direct push to ffgan repo #24

Workflow file for this run

.github/workflows/build-docker-images.yml at 25dbc62

	name: Docker Image Builder

	on:
	# workflow_dispatch:
	# schedule:
	# # Run once a week on Fridays
	# - cron: "0 0 * * FRI"
	# pull_request:
	# paths:
	# - ".github/workflows/build-docker-images.yml"
	# - "runners/**"
	# - "cryptography-linux/**"
	push:
	# branches:
	# - main
	# paths:
	# - ".github/workflows/build-docker-images.yml"
	# - "runners/**"
	# - "cryptography-linux/**"

	jobs:
	build-manylinux:
	runs-on: ${{ matrix.IMAGE.RUNNER }}
	# timeout-minutes: 10
	permissions:
	contents: read
	packages: write
	id-token: write
	attestations: write

	strategy:
	fail-fast: false
	matrix:
	IMAGE:
	# x86-64 manylinux images
	# - {
	# TAG_NAME: "cryptography-manylinux2014:x86_64",
	# DOCKERFILE_PATH: "cryptography-linux",
	# DOCKERFILE_WITH_NODEJS_PATH: "cryptography-linux-nodejs",
	# BUILD_ARGS: "PYCA_RELEASE=manylinux2014_x86_64",
	# RUNNER: "ubuntu-latest",
	# }
	# - {
	# TAG_NAME: "cryptography-manylinux_2_28:x86_64",
	# DOCKERFILE_PATH: "cryptography-linux",
	# DOCKERFILE_WITH_NODEJS_PATH: "cryptography-linux-nodejs",
	# BUILD_ARGS: "PYCA_RELEASE=manylinux_2_28_x86_64",
	# RUNNER: "ubuntu-latest",
	# }
	# - {
	# TAG_NAME: "cryptography-manylinux_2_34:x86_64",
	# DOCKERFILE_PATH: "cryptography-linux",
	# DOCKERFILE_WITH_NODEJS_PATH: "cryptography-linux-nodejs",
	# BUILD_ARGS: "PYCA_RELEASE=manylinux_2_34_x86_64",
	# RUNNER: "ubuntu-latest",
	# }
	# - {
	# TAG_NAME: "cryptography-musllinux_1_1:x86_64",
	# DOCKERFILE_PATH: "cryptography-linux",
	# DOCKERFILE_WITH_NODEJS_PATH: "cryptography-linux-nodejs",
	# BUILD_ARGS: "PYCA_RELEASE=musllinux_1_1_x86_64",
	# RUNNER: "ubuntu-latest",
	# }
	# - {
	# TAG_NAME: "cryptography-musllinux_1_2:x86_64",
	# DOCKERFILE_PATH: "cryptography-linux",
	# DOCKERFILE_WITH_NODEJS_PATH: "cryptography-linux-nodejs",
	# BUILD_ARGS: "PYCA_RELEASE=musllinux_1_2_x86_64",
	# RUNNER: "ubuntu-latest",
	# }

	# # aarch64 manylinux images
	# - {
	# TAG_NAME: "cryptography-manylinux2014_aarch64",
	# DOCKERFILE_PATH: "cryptography-linux",
	# DOCKERFILE_WITH_NODEJS_PATH: "cryptography-linux-nodejs",
	# BUILD_ARGS: "PYCA_RELEASE=manylinux2014_aarch64",
	# RUNNER: "ubuntu-24.04-arm",
	# }
	# - {
	# TAG_NAME: "cryptography-manylinux_2_28:aarch64",
	# DOCKERFILE_PATH: "cryptography-linux",
	# DOCKERFILE_WITH_NODEJS_PATH: "cryptography-linux-nodejs",
	# BUILD_ARGS: "PYCA_RELEASE=manylinux_2_28_aarch64",
	# RUNNER: "ubuntu-24.04-arm",
	# }
	# - {
	# TAG_NAME: "cryptography-manylinux_2_34:aarch64",
	# DOCKERFILE_PATH: "cryptography-linux",
	# DOCKERFILE_WITH_NODEJS_PATH: "cryptography-linux-nodejs",
	# BUILD_ARGS: "PYCA_RELEASE=manylinux_2_34_aarch64",
	# RUNNER: "ubuntu-24.04-arm",
	# }
	# - {
	# TAG_NAME: "cryptography-musllinux_1_1:aarch64",
	# DOCKERFILE_PATH: "cryptography-linux",
	# DOCKERFILE_WITH_NODEJS_PATH: "cryptography-linux-nodejs",
	# BUILD_ARGS: "PYCA_RELEASE=musllinux_1_1_aarch64",
	# RUNNER: "ubuntu-24.04-arm",
	# }
	# - {
	# TAG_NAME: "cryptography-musllinux_1_2:aarch64",
	# DOCKERFILE_PATH: "cryptography-linux",
	# DOCKERFILE_WITH_NODEJS_PATH: "cryptography-linux-nodejs",
	# BUILD_ARGS: "PYCA_RELEASE=musllinux_1_2_aarch64",
	# RUNNER: "ubuntu-24.04-arm",
	# }

