diff options
| author | Ivan Gabaldon <igabaldon@inetol.net> | 2025-05-17 18:21:04 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-05-17 18:21:04 +0200 |
| commit | 86373e7c87aeca9fb0d8889a12cfe09c0ffd1df9 (patch) | |
| tree | ff7f8a9354897f29ce949b023c8401a75a07f7a4 /.github | |
| parent | 1b08324f26bde0116d3263bd7177da8750f39712 (diff) | |
[mod] container: build custom base images (#4799)
Instead of using Wolfi base images from cgr.dev and making that mess on the Dockerfile, why don't we build the base images ourselves from Wolfi repos with apko? The intention of this is to simplify the main Dockerfile and avoid having to patch the base image every time, it also simplifies some steps like image ownership management and provides extremely fast builds.
Diffstat (limited to '.github')
| -rw-r--r-- | .github/workflows/cleanup.yml | 8 | ||||
| -rw-r--r-- | .github/workflows/container.yml | 72 |
2 files changed, 75 insertions, 5 deletions
diff --git a/.github/workflows/cleanup.yml b/.github/workflows/cleanup.yml index d429e0ce3..85e22ce9d 100644 --- a/.github/workflows/cleanup.yml +++ b/.github/workflows/cleanup.yml @@ -5,7 +5,7 @@ name: Cleanup on: workflow_dispatch: schedule: - - cron: "4 4 * * 0" + - cron: "4 4 * * *" concurrency: group: ${{ github.workflow }} @@ -28,7 +28,7 @@ jobs: with: account: "${{ github.repository_owner }}" token: "${{ secrets.GITHUB_TOKEN }}" - image-names: "cache" - image-tags: "!searxng-*" - cut-off: "1w" + image-names: "cache base" + image-tags: "!searxng*" + cut-off: "1d" keep-n-most-recent: "100" diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index 72e03be50..ccdba770e 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -25,10 +25,80 @@ env: PYTHON_VERSION: "3.13" jobs: + build-base: + if: | + (github.repository_owner == 'searxng' && github.event.workflow_run.conclusion == 'success') + || github.event_name == 'workflow_dispatch' + name: Build base + runs-on: ubuntu-24.04 + permissions: + # Organization GHCR + packages: write + + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + persist-credentials: "false" + + - name: Get date + id: date + run: echo "date=$(date +'%Y%m%d')" >>$GITHUB_OUTPUT + + - name: Check cache apko + id: cache-apko + uses: actions/cache/restore@v4 + with: + # yamllint disable-line rule:line-length + key: "apko-${{ steps.date.outputs.date }}-${{ hashFiles('./container/base.yml', './container/base-builder.yml') }}" + path: "/tmp/.apko/" + lookup-only: true + + - if: steps.cache-apko.outputs.cache-hit != 'true' + name: Setup cache apko + uses: actions/cache@v4 + with: + # yamllint disable-line rule:line-length + key: "apko-${{ steps.date.outputs.date }}-${{ hashFiles('./container/base.yml', './container/base-builder.yml') }}" + restore-keys: "apko-${{ steps.date.outputs.date }}-" + path: "/tmp/.apko/" + + - if: steps.cache-apko.outputs.cache-hit != 'true' + name: Setup apko + run: | + eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" + brew install apko + + - if: steps.cache-apko.outputs.cache-hit != 'true' + name: Login to GHCR + uses: docker/login-action@v3 + with: + registry: "ghcr.io" + username: "${{ github.repository_owner }}" + password: "${{ secrets.GITHUB_TOKEN }}" + + - if: steps.cache-apko.outputs.cache-hit != 'true' + name: Build + run: | + eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" + + apko publish ./container/base.yml ghcr.io/${{ github.repository_owner }}/base:searxng \ + --cache-dir=/tmp/.apko/ \ + --sbom=false \ + --vcs=false \ + --log-level=debug + + apko publish ./container/base-builder.yml ghcr.io/${{ github.repository_owner }}/base:searxng-builder \ + --cache-dir=/tmp/.apko/ \ + --sbom=false \ + --vcs=false \ + --log-level=debug + build: - if: github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success' + if: github.repository_owner == 'searxng' || github.event_name == 'workflow_dispatch' name: Build (${{ matrix.arch }}) runs-on: ${{ matrix.os }} + needs: build-base strategy: fail-fast: false matrix: |