ref: build docker image using gha (#485)

getsentry · Aug 7, 2023 · b49b6d7 · b49b6d7
1 parent 58d5b3c
commit b49b6d7
Show file tree

Hide file tree

Showing 6 changed files with 84 additions and 74 deletions.
diff --git a/.craft.yml b/.craft.yml
@@ -34,11 +34,11 @@ targets:
             format: hex
   - id: release
     name: docker
-    source: us.gcr.io/sentryio/craft
+    source: ghcr.io/getsentry/craft
     target: getsentry/craft
   - id: latest
     name: docker
-    source: us.gcr.io/sentryio/craft
+    source: ghcr.io/getsentry/craft
     target: getsentry/craft
     targetFormat: '{{{target}}}:latest'
   - name: github

diff --git a/.dockerignore b/.dockerignore
@@ -4,5 +4,6 @@
 !/LICENSE
 !/README.md
 !/package.json
+!/scripts
+!/src
 !/yarn.lock
-!/dist
diff --git a/.github/workflows/image.yml b/.github/workflows/image.yml
@@ -0,0 +1,62 @@
+name: image
+
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+jobs:
+  image:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - name: builder-image
+      run: |
+        set -euxo pipefail
+
+        img=ghcr.io/getsentry/craft-builder:latest
+        args=()
+        if docker pull -q "$img"; then
+          args+=(--cache-from "$img")
+        fi
+        docker buildx build \
+          "${args[@]}" \
+          --build-arg BUILDKIT_INLINE_CACHE=1 \
+          --target builder \
+          --tag "$img" \
+          .
+    - name: image
+      run: |
+        set -euxo pipefail
+
+        img=ghcr.io/getsentry/craft:latest
+        args=()
+        if docker pull -q "$img"; then
+          args+=(--cache-from "$img")
+        fi
+        docker buildx build \
+          "${args[@]}" \
+          --build-arg "SOURCE_COMMIT=$GITHUB_SHA" \
+          --build-arg BUILDKIT_INLINE_CACHE=1 \
+          --tag "$img" \
+          .
+    - name: docker login
+      run: docker login --username "$DOCKER_USER" --password-stdin ghrc.io <<< "$DOCKER_PASS"
+      env:
+        DOCKER_USER: ${{ github.actor }}
+        DOCKER_PASS: ${{ secrets.GITHUB_TOKEN }}
+      if: github.event_name != 'pull_request'
+    - name: docker push
+      run: |
+        set -euxo pipefail
+
+        craft_builder=ghcr.io/getsentry/craft-builder:latest
+        craft_latest=ghcr.io/getsentry/craft:latest
+        craft_versioned="ghcr.io/getsentry/craft:${GITHUB_SHA}"
+
+        docker push "$craft_builder"
+
+        docker tag "$craft_latest" "$craft_versioned"
+        docker push "$craft_versioned"
+        docker push "$craft_latest"
+      if: github.event_name != 'pull_request'
diff --git a/Dockerfile b/Dockerfile
@@ -1,3 +1,20 @@
+FROM node:14-buster-slim as builder
+
+WORKDIR /usr/local/lib
+
+COPY package.json yarn.lock ./
+RUN export YARN_CACHE_FOLDER="$(mktemp -d)" \
+  && yarn install --frozen-lockfile --quiet \
+  && rm -r "$YARN_CACHE_FOLDER"
+
+COPY . .
+
+RUN \
+   NODE_ENV=production \
+  NODE_PATH=/usr/local/lib/node_modules \
+  PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/lib/node_modules/.bin" \
+  yarn --modules-folder /usr/local/lib/node_modules build
+
 FROM node:14-bullseye
 
 ENV DEBIAN_FRONTEND=noninteractive \
@@ -61,8 +78,7 @@ RUN curl -fsSL https://storage.googleapis.com/flutter_infra_release/releases/sta
 # craft does `git` things against mounted directories as root
 RUN git config --global --add safe.directory '*'
 
-COPY dist/craft /usr/local/bin/craft
-RUN chmod +x /usr/local/bin/craft
+COPY --from=builder /usr/local/lib/dist/craft /usr/local/bin/craft
 ARG SOURCE_COMMIT
 ENV CRAFT_BUILD_SHA=$SOURCE_COMMIT
 

diff --git a/builder.dockerfile b/builder.dockerfile
diff --git a/cloudbuild.yaml b/cloudbuild.yaml