	# # armv7l manylinux images
	# - {
	# TAG_NAME: "cryptography-manylinux_2_31:armv7l",
	# DOCKERFILE_PATH: "cryptography-linux",
	# DOCKERFILE_WITH_NODEJS_PATH: "cryptography-linux-nodejs",
	# DOCKER_PLATFORM: "linux/arm/v7",
	# BUILD_ARGS: "PYCA_RELEASE=manylinux_2_31_armv7l",
	# RUNNER: "ubuntu-24.04-arm",
	# }
	# - {
	# TAG_NAME: "cryptography-musllinux_1_2:armv7l",
	# DOCKERFILE_PATH: "cryptography-linux",
	# DOCKERFILE_WITH_NODEJS_PATH: "cryptography-linux-nodejs",
	# DOCKER_PLATFORM: "linux/arm/v7",
	# BUILD_ARGS: "PYCA_RELEASE=musllinux_1_2_armv7l",
	# RUNNER: "ubuntu-24.04-arm",
	# }

	# # ppc64le manylinux images
	# - {
	# TAG_NAME: "cryptography-manylinux_2_28:ppc64le",
	# DOCKERFILE_PATH: "cryptography-linux",
	# DOCKERFILE_WITH_NODEJS_PATH: "cryptography-linux-nodejs",
	# BUILD_ARGS: "PYCA_RELEASE=manylinux_2_28_ppc64le",
	# RUNNER: "ubuntu-24.04-ppc64le",
	# }
	# - {
	# TAG_NAME: "cryptography-manylinux_2_34:ppc64le",
	# DOCKERFILE_PATH: "cryptography-linux",
	# DOCKERFILE_WITH_NODEJS_PATH: "cryptography-linux-nodejs",
	# BUILD_ARGS: "PYCA_RELEASE=manylinux_2_34_ppc64le",
	# RUNNER: "ubuntu-24.04-ppc64le",
	# }
	- {
	TAG_NAME: "cryptography-manylinux_2_39:riscv64",
	DOCKERFILE_PATH: "cryptography-linux",
	DOCKERFILE_WITH_NODEJS_PATH: "cryptography-linux-nodejs",
	BUILD_ARGS: "PYCA_RELEASE=manylinux_2_39_riscv64",
	DOCKER_PLATFORM: "linux/riscv64",
	RUNNER: "ubuntu-24.04",
	}
	name: "${{ matrix.IMAGE.TAG_NAME }}"
	steps:
	- uses: actions/[email protected]
	with:
	persist-credentials: false
	- run: \|
	arch=$(echo "${{ runner.arch }}" \| tr '[:upper:]' '[:lower:]')
	NODE20_VERSION=$(cat staticnode/node-versions.json \| jq -r '.[] \| select(.version \| startswith("v20")) \| .version')
	NODE24_VERSION=$(cat staticnode/node-versions.json \| jq -r '.[] \| select(.version \| startswith("v24")) \| .version')

	echo "NODE20_ARCH_RELEASE=$arch:${NODE20_VERSION}" >> $GITHUB_ENV
	echo "NODE24_ARCH_RELEASE=$arch:${NODE24_VERSION}" >> $GITHUB_ENV
	# Pull the previous image, but if it fails return true anyway.
	# Sometimes we add new docker images and if they've never been pushed
	# they can't be pulled.
	- name: Pull existing image
	run: docker pull ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }} \|\| true
	if: github.event_name != 'schedule' && github.event_name != 'workflow_dispatch'

