diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 16f1908..d5ad785 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,7 +1,6 @@ name: Build on: - workflow_dispatch: pull_request: push: branches: @@ -10,39 +9,130 @@ on: - 'v*.*.*' jobs: - build: name: Build the Docker image runs-on: ubuntu-latest env: - DOCKER_BUILDKIT: 1 - METACALL_GUIX_VERSION: 1.4.0 - METACALL_GUIX_ARCH: x86_64 + REGISTRY_IMAGE: metacall/guix + GUIX_VERSION: 1.4.0 + BUILDKIT_VERSION: 0.13.0 + + strategy: + fail-fast: false + matrix: + platform: [ + { docker: linux/amd64, guix: x86_64-linux }, + { docker: linux/386, guix: i686-linux }, + + # TODO: + + # guix error: cloning builder process: Invalid argument (https://lists.gnu.org/archive/html/help-guix/2017-12/msg00023.html) + # { docker: linux/arm/v7, guix: armhf-linux }, + + # ERROR: failed to solve: ResourceExhausted: process "/bin/sh -c sh -c '/entry-point.sh guix pull ..." did not complete successfully: cannot allocate memory + # { docker: linux/arm64/v8, guix: aarch64-linux }, + # { docker: linux/ppc64le, guix: powerpc64le-linux } + ] steps: - - name: Check out the repository - uses: actions/checkout@v2 + - name: Prepare + run: | + platform=${{ matrix.docker.platform }} + echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 with: - fetch-depth: 0 + images: ${{ env.REGISTRY_IMAGE }} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 - name: Docker Setup BuildX - uses: docker/setup-buildx-action@v2.0.0 + uses: docker/setup-buildx-action@v3 with: - version: v0.5.1 + version: v${{ env.BUILDKIT_VERSION }} - name: Verify Docker BuildX Version run: docker buildx version - name: Create a new builder instance run: docker buildx create --use --name insecure-builder --buildkitd-flags '--allow-insecure-entitlement security.insecure' - + - name: Authenticate to Docker registry if: github.event_name != 'pull_request' - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - - name: Build and push image - run: docker buildx build -t metacall/guix --output type=image,name=docker.io/metacall/guix:${GITHUB_SHA},push=${{ github.event_name != 'pull_request' }} --allow security.insecure --build-arg METACALL_GUIX_VERSION="$METACALL_GUIX_VERSION" --build-arg METACALL_GUIX_ARCH="$METACALL_GUIX_ARCH" . + - name: Build and push by digest + id: build + uses: docker/build-push-action@v6 + with: + platforms: ${{ matrix.docker.platform }} + labels: ${{ steps.meta.outputs.labels }} + outputs: type=image,name=docker.io/${{ env.REGISTRY_IMAGE }},push-by-digest=${{ github.event_name != 'pull_request' }},name-canonical=true,push=${{ github.event_name != 'pull_request' }} + allow: security.insecure + build-args: | + METACALL_GUIX_VERSION=${{ env.GUIX_VERSION }} + METACALL_GUIX_ARCH=${{ matrix.platform.guix }} + + - name: Export digest + if: github.event_name != 'pull_request' + run: | + mkdir -p /tmp/digests + digest="${{ steps.build.outputs.digest }}" + touch "/tmp/digests/${digest#sha256:}" + + - name: Upload digest + if: github.event_name != 'pull_request' + uses: actions/upload-artifact@v4 + with: + name: digests-${{ env.PLATFORM_PAIR }} + path: /tmp/digests/* + if-no-files-found: error + retention-days: 1 + + merge: + name: Merge digests for the manifest + runs-on: ubuntu-latest + if: github.event_name != 'pull_request' + needs: + - build + steps: + - name: Download digests + uses: actions/download-artifact@v4 + with: + path: /tmp/digests + pattern: digests-* + merge-multiple: true + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + version: v${{ env.BUILDKIT_VERSION }} + + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY_IMAGE }} + + - name: Authenticate to Docker registry + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Create manifest list and push + working-directory: /tmp/digests + run: | + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *) + + - name: Inspect image + run: | + docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} diff --git a/Dockerfile b/Dockerfile index 7538bad..0b6c7da 100644 --- a/Dockerfile +++ b/Dockerfile @@ -44,7 +44,7 @@ RUN mkdir -p /gnu/store \ && for i in `seq -w 1 10`; do \ adduser -G guixbuild -h /var/empty -s `which nologin` -S guixbuilder$i; \ done \ - && wget -O - https://ftp.gnu.org/gnu/guix/guix-binary-${METACALL_GUIX_VERSION}.${METACALL_GUIX_ARCH}-linux.tar.xz | tar -xJv -C / \ + && wget -O - https://ftp.gnu.org/gnu/guix/guix-binary-${METACALL_GUIX_VERSION}.${METACALL_GUIX_ARCH}.tar.xz | tar -xJv -C / \ && mkdir -p /root/.config/guix \ && ln -sf /var/guix/profiles/per-user/root/current-guix /root/.config/guix/current \ && mkdir -p /usr/local/bin \ diff --git a/channels/channels.scm b/channels/channels.scm index 749c380..d3027e4 100644 --- a/channels/channels.scm +++ b/channels/channels.scm @@ -20,5 +20,5 @@ (name 'guix) (url "https://git.savannah.gnu.org/git/guix.git") (branch "master") - (commit "67960be52e01f8bd169dcff5985c4af2c5f87f91")) ; Fri Feb 16 11:18:47 2024 +0100 + (commit "8ffb0c14b8abdbb471788f993a7835add147e3a8")) ; Mon Oct 14 21:58:56 2024 +0100 )