From d064ad5171ae987bce7230d8e3aa5ae126319a4a Mon Sep 17 00:00:00 2001 From: Ryo Takaishi Date: Sun, 9 Feb 2025 18:24:42 +0900 Subject: [PATCH 1/7] use arm runner --- .github/workflows/build-branch.yml | 6 +++--- .github/workflows/build-tag.yml | 2 +- Dockerfile | 8 ++++---- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build-branch.yml b/.github/workflows/build-branch.yml index 5ec118ca2..3da7094c4 100644 --- a/.github/workflows/build-branch.yml +++ b/.github/workflows/build-branch.yml @@ -9,7 +9,7 @@ jobs: strategy: matrix: runs-on: - - "ubuntu-latest" + - "ubuntu-24.04-arm" runs-on: ${{ matrix.runs-on }} timeout-minutes: 10 if: github.event.pusher.name != 'dreamkast-cloudnativedays' @@ -66,7 +66,7 @@ jobs: cache-to: type=gha,mode=max merge-images: - runs-on: "ubuntu-latest" + runs-on: "ubuntu-24.04-arm" timeout-minutes: 10 needs: ["build"] steps: @@ -89,7 +89,7 @@ jobs: image_tag_sha="${{ steps.login-ecr.outputs.registry }}/dreamkast-ecs:${{ github.sha }}" docker buildx imagetools create \ --tag ${image_tag_sha} \ - ${image_tag_sha}-amd64 + ${image_tag_sha}-arm64 # - name: Run Trivy vulnerability scanner # uses: aquasecurity/trivy-action@master diff --git a/.github/workflows/build-tag.yml b/.github/workflows/build-tag.yml index ee46db026..5f9a33635 100644 --- a/.github/workflows/build-tag.yml +++ b/.github/workflows/build-tag.yml @@ -6,7 +6,7 @@ on: jobs: build: - runs-on: ubuntu-latest + runs-on: "ubuntu-24.04-arm" steps: - uses: actions/checkout@v4 diff --git a/Dockerfile b/Dockerfile index ec10bc9ab..a99e0e7f5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -47,10 +47,10 @@ ENV RAILS_ENV=${RAILS_ENV}, RAILS_LOG_TO_STDOUT=ON, RAILS_SERVE_STATIC_FILES=ena WORKDIR /app COPY --link --from=node /app/node_modules /app/node_modules COPY --link --from=fetch-lib /usr/local/bundle /usr/local/bundle -RUN apt-get update && apt-get -y install wget libmariadb3 libvips42 \ - && wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb \ - && apt install -y ./google-chrome-stable_current_amd64.deb \ - && apt-get clean && rm -rf /var/lib/apt/lists/* +RUN apt-get update && apt-get -y install wget libmariadb3 libvips42 chromium && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* +ENV CHROME_BIN=/usr/bin/chromium COPY --link . . COPY --link --from=asset-compile /app/public /app/public EXPOSE 3000 From cdaca9d3d6f32cb30da4a3c48f5cad382cda366a Mon Sep 17 00:00:00 2001 From: Ryo Takaishi Date: Tue, 11 Feb 2025 09:38:50 +0900 Subject: [PATCH 2/7] wip --- .github/workflows/build-branch.yml | 18 ++++++++-- .github/workflows/build-tag.yml | 55 +++++++++++++++++++++++++++++- 2 files changed, 70 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-branch.yml b/.github/workflows/build-branch.yml index 3da7094c4..eb8995002 100644 --- a/.github/workflows/build-branch.yml +++ b/.github/workflows/build-branch.yml @@ -9,6 +9,7 @@ jobs: strategy: matrix: runs-on: + - "ubuntu-24.04" - "ubuntu-24.04-arm" runs-on: ${{ matrix.runs-on }} timeout-minutes: 10 @@ -66,10 +67,23 @@ jobs: cache-to: type=gha,mode=max merge-images: - runs-on: "ubuntu-24.04-arm" + runs-on: + - "ubuntu-24.04" + - "ubuntu-24.04-arm" timeout-minutes: 10 needs: ["build"] steps: + - name: Prepare-tag + id: tags + run: | + arch="" + # https://docs.github.com/en/actions/learn-github-actions/contexts#runner-context + case "${{ runner.arch }}" in + "X64" ) arch="amd64" ;; + "ARM64" ) arch="arm64" ;; + esac + echo "tag=${arch}" >> $GITHUB_OUTPUT + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 @@ -89,7 +103,7 @@ jobs: image_tag_sha="${{ steps.login-ecr.outputs.registry }}/dreamkast-ecs:${{ github.sha }}" docker buildx imagetools create \ --tag ${image_tag_sha} \ - ${image_tag_sha}-arm64 + ${image_tag_sha}-${{ steps.tags.outputs.tag }} # - name: Run Trivy vulnerability scanner # uses: