efb97be412..bc1d34c8f5 100644 --- a/.github/workflows/service-extensions-publish.yml +++ b/.github/workflows/service-extensions-publish.yml @@ -27,39 +27,104 @@ env: REF_NAME: ${{ github.ref || github.event.inputs.commit_sha }} COMMIT_SHA: ${{ github.sha || github.event.inputs.commit_sha }} PUSH_LATEST: ${{ github.event.inputs.set_as_latest || 'true' }} + REGISTRY_IMAGE: ghcr.io/datadog/dd-trace-go/service-extensions-callout jobs: - publish-service-extensions: - runs-on: ubuntu-latest + build-service-extensions: + runs-on: ${{ matrix.platform == 'linux/amd64' && 'ubuntu-latest' || 'arm-4core-linux' }} + strategy: + matrix: + platform: [ linux/amd64, linux/arm64 ] + steps: + - name: Prepare + run: | + platform=${{ matrix.platform }} + echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ env.REF_NAME }} - - name: Set up QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # V3.2.0 + - name: Install Docker (only arm64) + if: matrix.platform == 'linux/arm64' + run: | + sudo apt-get update + sudo apt-get install -y docker.io + sudo systemctl start docker + sudo systemctl enable docker + sudo usermod -aG docker $USER + newgrp docker + sudo chmod 666 /var/run/docker.sock - name: Set up Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@v3.8.0 - name: Login to Docker shell: bash run: docker login -u publisher -p ${{ secrets.GITHUB_TOKEN }} ghcr.io - - name: Replace slashes in ref name - id: replace_ref - run: echo "TAG_NAME=${TAG_NAME//\//-}" >> $GITHUB_ENV + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY_IMAGE }} - - name: Build and push + - name: Build and push by digest id: build - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@v6 with: context: . - file: ./contrib/envoyproxy/envoy/cmd/serviceextensions/Dockerfile - platforms: linux/amd64,linux/arm64 - push: true - tags: | - ghcr.io/datadog/dd-trace-go/service-extensions-callout:${{ env.TAG_NAME }} - ghcr.io/datadog/dd-trace-go/service-extensions-callout:${{ env.COMMIT_SHA }} - ${{ env.PUSH_LATEST == 'true' && 'ghcr.io/datadog/dd-trace-go/service-extensions-callout:latest' }} + file: ./contrib/envoyproxy/go-control-plane/cmd/serviceextensions/Dockerfile + platforms: ${{ matrix.platform }} + labels: ${{ steps.meta.outputs.labels }} + outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true + + - name: Export digest + run: | + mkdir -p /tmp/digests + digest="${{ steps.build.outputs.digest }}" + touch "/tmp/digests/${digest#sha256:}" + + - name: Upload digest + uses: actions/upload-artifact@v4 + with: + name: digests-${{ env.PLATFORM_PAIR }} + path: /tmp/digests/* + if-no-files-found: error + retention-days: 1 + + publish-service-extensions: + runs-on: ubuntu-latest + needs: + - build-service-extensions + + steps: + - name: Download digests + uses: actions/download-artifact@v4 + with: + path: /tmp/digests + pattern: digests-* + merge-multiple: true + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3.8.0 + + - name: Login to Docker + shell: bash + run: docker login -u publisher -p ${{ secrets.GITHUB_TOKEN }} ghcr.io + + - name: Create tags + id: tags + run: | + tagname=${TAG_NAME//\//-} # remove slashes from tag name + echo "tags=-t ghcr.io/datadog/dd-trace-go/service-extensions-callout:${tagname} \ + -t ghcr.io/datadog/dd-trace-go/service-extensions-callout:${{ env.COMMIT_SHA }} \ + ${{ env.PUSH_LATEST == 'true' && '-t ghcr.io/datadog/dd-trace-go/service-extensions-callout:latest' }}" >> $GITHUB_OUTPUT + + - name: Create manifest list and push + working-directory: /tmp/digests + run: | + docker buildx imagetools create ${{ steps.tags.outputs.tags }} \ + $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)