Rearrange GH Actions workflows; Move Docker builds to AWS CloudBuild

.github/workflows/build.yml

@@ -0,0 +1,88 @@
+name: Build
+
+on:
+  workflow_call:
+
+env:
+  DOCKER_META_IMAGES: |
+    darthsim/imgproxy
+  DOCKER_META_TAGS: |
+    type=raw,value=latest,enable=${{ github.ref == 'refs/heads/master' }}
+    type=ref,event=branch,enable=${{ startsWith(github.ref, 'refs/heads/test/') }}
+    type=semver,pattern=v{{version}}
+    type=semver,pattern=v{{major}}.{{minor}}
+    type=semver,pattern=v{{major}}
+
+jobs:
+  build:
+    strategy:
+      matrix:
+        build:
+          - arch: amd64
+            dockerPlatform: linux/amd64
+            image: linux-5.0
+          - arch: arm64
+            dockerPlatform: linux/arm64/v8
+            image: arm-3.0
+    runs-on:
+      - codebuild-imgproxy-${{ github.run_id }}-${{ github.run_attempt }}
+      - image:${{ matrix.build.image }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.DOCKER_META_IMAGES }}
+          tags: ${{ env.DOCKER_META_TAGS }}
+          flavor: |
+            latest=false
+            suffix=-${{ matrix.build.arch }}
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ./docker/Dockerfile
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: ${{ matrix.build.dockerPlatform }}
+          push: true
+
+  push_manifests:
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.DOCKER_META_IMAGES }}
+          tags: ${{ env.DOCKER_META_TAGS }}
+          flavor: |
+            latest=false
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Push manifests
+        run: |
+          for tag in ${{ join(fromJSON(steps.meta.outputs.json).tags, ' ') }}
+          do
+            docker buildx imagetools create -t $tag ${tag}-amd64 ${tag}-arm64
+          done
+

.github/workflows/lint.yml → .github/workflows/ci.yml

@@ -1,13 +1,34 @@
-name: Lint
+name: CI
 
 on:
-  - push
-  - pull_request
+  workflow_call:
 
 env:
   CGO_LDFLAGS_ALLOW: "-s|-w"
 
 jobs:
+  test:
+    runs-on: ubuntu-latest
+    container:
+      image: darthsim/imgproxy-ci:202407111824
+    strategy:
+      matrix:
+        go-version: ["1.22.x", "1.21.x"]
+        vips-version: ["8.15", "8.14", "8.13"]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - uses: actions/setup-go@v4
+        with:
+          go-version: ${{ matrix.go-version }}
+      - name: Download mods
+        run: go mod download
+      - name: Test
+        run: go test ./...
+        env:
+          LD_LIBRARY_PATH: "/usr/local/lib:/root/vips/${{ matrix.vips-version }}/lib"
+          PKG_CONFIG_PATH: "/usr/local/lib/pkgconfig:/root/vips/${{ matrix.vips-version }}/lib/pkgconfig"
+
   lint:
     runs-on: ubuntu-latest
     container:

.github/workflows/on-push.yml

@@ -0,0 +1,17 @@
+name: OnPush
+
+on:
+  push:
+    branches: ["**"]
+  pull_request:
+
+jobs:
+  ci:
+    uses: ./.github/workflows/ci.yml
+
+  build:
+    if: github.event_name == 'push' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/heads/test/'))
+    needs: [ci]
+    uses: ./.github/workflows/build.yml
+    secrets: inherit
+

.github/workflows/release.yml

@@ -6,13 +6,23 @@ on:
       - 'v[0-9]+.[0-9]+.[0-9]+*'
 
 jobs:
+  ci:
+    uses: ./.github/workflows/ci.yml
+
+  build:
+    needs: [ci]
+    uses: ./.github/workflows/build.yml
+    secrets: inherit
+
   release:
+    needs: [build]
     runs-on: ubuntu-latest
     permissions:
       contents: write
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+
       - name: Prepare notes
         run: |
           # Extract changelog entries between this and previous version headers
@@ -26,6 +36,7 @@ jobs:
           else
             echo 'PRERELEASE="false"' >> $GITHUB_ENV
           fi
+
       - name: Release
         uses: softprops/action-gh-release@v1
         with:

.github/workflows/test.yml

@@ -1,31 +0,0 @@
-name: Test
-
-on:
-  - push
-  - pull_request
-
-env:
-  CGO_LDFLAGS_ALLOW: "-s|-w"
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    container:
-      image: darthsim/imgproxy-ci:202407111824
-    strategy:
-      matrix:
-        go-version: ["1.22.x", "1.21.x"]
-        vips-version: ["8.15", "8.14", "8.13"]
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
-        with:
-          go-version: ${{ matrix.go-version }}
-      - name: Download mods
-        run: go mod download
-      - name: Test
-        run: go test ./...
-        env:
-          LD_LIBRARY_PATH: "/usr/local/lib:/root/vips/${{ matrix.vips-version }}/lib"
-          PKG_CONFIG_PATH: "/usr/local/lib/pkgconfig:/root/vips/${{ matrix.vips-version }}/lib/pkgconfig"