	- name: Get image name
	id: image-name
	run: \|
	ATTEST_IMAGE=$(echo "${{ matrix.IMAGE.TAG_NAME }}" \| cut -d ':' -f 1)
	echo "ATTEST_IMAGE=${ATTEST_IMAGE}" \| tee -a "$GITHUB_OUTPUT"

	- # Add support for more platforms with QEMU (optional)
	# https://github.com/docker/setup-qemu-action
	name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
	with:
	cache-binary: false
	driver: docker

	- name: Login to ghcr.io
	uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}
	if: (github.event_name == 'push' \|\| github.event_name == 'schedule' \|\| github.event_name == 'workflow_dispatch')
	- name: Build (and push if main) docker image
	uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
	id: docker-build-nonodejs
	with:
	context: ${{ matrix.IMAGE.DOCKERFILE_PATH }}
	cache-from: ghcr.io/ffgan/${{ matrix.IMAGE.TAG_NAME }}-nonodejs
	tags: ghcr.io/ffgan/${{ matrix.IMAGE.TAG_NAME }}-nonodejs
	platforms: ${{ matrix.IMAGE.DOCKER_PLATFORM }}
	pull: true
	build-args: \|
	${{ matrix.IMAGE.BUILD_ARGS }}
	push: true

	- name: Build (and push if main) docker image with nodejs
	uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
	if: ${{ matrix.IMAGE.DOCKER_PLATFORM }} != 'linux/riscv64'
	id: docker-build
	with:
	context: ${{ matrix.IMAGE.DOCKERFILE_WITH_NODEJS_PATH }}
	cache-from: \|
	ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }}
	ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }}-nonodejs
	tags: ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }}
	platforms: ${{ matrix.IMAGE.DOCKER_PLATFORM }}
	build-args: \|
	NODE20_ARCH_RELEASE=${{ env.NODE20_ARCH_RELEASE }}
	NODE24_ARCH_RELEASE=${{ env.NODE24_ARCH_RELEASE }}
	BASE_IMAGE_TAG=ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }}-nonodejs
	${{ matrix.IMAGE.BUILD_ARGS }}
	push: ${{ (github.event_name == 'push' \|\| github.event_name == 'schedule' \|\| github.event_name == 'workflow_dispatch') && github.ref == 'refs/heads/main' }}

	- uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
	with:
	subject-name: "ghcr.io/pyca/${{ steps.image-name.outputs.ATTEST_IMAGE }}"
	subject-digest: ${{ steps.docker-build.outputs.digest }}
	push-to-registry: true
	if: (github.event_name == 'push' \|\| github.event_name == 'schedule' \|\| github.event_name == 'workflow_dispatch') && github.ref == 'refs/heads/main'

	# build-distro:
	# runs-on: ${{ matrix.IMAGE.RUNNER }}
	# timeout-minutes: 10
	# permissions:
	# contents: read
	# packages: write
	# id-token: write
	# attestations: write

	# strategy:
	# fail-fast: false
	# matrix:
	# IMAGE:
	# # x86-64 distro images
	# - {
	# TAG_NAME: "cryptography-runner-rhel8",
	# DOCKERFILE_PATH: "runners/rhel",
	# BUILD_ARGS: "RELEASE=redhat/ubi8",
	# RUNNER: "ubuntu-latest",
	# }
	# - {
	# TAG_NAME: "cryptography-runner-rhel8-fips",
	# DOCKERFILE_PATH: "runners/rhel",
	# BUILD_ARGS: "FIPS=1\nRELEASE=redhat/ubi8",
	# RUNNER: "ubuntu-latest",
	# }
	# - {
	# TAG_NAME: "cryptography-runner-centos-stream9",
	# DOCKERFILE_PATH: "runners/rhel",
	# BUILD_ARGS: "RELEASE=quay.io/centos/centos:stream9",
	# RUNNER: "ubuntu-latest",
	# }
	# - {
	# TAG_NAME: "cryptography-runner-centos-stream9-fips",
	# DOCKERFILE_PATH: "runners/rhel",
	# BUILD_ARGS: "FIPS=1\nRELEASE=quay.io/centos/centos:stream9",
	# RUNNER: "ubuntu-latest",
	# }
	# - {
	# TAG_NAME: "cryptography-runner-centos-stream10",
	# DOCKERFILE_PATH: "runners/rhel",
	# BUILD_ARGS: "RELEASE=quay.io/centos/centos:stream10",
	# RUNNER: "ubuntu-latest",
	# }
	# - {
	# TAG_NAME: "cryptography-runner-centos-stream10-fips",
	# DOCKERFILE_PATH: "runners/rhel",
	# BUILD_ARGS: "FIPS=1\nRELEASE=quay.io/centos/centos:stream10",
	# RUNNER: "ubuntu-latest",
	# }

