test digest or canonical reference, not only tag, when checking if an image is already present #7645
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| on: | |
| push: | |
| branches: | |
| - 'main' | |
| tags: | |
| - 'v*' | |
| pull_request: | |
| workflow_dispatch: | |
| inputs: | |
| debug_enabled: | |
| description: 'To run with tmate enter "debug_enabled"' | |
| required: false | |
| default: "false" | |
| permissions: | |
| contents: read # to fetch code (actions/checkout) | |
| jobs: | |
| prepare: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.platforms.outputs.matrix }} | |
| steps: | |
| - | |
| name: Checkout | |
| uses: actions/checkout@v4 | |
| - | |
| name: Create matrix | |
| id: platforms | |
| run: | | |
| echo matrix=$(docker buildx bake binary-cross --print | jq -cr '.target."binary-cross".platforms') >> $GITHUB_OUTPUT | |
| - | |
| name: Show matrix | |
| run: | | |
| echo ${{ steps.platforms.outputs.matrix }} | |
| validate: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: | |
| - lint | |
| - validate-go-mod | |
| - validate-headers | |
| - validate-docs | |
| steps: | |
| - | |
| name: Checkout | |
| uses: actions/checkout@v4 | |
| - | |
| name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - | |
| name: Run | |
| run: | | |
| make ${{ matrix.target }} | |
| binary: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - prepare | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| platform: ${{ fromJson(needs.prepare.outputs.matrix) }} | |
| steps: | |
| - | |
| name: Checkout | |
| uses: actions/checkout@v4 | |
| - | |
| name: Prepare | |
| run: | | |
| platform=${MATRIX_PLATFORM} | |
| echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV | |
| env: | |
| MATRIX_PLATFORM: ${{ matrix.platform }} | |
| - | |
| name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - | |
| name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - | |
| name: Build | |
| uses: docker/bake-action@v6 | |
| with: | |
| source: . | |
| targets: release | |
| provenance: mode=max | |
| sbom: true | |
| set: | | |
| *.platform=${{ matrix.platform }} | |
| *.cache-from=type=gha,scope=binary-${{ env.PLATFORM_PAIR }} | |
| *.cache-to=type=gha,scope=binary-${{ env.PLATFORM_PAIR }},mode=max | |
| - | |
| name: Rename provenance and sbom | |
| working-directory: ./bin/release | |
| run: | | |
| binname=$(find . -name 'docker-compose-*') | |
| filename=$(basename "$binname" | sed -E 's/\.exe$//') | |
| mv "provenance.json" "${filename}.provenance.json" | |
| mv "sbom-binary.spdx.json" "${filename}.sbom.json" | |
| find . -name 'sbom*.json' -exec rm {} \; | |
| - | |
| name: List artifacts | |
| run: | | |
| tree -nh ./bin/release | |
| - | |
| name: Upload artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: compose-${{ env.PLATFORM_PAIR }} | |
| path: ./bin/release | |
| if-no-files-found: error | |
| test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - | |
| name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - | |
| name: Test | |
| uses: docker/bake-action@v6 | |
| with: | |
| targets: test | |
| set: | | |
| *.cache-from=type=gha,scope=test | |
| *.cache-to=type=gha,scope=test | |
| - | |
| name: Gather coverage data | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: coverage-data-unit | |
| path: bin/coverage/unit/ | |
| if-no-files-found: error | |
| - | |
| name: Unit Test Summary | |
| uses: test-summary/action@v2 | |
| with: | |
| paths: bin/coverage/unit/report.xml | |
| if: always() | |
| e2e: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| mode: | |
| - plugin | |
| - standalone | |
| engine: | |
| - 27 # old stable (latest major - 1) | |
| - 28 # current stable | |
| steps: | |
| - name: Prepare | |
| run: | | |
| mode=${{ matrix.mode }} | |
| engine=${{ matrix.engine }} | |
| echo "MODE_ENGINE_PAIR=${mode}-${engine}" >> $GITHUB_ENV | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install Docker ${{ matrix.engine }} | |
| run: | | |
| sudo systemctl stop docker.service | |
| sudo apt-get purge docker-ce docker-ce-cli containerd.io docker-compose-plugin docker-ce-rootless-extras docker-buildx-plugin | |
| sudo apt-get install curl | |
| curl -fsSL https://test.docker.com -o get-docker.sh | |
| sudo sh ./get-docker.sh --version ${{ matrix.engine }} | |