README.md

@@ -19,8 +19,7 @@
 </h4>
 
 <p align="center">
-<a href="https://github.com/imgproxy/imgproxy/actions"><img alt="GH Test" src="https://img.shields.io/github/actions/workflow/status/imgproxy/imgproxy/test.yml?branch=master&label=Test&style=for-the-badge" /></a>
-<a href="https://github.com/imgproxy/imgproxy/actions"><img alt="GH Lint" src="https://img.shields.io/github/actions/workflow/status/imgproxy/imgproxy/lint.yml?branch=master&label=Lint&style=for-the-badge" /></a>
+<a href="https://github.com/imgproxy/imgproxy/actions"><img alt="CI" src="https://img.shields.io/github/actions/workflow/status/imgproxy/imgproxy/on-push.yml?branch=master&label=CI&style=for-the-badge" /></a>
 <a href="https://hub.docker.com/r/darthsim/imgproxy/"><img alt="Docker Pulls" src="https://img.shields.io/docker/pulls/darthsim/imgproxy.svg?logo=docker&logoColor=white&style=for-the-badge" /></a>
 </p>
 

cloudbuild.yaml

@@ -1,73 +0,0 @@
-steps:
-- id: docker_buildx
-  name: 'docker'
-  args:
-    - 'buildx'
-    - 'create'
-    - '--driver'
-    - 'docker-container'
-    - '--name'
-    - 'container'
-    - '--platform'
-    - 'linux/amd64,linux/arm64/v8'
-    - '--use'
-  waitFor: ["-"]
-
-- id: 'docker_amd64'
-  name: 'docker'
-  args:
-    - 'buildx'
-    - 'build'
-    - '--load'
-    - '-t'
-    - 'darthsim/imgproxy:$TAG_NAME-amd64'
-    - '-f'
-    - 'docker/Dockerfile'
-    - '--platform'
-    - 'linux/amd64'
-    - '.'
-  env:
-    - DOCKER_BUILDKIT=1
-  waitFor: ["docker_buildx"]
-
-- id: 'docker_arm64'
-  name: 'docker'
-  args:
-    - 'buildx'
-    - 'build'
-    - '--load'
-    - '-t'
-    - 'darthsim/imgproxy:$TAG_NAME-arm64'
-    - '-f'
-    - 'docker/Dockerfile'
-    - '--platform'
-    - 'linux/arm64/v8'
-    - '.'
-  env:
-    - DOCKER_BUILDKIT=1
-  waitFor: ["docker_buildx"]
-
-- id: 'push'
-  name: 'docker'
-  entrypoint: 'sh'
-  args:
-    - '-c'
-    - |
-      apk add --no-cache bash \
-      && docker login -u darthsim -p $$DOCKER_HUB_TOKEN \
-      && docker/push-images.sh ${TAG_NAME}
-  secretEnv: ['DOCKER_HUB_TOKEN']
-  waitFor: ['docker_amd64', 'docker_arm64']
-
-
-availableSecrets:
-  secretManager:
-    - versionName: projects/${PROJECT_ID}/secrets/DOCKER_HUB_TOKEN/versions/latest
-      env: DOCKER_HUB_TOKEN
-
-options:
-  machineType: 'E2_HIGHCPU_8'
-  logging: CLOUD_LOGGING_ONLY
-  dynamicSubstitutions: true
-
-timeout: 1200s

docker/push-images.sh

@@ -1,42 +0,0 @@
-#!/bin/bash
-
-set -e
-
-TAG_NAME=${1:-latest}
-REPO_NAME="darthsim/imgproxy"
-
-IMAGE_NAME="$REPO_NAME:$TAG_NAME"
-
-echo "Image name: $IMAGE_NAME"
-
-export DOCKER_CLI_EXPERIMENTAL=enabled
-
-docker push $IMAGE_NAME-amd64
-docker push $IMAGE_NAME-arm64
-
-push_manifest() {
-  docker manifest create $1 -a $2-amd64 -a $2-arm64
-  docker manifest annotate $1 $2-amd64 --arch amd64
-  docker manifest annotate $1 $2-arm64 --arch arm64 --variant v8
-  docker manifest push $1
-}
-
-push_manifest $IMAGE_NAME $IMAGE_NAME
-
-re="^v([0-9]+)\.([0-9]+)\.([0-9]+)$"
-
-if [[ $TAG_NAME =~ $re ]]; then
-  MINOR_IMAGE_NAME="$REPO_NAME:v${BASH_REMATCH[1]}.${BASH_REMATCH[2]}"
-  docker tag $IMAGE_NAME-amd64 $MINOR_IMAGE_NAME-amd64
-  docker push $MINOR_IMAGE_NAME-amd64
-  docker tag $IMAGE_NAME-arm64 $MINOR_IMAGE_NAME-arm64
-  docker push $MINOR_IMAGE_NAME-arm64
-  push_manifest $MINOR_IMAGE_NAME $IMAGE_NAME
-
-  MAJOR_IMAGE_NAME="$REPO_NAME:v${BASH_REMATCH[1]}"
-  docker tag $IMAGE_NAME-amd64 $MAJOR_IMAGE_NAME-amd64
-  docker push $MAJOR_IMAGE_NAME-amd64
-  docker tag $IMAGE_NAME-arm64 $MAJOR_IMAGE_NAME-arm64
-  docker push $MAJOR_IMAGE_NAME-arm64
-  push_manifest $MAJOR_IMAGE_NAME $IMAGE_NAME
-fi