diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index a2674df6..854a5e01 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -15,17 +15,20 @@ jobs: ARCH: [x86_64, i386, armhf, aarch64] BUILD_TYPE: ["appimage"] USE_STATIC_RUNTIME: [""] + DISABLE_PUSH: [""] include: # test build - ARCH: x86_64 DOCKER_ARCH: amd64 BUILD_TYPE: coverage + DISABLE_PUSH: 1 # experimental build - ARCH: x86_64 BUILD_TYPE: appimage USE_STATIC_RUNTIME: 1 + DISABLE_PUSH: 1 fail-fast: false @@ -48,8 +51,21 @@ jobs: - name: Set up QEMU integration for Docker run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes + # using such an action is more secure than using custom scripts + - name: Log into quay.io + uses: docker/login-action@v3 + # secrets are not available when building a pull request + if: ${{ github.event_name != 'pull_request' }} + with: + username: ${{ secrets.QUAY_USERNAME }} + password: ${{ secrets.QUAY_PASSPHRASE }} + registry: quay.io + - name: Build run: bash ci/build-in-docker.sh + env: + CACHE_FROM: 1 + PUSH_IMAGE: ${{ (matrix.DISABLE_PUSH == '' && github.event_name != 'pull_request') && '1' || '' }} - name: Archive artifacts uses: actions/upload-artifact@v2 diff --git a/ci/build-in-docker.sh b/ci/build-in-docker.sh index 322a0b59..8c78fd42 100755 --- a/ci/build-in-docker.sh +++ b/ci/build-in-docker.sh @@ -57,20 +57,46 @@ else build_args+=("--pull") fi -image_tag="linuxdeploy-build:$ARCH" +image_tag="quay.io/theassassin/linuxdeploy-build:$ARCH" -docker build \ - --build-arg ARCH="$ARCH" \ - --build-arg docker_arch="$docker_arch" \ - "${build_args[@]}" \ - -t "$image_tag" \ - "$this_dir"/docker +if [[ "${CACHE_FROM:-}" != "" ]]; then + warning "using cached image from quay: $image_tag" + + build_args+=( + "--cache-from" + "$image_tag" + ) + + # need to be pulled manually for versions that do not use buildkit (yet), apparently + ( + set -x + docker pull "$image_tag" + ) +fi + +( + set -x + docker build \ + --build-arg ARCH="$ARCH" \ + --build-arg docker_arch="$docker_arch" \ + "${build_args[@]}" \ + -t "$image_tag" \ + "$this_dir"/docker +) + +# by default, we are not logged into the registry and therefore must not attempt to push the image +if [[ "${PUSH_IMAGE:-}" ]]; then + warning "pushing image to quay (requires login): $image_tag" + docker push "$image_tag" +else + warning "\$PUSH_IMAGE not set, not pushing image" +fi docker_args=() # only if there's more than 1G of free space in RAM, we can build in a RAM disk if [[ "${GITHUB_ACTIONS:-}" != "" ]]; then warning "Building on GitHub actions, which does not support --tmpfs flag -> building on regular disk" -elif [[ "$(free -m | grep "Mem:" | awk '{print $4}')" -gt 1024 ]]; then +elif [[ "$(env LC_ALL=C free -m | grep "Mem:" | awk '{print $4}')" -gt 1024 ]]; then info "Host system has enough free memory -> building in RAM disk" docker_args+=( "--tmpfs" @@ -92,7 +118,6 @@ if [ -t 1 ]; then docker_args+=("-t") fi -DOCKER_OPTS=() # fix for https://stackoverflow.com/questions/51195528/rcc-error-in-resource-qrc-cannot-find-file-png if [ "${CI:-}" != "" ]; then docker_args+=( @@ -106,17 +131,20 @@ fi # b) allow the build scripts to "mv" the binaries into the /out directory uid="${UID:-"$(id -u)"}" info "Running build with uid $uid" -docker run \ - --rm \ - -i \ - -e GITHUB_RUN_NUMBER \ - -e ARCH \ - -e BUILD_TYPE \ - -e USE_STATIC_RUNTIME \ - -e CI \ - --user "$uid" \ - "${docker_args[@]}" \ - -v "$(readlink -f "$this_dir"/..):/ws" \ - -w /ws \ - "$image_tag" \ - bash -xc "$build_script" +( + set -x + docker run \ + --rm \ + -i \ + -e GITHUB_RUN_NUMBER \ + -e ARCH \ + -e BUILD_TYPE \ + -e USE_STATIC_RUNTIME \ + -e CI \ + --user "$uid" \ + "${docker_args[@]}" \ + -v "$(readlink -f "$this_dir"/..):/ws" \ + -w /ws \ + "$image_tag" \ + bash -xc "$build_script" +)