Container Build #399
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Container Build" | |
| on: | |
| workflow_dispatch: # needed for manually running this workflow | |
| schedule: | |
| - cron: "15 3 * * *" # sadly there is no TZ support here | |
| push: | |
| branches: | |
| - "main" | |
| - "develop" | |
| permissions: | |
| contents: read | |
| packages: write | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 60 | |
| container: | |
| image: moby/buildkit:latest | |
| options: --privileged | |
| steps: | |
| - name: Ensure GNU tar is available | |
| run: | | |
| if command -v tar >/dev/null 2>&1; then | |
| if tar --version 2>/dev/null | grep -qi "gnu tar"; then | |
| echo "GNU tar already present"; exit 0; | |
| fi | |
| fi | |
| if command -v apt-get >/dev/null 2>&1; then | |
| apt-get update | |
| DEBIAN_FRONTEND=noninteractive apt-get install -y tar | |
| elif command -v apk >/dev/null 2>&1; then | |
| apk add --no-cache tar | |
| elif command -v yum >/dev/null 2>&1; then | |
| yum install -y tar | |
| else | |
| echo "Unable to install GNU tar: unsupported package manager" >&2 | |
| exit 1 | |
| fi | |
| command -v tar >/dev/null 2>&1 || { echo "tar still missing" >&2; exit 1; } | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Restore repository API cache | |
| id: repository-api-cache-restore | |
| uses: actions/cache/restore@v5 | |
| with: | |
| path: website/data/cache | |
| key: repository-api-cache-${{ github.ref_name }}-${{ github.run_id }} | |
| restore-keys: | | |
| repository-api-cache-${{ github.ref_name }}- | |
| repository-api-cache- | |
| - name: Ensure cache directory exists | |
| run: mkdir -p website/data/cache | |
| - name: Build container | |
| run: | | |
| RUN_KIND="${{ github.event_name }}" | |
| case "$RUN_KIND" in | |
| workflow_dispatch|schedule) | |
| # full run (manual trigger or cron) – build and push the image with ref-specific tag | |
| REPO="$(echo "$GITHUB_REPOSITORY" | tr "[:upper:]" "[:lower:]")" | |
| PARAMS="--output type=image,\"name=ghcr.io/${REPO}:${{ github.ref_name }}\",push=true" | |
| ;; | |
| *) | |
| # lightweight fallback (e.g. push event) – skip image push and use reduced wiki dataset | |
| PARAMS="--output type=image,push=false --opt build-arg:WIKI_FILE=website/test/3rd-Party-Modules.md" | |
| ;; | |
| esac | |
| # registry credentials | |
| export DOCKER_CONFIG="$(pwd)/container" | |
| echo "{\"auths\":{\"ghcr.io\":{\"auth\":\"$(echo -n ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} | base64 -w 0)\"}}}" > $DOCKER_CONFIG/config.json | |
| # build | |
| buildctl-daemonless.sh build \ | |
| --progress plain \ | |
| --frontend=dockerfile.v0 \ | |
| --local context=. \ | |
| --local dockerfile=container \ | |
| --opt build-arg:GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} \ | |
| $PARAMS \ | |
| --output type=local,dest=build-output | |
| if [ -d build-output/data/cache ]; then | |
| rm -rf website/data/cache | |
| mkdir -p website/data/cache | |
| cp -a build-output/data/cache/. website/data/cache/ | |
| fi | |
| # Extract skipped_modules.json for validation | |
| if [ -f build-output/data/skipped_modules.json ]; then | |
| mkdir -p website/data | |
| cp build-output/data/skipped_modules.json website/data/skipped_modules.json | |
| else | |
| # Create empty skipped_modules.json if pipeline didn't create it | |
| mkdir -p website/data | |
| echo '[]' > website/data/skipped_modules.json | |
| fi | |
| rm -rf build-output | |
| - name: Upload pipeline data for validation | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: website-data | |
| path: website/data/skipped_modules.json | |
| retention-days: 1 | |
| if-no-files-found: warn | |
| - name: Save repository API cache | |
| if: always() | |
| uses: actions/cache/save@v5 | |
| with: | |
| path: website/data/cache | |
| key: repository-api-cache-${{ github.ref_name }}-${{ github.run_id }} | |
| validate-skipped-modules: | |
| needs: build | |
| runs-on: ubuntu-slim | |
| timeout-minutes: 5 | |
| if: always() # Run even if build fails, as long as it completed | |
| steps: | |
| - name: Check out repository code | |
| uses: actions/checkout@v5 | |
| - name: Use Node.js | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: lts/* | |
| - name: Download pipeline data | |
| uses: actions/download-artifact@v7 | |
| with: | |
| name: website-data | |
| path: website/data | |
| - name: Validate no modules were skipped | |
| run: node scripts/validate-skipped-modules.js | |
| - name: Upload skipped modules report (if validation failed) | |
| if: failure() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: skipped-modules-report | |
| path: website/data/skipped_modules.json | |
| retention-days: 30 |