this should do it

SEAPUNK · May 13, 2024 · 647a3ad · 647a3ad
1 parent f65302f
commit 647a3ad
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 16 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -41,10 +41,12 @@ jobs:
         with:
           tags: |
             type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
+            type=ref,event=tag
             type=sha
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
 
       - name: Build Docker image
+        id: push
         env:
           IMAGE_TAGS: ${{ steps.meta.outputs.tags }}
           IMAGE_LABELS: ${{ steps.meta.outputs.tags }}
@@ -54,18 +56,9 @@ jobs:
           echo $IMAGE_LABELS
           bun run build-docker-image
 
-      # - name: Build and push Docker image
-      #   id: push
-      #   uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
-      #   with:
-      #     context: .
-      #     push: true
-      #     tags: ${{ steps.meta.outputs.tags }}
-      #     labels: ${{ steps.meta.outputs.labels }}
-
-      # - name: Generate artifact attestation
-      #   uses: actions/attest-build-provenance@v1
-      #   with:
-      #     subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-      #     subject-digest: ${{ steps.push.outputs.digest }}
-      #     push-to-registry: true
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          subject-digest: ${{ steps.push.outputs.digest }}
+          push-to-registry: true
diff --git a/packages/deploy/scripts/build-docker-image.ts b/packages/deploy/scripts/build-docker-image.ts
@@ -48,10 +48,43 @@ await $`git ls-files | tar Tzcfv - ${archivePath}`;
   exitCode && process.exit(exitCode);
 }
 
+function splitMultilineEnv(envvar: string) {
+  return envvar
+    .trim()
+    .split("\n")
+    .map((str) => str.trim());
+}
+
+// github CI: apply labels to images
+let imageLabelsArgs = { raw: "" };
+if (process.env.CI_IMAGE_LABELS) {
+  imageLabelsArgs = {
+    raw: splitMultilineEnv(process.env.CI_IMAGE_LABELS).reduce(
+      (arg, label) => `${arg} --label ${$.escape(label)}`,
+      "",
+    ),
+  };
+}
+
 // finally, get docker to build it
 {
   console.warn(chalk.magenta("Building docker image..."));
   let { exitCode } =
-    await $`docker build -t atsugami --build-arg GROUNDCONTROL_TAG=groundcontrol - < ${archivePath}`.nothrow();
+    await $`docker build -t atsugami ${imageLabelsArgs} --build-arg GROUNDCONTROL_TAG=groundcontrol - < ${archivePath}`.nothrow();
   exitCode && process.exit(exitCode);
 }
+
+// github CI: tag images, push them, and set image digest as the output
+if (process.env.CI_IMAGE_TAGS) {
+  let tags = splitMultilineEnv(process.env.CI_IMAGE_TAGS);
+  for (let tag of tags) {
+    console.warn(chalk.magenta(`Tagging and pushing ${chalk.cyan(tag)}`));
+    await $`docker tag atsugami ${tag}`;
+    await $`docker push ${tag}`;
+  }
+  console.warn(chalk.magenta(`Determining image digest...`));
+  let imageDigest = (
+    await $`docker inspect --format='{{.Id}}' atsugami`.text()
+  ).trim();
+  await $`echo ${`digest=${imageDigest}`} >> "$GITHUB_OUTPUT"`;
+}