	# - {
	# TAG_NAME: "cryptography-runner-fedora",
	# DOCKERFILE_PATH: "runners/fedora",
	# RUNNER: "ubuntu-latest",
	# }
	# - {
	# TAG_NAME: "cryptography-runner-alpine",
	# DOCKERFILE_PATH: "runners/alpine",
	# RUNNER: "ubuntu-latest",
	# }

	# - {
	# TAG_NAME: "cryptography-runner-bullseye",
	# DOCKERFILE_PATH: "runners/debian",
	# BUILD_ARGS: "RELEASE=bullseye",
	# RUNNER: "ubuntu-latest",
	# }
	# - {
	# TAG_NAME: "cryptography-runner-bookworm",
	# DOCKERFILE_PATH: "runners/debian",
	# BUILD_ARGS: "RELEASE=bookworm",
	# RUNNER: "ubuntu-latest",
	# }
	# - {
	# TAG_NAME: "cryptography-runner-trixie",
	# DOCKERFILE_PATH: "runners/debian",
	# BUILD_ARGS: "RELEASE=trixie",
	# RUNNER: "ubuntu-latest",
	# }
	# - {
	# TAG_NAME: "cryptography-runner-sid",
	# DOCKERFILE_PATH: "runners/debian",
	# BUILD_ARGS: "RELEASE=sid",
	# RUNNER: "ubuntu-latest",
	# }

	# - {
	# TAG_NAME: "cryptography-runner-ubuntu-focal",
	# DOCKERFILE_PATH: "runners/ubuntu",
	# BUILD_ARGS: "RELEASE=focal",
	# RUNNER: "ubuntu-latest",
	# }
	# - {
	# TAG_NAME: "cryptography-runner-ubuntu-jammy",
	# DOCKERFILE_PATH: "runners/ubuntu",
	# BUILD_ARGS: "RELEASE=jammy",
	# RUNNER: "ubuntu-latest",
	# }
	# - {
	# TAG_NAME: "cryptography-runner-ubuntu-noble",
	# DOCKERFILE_PATH: "runners/ubuntu",
	# BUILD_ARGS: "RELEASE=noble",
	# RUNNER: "ubuntu-latest",
	# }
	# - {
	# TAG_NAME: "cryptography-runner-ubuntu-rolling",
	# DOCKERFILE_PATH: "runners/ubuntu",
	# BUILD_ARGS: "RELEASE=rolling",
	# RUNNER: "ubuntu-latest",
	# }

	# # aarch64 distro images
	# - {
	# TAG_NAME: "cryptography-runner-ubuntu-rolling:aarch64",
	# DOCKERFILE_PATH: "runners/ubuntu",
	# BUILD_ARGS: "RELEASE=rolling",
	# RUNNER: "ubuntu-24.04-arm",
	# }
	# - {
	# TAG_NAME: "cryptography-runner-alpine:aarch64",
	# DOCKERFILE_PATH: "runners/alpine",
	# RUNNER: "ubuntu-24.04-arm",
	# }