| - name: Check Docker Version | |
| run: docker --version | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Set up Docker Model | |
| run: | | |
| sudo apt-get install docker-model-plugin | |
| docker model version | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: 'go.mod' | |
| check-latest: true | |
| cache: true | |
| - name: Build example provider | |
| run: make example-provider | |
| - name: Build | |
| uses: docker/bake-action@v6 | |
| with: | |
| source: . | |
| targets: binary-with-coverage | |
| set: | | |
| *.cache-from=type=gha,scope=binary-linux-amd64 | |
| *.cache-from=type=gha,scope=binary-e2e-${{ matrix.mode }} | |
| *.cache-to=type=gha,scope=binary-e2e-${{ matrix.mode }},mode=max | |
| env: | |
| BUILD_TAGS: e2e | |
| - name: Setup tmate session | |
| if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.debug_enabled }} | |
| uses: mxschmitt/action-tmate@8b4e4ac71822ed7e0ad5fb3d1c33483e9e8fb270 # v3.11 | |
| with: | |
| limit-access-to-actor: true | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Test plugin mode | |
| if: ${{ matrix.mode == 'plugin' }} | |
| run: | | |
| rm -rf ./bin/coverage/e2e | |
| mkdir -p ./bin/coverage/e2e | |
| make e2e-compose GOCOVERDIR=bin/coverage/e2e TEST_FLAGS="-v" | |
| - name: Gather coverage data | |
| if: ${{ matrix.mode == 'plugin' }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: coverage-data-e2e-${{ env.MODE_ENGINE_PAIR }} | |
| path: bin/coverage/e2e/ | |
| if-no-files-found: error | |
| - name: Test standalone mode | |
| if: ${{ matrix.mode == 'standalone' }} | |
| run: | | |
| rm -f /usr/local/bin/docker-compose | |
| cp bin/build/docker-compose /usr/local/bin | |
| make e2e-compose-standalone | |
| - name: e2e Test Summary | |
| uses: test-summary/action@v2 | |
| with: | |
| paths: /tmp/report/report.xml | |
| if: always() | |
| coverage: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - test | |
| - e2e | |
| steps: | |
| # codecov won't process the report without the source code available | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: 'go.mod' | |
| check-latest: true | |
| - name: Download unit test coverage | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: coverage-data-unit | |
| path: coverage/unit | |
| merge-multiple: true | |
| - name: Download E2E test coverage | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: coverage-data-e2e-* | |
| path: coverage/e2e | |
| merge-multiple: true | |
| - name: Merge coverage reports | |
| run: | | |
| go tool covdata textfmt -i=./coverage/unit,./coverage/e2e -o ./coverage.txt | |
| - name: Store coverage report in GitHub Actions | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: go-covdata-txt | |
| path: ./coverage.txt | |
| if-no-files-found: error | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v3 | |
| with: | |
| files: ./coverage.txt | |
| release: | |
| permissions: | |
| contents: write # to create a release (ncipollo/release-action) | |
| runs-on: ubuntu-latest | |
| needs: | |
| - binary | |
| steps: | |
| - | |
| name: Checkout | |
| uses: actions/checkout@v4 | |
| - | |
| name: Download artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: compose-* | |
| path: ./bin/release | |
| merge-multiple: true | |
| - | |
| name: Create checksums | |
| working-directory: ./bin/release | |
| run: | | |
| find . -type f -print0 | sort -z | xargs -r0 shasum -a 256 -b | sed 's# \*\./# *#' > $RUNNER_TEMP/checksums.txt | |
| shasum -a 256 -U -c $RUNNER_TEMP/checksums.txt | |
| mv $RUNNER_TEMP/checksums.txt . | |
| cat checksums.txt | while read sum file; do | |
| if [[ "${file#\*}" == docker-compose-* && "${file#\*}" != *.provenance.json && "${file#\*}" != *.sbom.json ]]; then | |
| echo "$sum $file" > ${file#\*}.sha256 | |
| fi | |
| done | |
| - | |
| name: List artifacts | |
| run: | | |
| tree -nh ./bin/release | |
| - | |
| name: Check artifacts | |
| run: | | |
| find bin/release -type f -exec file -e ascii -- {} + | |
| - | |
| name: GitHub Release | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| uses: ncipollo/release-action@58ae73b360456532aafd58ee170c045abbeaee37 # v1.10.0 | |
| with: | |
| artifacts: ./bin/release/* | |
| generateReleaseNotes: true | |
| draft: true | |
| token: ${{ secrets.GITHUB_TOKEN }} |