From aaa6374fe2059ae6c8b83175413f42cdc0adae6d Mon Sep 17 00:00:00 2001 From: Chris Bowles Date: Wed, 3 Sep 2025 19:28:32 -0400 Subject: [PATCH 1/2] Leave docker alone --- .github/workflows/main.yml | 45 -------------------------------------- 1 file changed, 45 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index c2224d43..d8e10c9f 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -67,53 +67,8 @@ jobs: env: VERSION: ${{ matrix.postgres }}-${{ matrix.postgis }} VARIANT: ${{ matrix.variant }} - DOCKER_APT_PKG_VER: '5:28.3.3-1~ubuntu.24.04~noble' steps: - - name: Install/config specific version of Docker packages - run: | - echo "***** Removing any currently installed conflicting packages..." - for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; do sudo apt-get remove $pkg; done - echo "***** Setting up Docker's APT repo..." - sudo apt-get update - sudo apt-get install ca-certificates curl - sudo install -m 0755 -d /etc/apt/keyrings - sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc - sudo chmod a+r /etc/apt/keyrings/docker.asc - echo \ - "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \ - $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \ - sudo tee /etc/apt/sources.list.d/docker.list > /dev/null - sudo apt-get update - echo "***** Check available docker-ce versions ." - sudo apt policy docker-ce - echo "***** Installing Docker packages..." - sudo apt-get install docker-ce=${{ env.DOCKER_APT_PKG_VER }} docker-ce-cli=${{ env.DOCKER_APT_PKG_VER }} containerd.io docker-buildx-plugin docker-compose-plugin - echo "***** Verifying initial Docker installation..." - docker run hello-world - echo "***** Displaying Docker information..." - docker info - echo "***** Configuring Docker for containerd image store and builder keepStorage..." - echo "{ \"features\": { \"containerd-snapshotter\": true }}" | sudo tee /etc/docker/daemon.json - echo $'{ - "features": { - "containerd-snapshotter": true - }, - "builder": { - "gc": { - "defaultKeepStorage": "20GB", - "enabled": true - } - } - }' | sudo tee /etc/docker/daemon.json - sudo systemctl restart docker - docker info -f '{{ .DriverStatus }}' - - - name: Load binfmt platforms for QEMU - run: | - docker run --privileged --rm tonistiigi/binfmt --install all - docker images --tree - - name: Checkout source uses: actions/checkout@v4 From 0ca7eaea7a281c8b8d59fb13c5669f3f5bc3906b Mon Sep 17 00:00:00 2001 From: Chris Bowles Date: Wed, 3 Sep 2025 21:26:16 -0400 Subject: [PATCH 2/2] Build and push by digest, merge into multiarch image --- .github/workflows/main.yml | 131 +++++++++++++++++++++++++++++++++---- 1 file changed, 119 insertions(+), 12 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index d8e10c9f..7fa7e56f 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -10,8 +10,11 @@ defaults: run: shell: bash -jobs: +env: + DOCKERHUB_REPO: postgis/postgis + GITHUB_REPO: postgis/docker-postgis +jobs: make-docker-images: strategy: matrix: @@ -70,23 +73,127 @@ jobs: steps: - name: Checkout source - uses: actions/checkout@v4 + uses: actions/checkout@v5 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build Docker image for ${{ env.VERSION }} ${{ env.VARIANT }} + id: build + uses: docker/build-push-action@v5 + with: + context: ${{ env.VERSION }}${{ env.VARIANT == 'alpine' && '/alpine' || ''}} + file: ${{ env.VERSION }}${{ env.VARIANT == 'alpine' && '/alpine' || ''}}/Dockerfile + load: true + push: false # don't push until after testing + + - name: Check out official-images repo + uses: actions/checkout@v5 + with: + repository: docker-library/official-images + path: official-images + sparse-checkout: | + test + + - name: Run official-images test script + run: | + ./official-images/test/run.sh -c ./official-images/test/config.sh -c test/postgis-config.sh ${{ steps.build.outputs.imageid }} + + - name: Login to dockerhub + id: login-dockerhub + uses: docker/login-action@v3 + if: ${{ (github.repository == env.GITHUB_REPO) && (github.ref == 'refs/heads/master') && (github.event_name != 'pull_request') }} + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }} + + - name: Push image by digest + id: push + uses: docker/build-push-action@v5 # Build is cached, this is really just a push + if: ${{ (github.repository == env.GITHUB_REPO) && (github.ref == 'refs/heads/master') && (github.event_name != 'pull_request') }} + with: + context: ${{ env.VERSION }}${{ env.VARIANT == 'alpine' && '/alpine' || ''}} + file: ${{ env.VERSION }}${{ env.VARIANT == 'alpine' && '/alpine' || ''}}/Dockerfile + outputs: type=image,"name=${{ env.DOCKERHUB_REPO }}",push-by-digest=true,name-canonical=true,push=true + + - name: Export digest + run: | + mkdir -p ${{ runner.temp }}/digests + digest="${{ steps.push.outputs.digest }}" + touch "${{ runner.temp }}/digests/${digest#sha256:}" + + - name: Upload digests + uses: actions/upload-artifact@v4 + with: + name: digests-${{ env.VERSION }}-${{ env.VARIANT }}-${{ matrix.runner-platform }} + path: ${{ runner.temp }}/digests/* + if-no-files-found: error + retention-days: 1 - - name: Build docker image for ${{ env.VERSION }} ${{ env.VARIANT }} - run: make test + merge-manifests: + name: Merge manifests and push to DockerHub + needs: make-docker-images + runs-on: ubuntu-24.04-arm # Always on arm, because why not + if: ${{ (github.repository == env.GITHUB_REPO) && (github.ref == 'refs/heads/master') && (github.event_name != 'pull_request') }} + env: + VERSION: ${{ matrix.postgres }}-${{ matrix.postgis }} + VARIANT: ${{ matrix.variant }} + strategy: + matrix: + # Copy from above, minus the runner-platform + postgres: [13, 14, 15, 16, 17] + postgis: ['3.5'] + variant: [default, alpine] + include: + - postgres: 16 + postgis: master + variant: default + - postgres: 17 + postgis: master + variant: default + - postgres: 17 + postgis: '3.6' + variant: alpine + - postgres: 18 + postgis: '3.6' + variant: alpine + - postgres: 18 + postgis: '3.6' + variant: default + steps: - name: Login to dockerhub + id: login-dockerhub uses: docker/login-action@v3 - if: ${{ (github.repository == 'postgis/docker-postgis') && (github.ref == 'refs/heads/master') && (github.event_name != 'pull_request') }} with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }} - - name: Push docker image to dockerhub - # !!!! ONLY push the images when built on ubuntu-24.04 x86 runner for now, NOT for ubuntu-24.04-arm runners - if: ${{ (github.repository == 'postgis/docker-postgis') && (github.ref == 'refs/heads/master') && (github.event_name != 'pull_request') && ( matrix.runner-platform == 'ubuntu-24.04' ) }} - env: - DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} - DOCKERHUB_ACCESS_TOKEN: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }} - run: make push + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Download digests + uses: actions/download-artifact@v4 + with: + path: ${{ runner.temp }}/digests + pattern: digests-${{ env.VERSION }}-${{ env.VARIANT }}-* + merge-multiple: true + + - name: Docker Metadata + uses: docker/metadata-action@v5 + with: + images: | + ${{ env.DOCKERHUB_REPO }} + tags: | + type=raw,value=${{ env.VERSION }}${{ env.VARIANT == 'alpine' && '-alpine' || ''}} + + - name: Create manifest list and push + working-directory: ${{ runner.temp }}/digests + run: | + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf '${{ env.DOCKERHUB_REPO }}@sha256:%s ' *) + - name: Inspect image # Purely for debugging + run: | + sleep 5 + docker buildx imagetools inspect ${{ env.DOCKERHUB_REPO }}:${{ env.VERSION }}${{ env.VARIANT == 'alpine' && '-alpine' || ''}}