	# # armv7l distro images
	# - {
	# TAG_NAME: "cryptography-runner-ubuntu-rolling:armv7l",
	# DOCKERFILE_PATH: "runners/ubuntu",
	# DOCKER_PLATFORM: "linux/arm/v7",
	# BUILD_ARGS: "RELEASE=rolling",
	# RUNNER: "ubuntu-24.04-arm",
	# }
	# - {
	# TAG_NAME: "cryptography-runner-alpine:armv7l",
	# DOCKERFILE_PATH: "runners/alpine",
	# DOCKER_PLATFORM: "linux/arm/v7",
	# RUNNER: "ubuntu-24.04-arm",
	# }

	# # ppc64le distro images
	# - {
	# TAG_NAME: "cryptography-runner-ubuntu-rolling:ppc64le",
	# DOCKERFILE_PATH: "runners/ubuntu",
	# BUILD_ARGS: "RELEASE=rolling",
	# RUNNER: "ubuntu-24.04-ppc64le",
	# }

	# name: "${{ matrix.IMAGE.TAG_NAME }}"
	# steps:
	# - uses: actions/[email protected]
	# with:
	# persist-credentials: false
	# - run: \|
	# arch=$(echo "${{ runner.arch }}" \| tr '[:upper:]' '[:lower:]')
	# NODE20_VERSION=$(cat staticnode/node-versions.json \| jq -r '.[] \| select(.version \| startswith("v20")) \| .version')
	# NODE24_VERSION=$(cat staticnode/node-versions.json \| jq -r '.[] \| select(.version \| startswith("v24")) \| .version')

	# echo "NODE20_ARCH_RELEASE=$arch:${NODE20_VERSION}" >> $GITHUB_ENV
	# echo "NODE24_ARCH_RELEASE=$arch:${NODE24_VERSION}" >> $GITHUB_ENV
	# # Pull the previous image, but if it fails return true anyway.
	# # Sometimes we add new docker images and if they've never been pushed
	# # they can't be pulled.
	# - name: Pull existing image
	# run: docker pull ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }} \|\| true
	# if: github.event_name != 'schedule' && github.event_name != 'workflow_dispatch'

	# - name: Get image name
	# id: image-name
	# run: \|
	# ATTEST_IMAGE=$(echo "${{ matrix.IMAGE.TAG_NAME }}" \| cut -d ':' -f 1)
	# echo "ATTEST_IMAGE=${ATTEST_IMAGE}" \| tee -a "$GITHUB_OUTPUT"

	# - name: Set up Docker Buildx
	# uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
	# with:
	# cache-binary: false
	# - name: Login to ghcr.io
	# uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
	# with:
	# registry: ghcr.io
	# username: ${{ github.actor }}
	# password: ${{ secrets.GITHUB_TOKEN }}
	# if: (github.event_name == 'push' \|\| github.event_name == 'schedule' \|\| github.event_name == 'workflow_dispatch') && github.ref == 'refs/heads/main'
	# - name: Build (and push if main) docker image
	# uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
	# id: docker-build
	# with:
	# context: ${{ matrix.IMAGE.DOCKERFILE_PATH }}
	# cache-from: ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }}
	# tags: ghcr.io/pyca/${{ matrix.IMAGE.TAG_NAME }}
	# platforms: ${{ matrix.IMAGE.DOCKER_PLATFORM }}
	# pull: true
	# build-args: \|
	# NODE20_ARCH_RELEASE=${{ env.NODE20_ARCH_RELEASE }}
	# NODE24_ARCH_RELEASE=${{ env.NODE24_ARCH_RELEASE }}
	# ${{ matrix.IMAGE.BUILD_ARGS }}
	# push: ${{ (github.event_name == 'push' \|\| github.event_name == 'schedule' \|\| github.event_name == 'workflow_dispatch') && github.ref == 'refs/heads/main' }}
	# - uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
	# with:
	# subject-name: "ghcr.io/pyca/${{ steps.image-name.outputs.ATTEST_IMAGE }}"
	# subject-digest: ${{ steps.docker-build.outputs.digest }}
	# push-to-registry: true
	# if: (github.event_name == 'push' \|\| github.event_name == 'schedule' \|\| github.event_name == 'workflow_dispatch') && github.ref == 'refs/heads/main'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

direct push to ffgan repo #24

Workflow file

direct push to ffgan repo #24

Uh oh!

Workflow file for this run