aquasecurity/trivy-action@master diff --git a/.github/workflows/build-tag.yml b/.github/workflows/build-tag.yml index 5f9a33635..fffd42445 100644 --- a/.github/workflows/build-tag.yml +++ b/.github/workflows/build-tag.yml @@ -6,7 +6,9 @@ on: jobs: build: - runs-on: "ubuntu-24.04-arm" + runs-on: + - "ubuntu-24.04" + - "ubuntu-24.04-arm" steps: - uses: actions/checkout@v4 @@ -34,6 +36,17 @@ jobs: type=sha,prefix=,format=long type=ref,event=tag + - name: Prepare-tag + id: tags + run: | + arch="" + # https://docs.github.com/en/actions/learn-github-actions/contexts#runner-context + case "${{ runner.arch }}" in + "X64" ) arch="amd64" ;; + "ARM64" ) arch="arm64" ;; + esac + echo "tag=${{ github.sha }}-${arch}" >> $GITHUB_OUTPUT + - name: Build id: docker_build uses: docker/build-push-action@v6 @@ -46,3 +59,43 @@ jobs: labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max + + merge-images: + runs-on: + - "ubuntu-24.04" + - "ubuntu-24.04-arm" + timeout-minutes: 10 + needs: ["build"] + steps: + - name: Prepare-tag + id: tags + run: | + arch="" + # https://docs.github.com/en/actions/learn-github-actions/contexts#runner-context + case "${{ runner.arch }}" in + "X64" ) arch="amd64" ;; + "ARM64" ) arch="arm64" ;; + esac + echo "tag=${arch}" >> $GITHUB_OUTPUT + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: us-west-2 + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + + - name: Create a New Image + run: | + image_tag_sha="${{ steps.login-ecr.outputs.registry }}/dreamkast-ecs:${{ github.sha }}" + docker buildx imagetools create \ + --tag ${image_tag_sha} \ + ${image_tag_sha}-${{ steps.tags.outputs.tag }} + From 8b989ee20d2c77574629f763e9482f1fa9e09cc5 Mon Sep 17 00:00:00 2001 From: Ryo Takaishi Date: Tue, 11 Feb 2025 09:58:30 +0900 Subject: [PATCH 3/7] wip --- .github/workflows/build-branch.yml | 64 +++++++++++++++------------ .github/workflows/build-tag.yml | 71 +++++++++++++++++------------- 2 files changed, 75 insertions(+), 60 deletions(-) diff --git a/.github/workflows/build-branch.yml b/.github/workflows/build-branch.yml index eb8995002..17b59de3e 100644 --- a/.github/workflows/build-branch.yml +++ b/.github/workflows/build-branch.yml @@ -15,33 +15,16 @@ jobs: timeout-minutes: 10 if: github.event.pusher.name != 'dreamkast-cloudnativedays' steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Set up Docker Buildx + - uses: actions/checkout@v4 + - uses: docker/setup-buildx-action@v3 id: buildx - uses: docker/setup-buildx-action@v3 - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + - uses: aws-actions/configure-aws-credentials@v4 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: us-west-2 - - - name: Login to Amazon ECR + - uses: aws-actions/amazon-ecr-login@v2 id: login-ecr - uses: aws-actions/amazon-ecr-login@v2 - - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ steps.login-ecr.outputs.registry }}/dreamkast-ecs - tags: | - type=sha,prefix=,format=long - type=ref,event=branch - - name: Prepare-tag id: tags run: | @@ -52,13 +35,13 @@ jobs: "ARM64" ) arch="arm64" ;; esac echo "tag=${{ github.sha }}-${arch}" >> $GITHUB_OUTPUT - - name: Build id: docker_build uses: docker/build-push-action@v6 with: context: ./ file: ./Dockerfile + builder: ${{ steps.buildx.outputs.name }} push: true tags: ${{ steps.login-ecr.outputs.registry }}/dreamkast-ecs:${{ steps.tags.outputs.tag }} provenance: false @@ -67,12 +50,23 @@ jobs: cache-to: type=gha,mode=max merge-images: - runs-on: - - "ubuntu-24.04" - - "ubuntu-24.04-arm" + strategy: + matrix: + runs-on: + - "ubuntu-24.04" + - "ubuntu-24.04-arm" + runs-on: ${{ matrix.runs-on }} timeout-minutes: 10 needs: ["build"] steps: + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ steps.login-ecr.outputs.registry }}/dreamkast-ecs + tags: | + type=sha,prefix=,format=long + type=ref,event=branch - name: Prepare-tag id: tags run: | @@ -83,7 +77,6 @@ jobs: "ARM64" ) arch="arm64" ;; esac echo "tag=${arch}" >> $GITHUB_OUTPUT - - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 @@ -101,9 +94,22 @@ jobs: - name: Create a New Image run: | image_tag_sha="${{ steps.login-ecr.outputs.registry }}/dreamkast-ecs:${{ github.sha }}" - docker buildx imagetools create \ - --tag ${image_tag_sha} \ - ${image_tag_sha}-${{ steps.tags.outputs.tag }} + + # Create array of image tags from meta output + image_tags=() + for tag in ${{ steps.meta.outputs.tags }}; do + image_tags+=("${tag}-${{ steps.tags.outputs.tag }}") + done + + # Join all tags with comma for buildx imagetools create command + joined_tags=$(IFS=,; echo "${image_tags[*]}") + + # Create manifest lists for each tag from meta output + for tag in ${{ steps.meta.outputs.tags }}; do + docker buildx imagetools create \ + --tag ${tag} \ + ${image_tag_sha}-${{ steps.tags.outputs.tag }} + # - name: Run Trivy vulnerability scanner # uses: aquasecurity/trivy-action@master diff --git a/.github/workflows/build-tag.yml b/.github/workflows/build-tag.yml index fffd42445..96734aece 100644 --- a/.github/workflows/build-tag.yml +++ b/.github/workflows/build-tag.yml @@ -6,36 +6,24 @@ on: jobs: build: - runs-on: - - "ubuntu-24.04" - - "ubuntu-24.04-arm" + strategy: + matrix: + runs-on: + - "ubuntu-24.04" + - "ubuntu-24.04-arm" + runs-on: ${{ matrix.runs-on }} + timeout-minutes: 10 steps: - uses: actions/checkout@v4 - - - name: Set up Docker Buildx + - uses: docker/setup-buildx-action@v3 id: buildx - uses: docker/setup-buildx-action@v3 - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + - uses: aws-actions/configure-aws-credentials@v4 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: ap-northeast-1 - - - name: Login to Amazon ECR + - uses: aws-actions/amazon-ecr-login@v2 id: login-ecr - uses: aws-actions/amazon-ecr-login@v2 - - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ steps.login-ecr.outputs.registry }}/dreamkast-ecs - tags: | - type=sha,prefix=,format=long - type=ref,event=tag - - name: Prepare-tag id: tags run: | @@ -46,7 +34,6 @@ jobs: "ARM64" ) arch="arm64" ;; esac echo "tag=${{ github.sha }}-${arch}" >> $GITHUB_OUTPUT - - name: Build id: docker_build uses: docker/build-push-action@v6 @@ -55,18 +42,30 @@ jobs: file: ./Dockerfile builder: ${{ steps.buildx.outputs.name }} push: true - tags: ${{ steps.meta.outputs.tags }} + tags: ${{ steps.login-ecr.outputs.registry }}/dreamkast-ecs:${{ steps.tags.outputs.tag }} + provenance: false labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max merge-images: - runs-on: - - "ubuntu-24.04" - - "ubuntu-24.04-arm" + strategy: + matrix: + runs-on: + - "ubuntu-24.04" + - "ubuntu-24.04-arm" + runs-on: ${{ matrix.runs-on }} timeout-minutes: 10 needs: ["build"] steps: + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ steps.login-ecr.outputs.registry }}/dreamkast-ecs + tags: | + type=sha,prefix=,format=long + type=ref,event=tag - name: Prepare-tag id: tags run: | @@ -77,7 +76,6 @@ jobs: "ARM64" ) arch="arm64" ;; esac echo "tag=${arch}" >> $GITHUB_OUTPUT - - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 @@ -95,7 +93,18 @@ jobs: - name: Create a New Image run: | image_tag_sha="${{ steps.login-ecr.outputs.registry }}/dreamkast-ecs:${{ github.sha }}" - docker buildx imagetools create \ - --tag ${image_tag_sha} \ - ${image_tag_sha}-${{ steps.tags.outputs.tag }} + # Create array of image tags from meta output + image_tags=() + for tag in ${{ steps.meta.outputs.tags }}; do + image_tags+=("${tag}-${{ steps.tags.outputs.tag }}") + done + + # Join all tags with comma for buildx imagetools create command + joined_tags=$(IFS=,; echo "${image_tags[*]}") + + # Create manifest lists for each tag from meta output + for tag in ${{ steps.meta.outputs.tags }}; do + docker buildx imagetools create \ + --tag ${tag} \ + ${image_tag_sha}-${{ steps.tags.outputs.tag }} \ No newline at end of file From 4d3e9eac4af79e9acf1f61b335461a1587a90963 Mon Sep 17 00:00:00 2001 From: Ryo Takaishi Date: Tue, 11 Feb 2025 10:06:36 +0900 Subject: [PATCH 4/7] wip --- .github/workflows/build-branch.yml | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/.github/workflows/build-branch.yml b/.github/workflows/build-branch.yml index 17b59de3e..08546d9f4 100644 --- a/.github/workflows/build-branch.yml +++ b/.github/workflows/build-branch.yml @@ -94,17 +94,6 @@ jobs: - name: Create a New Image run: | image_tag_sha="${{ steps.login-ecr.outputs.registry }}/dreamkast-ecs:${{ github.sha }}" - - # Create array of image tags from meta output - image_tags=() - for tag in ${{ steps.meta.outputs.tags }}; do - image_tags+=("${tag}-${{ steps.tags.outputs.tag }}") - done - - # Join all tags with comma for buildx imagetools create command - joined_tags=$(IFS=,; echo "${image_tags[*]}") - - # Create manifest lists for each tag from meta output for tag in ${{ steps.meta.outputs.tags }}; do docker buildx imagetools create \ --tag ${tag} \ From b320cbfcf35fd5642c3f8c91760cc59d104dfd90 Mon Sep 17 00:00:00 2001 From: Ryo Takaishi Date: Tue, 11 Feb 2025 10:09:59 +0900 Subject: [PATCH 5/7] wip --- .github/workflows/build-branch.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/build-branch.yml b/.github/workflows/build-branch.yml index 08546d9f4..e653580f9 100644 --- a/.github/workflows/build-branch.yml +++ b/.github/workflows/build-branch.yml @@ -95,6 +95,10 @@ jobs: run: | image_tag_sha="${{ steps.login-ecr.outputs.registry }}/dreamkast-ecs:${{ github.sha }}" for tag in ${{ steps.meta.outputs.tags }}; do + echo "tag=${tag}" + echo docker buildx imagetools create \ + --tag ${tag} \ + ${image_tag_sha}-${{ steps.tags.outputs.tag }} docker buildx imagetools create \ --tag ${tag} \ ${image_tag_sha}-${{ steps.tags.outputs.tag }} From a29b9e62fab1fb565ea18848e2ae1cae8f89b183 Mon Sep 17 00:00:00 2001 From: Ryo Takaishi Date: Tue, 11 Feb 2025 10:18:29 +0900 Subject: [PATCH 6/7] wip --- .github/workflows/build-branch.yml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/build-branch.yml b/.github/workflows/build-branch.yml index e653580f9..198bd3b45 100644 --- a/.github/workflows/build-branch.yml +++ b/.github/workflows/build-branch.yml @@ -59,6 +59,17 @@ jobs: timeout-minutes: 10 needs: ["build"] steps: + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: us-west-2 + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + - name: Docker meta id: meta uses: docker/metadata-action@v5 @@ -77,20 +88,9 @@ jobs: "ARM64" ) arch="arm64" ;; esac echo "tag=${arch}" >> $GITHUB_OUTPUT + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: us-west-2 - - - name: Login to Amazon ECR - id: login-ecr - uses: aws-actions/amazon-ecr-login@v2 - - name: Create a New Image run: | image_tag_sha="${{ steps.login-ecr.outputs.registry }}/dreamkast-ecs:${{ github.sha }}" From 593f65091a44b7e873f4cb7fff2d6bff1c89b05c Mon Sep 17 00:00:00 2001 From: Ryo Takaishi Date: Tue, 11 Feb 2025 10:22:36 +0900 Subject: [PATCH 7/7] wip --- .github/workflows/build-branch.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-branch.yml b/.github/workflows/build-branch.yml index 198bd3b45..e2a096a66 100644 --- a/.github/workflows/build-branch.yml +++ b/.github/workflows/build-branch.yml @@ -94,7 +94,10 @@ jobs: - name: Create a New Image run: | image_tag_sha="${{ steps.login-ecr.outputs.registry }}/dreamkast-ecs:${{ github.sha }}" - for tag in ${{ steps.meta.outputs.tags }}; do + # Convert space-separated tags to array + IFS=' ' read -r -a tags <<< "${{ steps.meta.outputs.tags }}" + + for tag in "${tags[@]}"; do echo "tag=${tag}" echo docker buildx imagetools create \ --tag ${tag} \