feat: log SOURCE_REF immediately in container startup #23533
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Docker | |
on: | |
workflow_dispatch: | |
push: | |
branches: [main] | |
pull_request: | |
branches: [main] | |
release: | |
types: [published] | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
permissions: | |
packages: write | |
jobs: | |
pre-job: | |
runs-on: ubuntu-latest | |
outputs: | |
should_run_server: ${{ steps.found_paths.outputs.server == 'true' || steps.should_force.outputs.should_force == 'true' }} | |
should_run_ml: ${{ steps.found_paths.outputs.machine-learning == 'true' || steps.should_force.outputs.should_force == 'true' }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- id: found_paths | |
uses: dorny/paths-filter@v3 | |
with: | |
filters: | | |
server: | |
- 'server/**' | |
- 'openapi/**' | |
- 'web/**' | |
machine-learning: | |
- 'machine-learning/**' | |
- name: Check if we should force jobs to run | |
id: should_force | |
run: echo "should_force=${{ github.event_name == 'workflow_dispatch' || github.event_name == 'release' }}" >> "$GITHUB_OUTPUT" | |
retag_ml: | |
name: Re-Tag ML | |
needs: pre-job | |
if: ${{ needs.pre-job.outputs.should_run_ml == 'false' && !github.event.pull_request.head.repo.fork }} | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
suffix: ["", "-cuda", "-openvino", "-armnn"] | |
steps: | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Re-tag image | |
run: | | |
REGISTRY_NAME="ghcr.io" | |
REPOSITORY=${{ github.repository_owner }}/immich-machine-learning | |
TAG_OLD=main${{ matrix.suffix }} | |
TAG_NEW=${{ github.event.number == 0 && github.ref_name || format('pr-{0}', github.event.number) }}${{ matrix.suffix }} | |
docker buildx imagetools create -t $REGISTRY_NAME/$REPOSITORY:$TAG_NEW $REGISTRY_NAME/$REPOSITORY:$TAG_OLD | |
retag_server: | |
name: Re-Tag Server | |
needs: pre-job | |
if: ${{ needs.pre-job.outputs.should_run_server == 'false' && !github.event.pull_request.head.repo.fork }} | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
suffix: [""] | |
steps: | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Re-tag image | |
run: | | |
REGISTRY_NAME="ghcr.io" | |
REPOSITORY=${{ github.repository_owner }}/immich-server | |
TAG_OLD=main${{ matrix.suffix }} | |
TAG_NEW=${{ github.event.number == 0 && github.ref_name || format('pr-{0}', github.event.number) }}${{ matrix.suffix }} | |
docker buildx imagetools create -t $REGISTRY_NAME/$REPOSITORY:$TAG_NEW $REGISTRY_NAME/$REPOSITORY:$TAG_OLD | |
build_and_push_ml: | |
name: Build and Push ML | |
needs: pre-job | |
if: ${{ needs.pre-job.outputs.should_run_ml == 'true' }} | |
runs-on: ubuntu-latest | |
env: | |
image: immich-machine-learning | |
context: machine-learning | |
file: machine-learning/Dockerfile | |
strategy: | |
# Prevent a failure in one image from stopping the other builds | |
fail-fast: false | |
matrix: | |
include: | |
- platforms: linux/amd64,linux/arm64 | |
device: cpu | |
- platforms: linux/amd64 | |
device: cuda | |
suffix: -cuda | |
- platforms: linux/amd64 | |
device: openvino | |
suffix: -openvino | |
- platforms: linux/arm64 | |
device: armnn | |
suffix: -armnn | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3.2.0 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3.7.0 | |
- name: Login to Docker Hub | |
# Only push to Docker Hub when making a release | |
if: ${{ github.event_name == 'release' }} | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
# Skip when PR from a fork | |
if: ${{ !github.event.pull_request.head.repo.fork }} | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Generate docker image tags | |
id: metadata | |
uses: docker/metadata-action@v5 | |
with: | |
flavor: | | |
# Disable latest tag | |
latest=false | |
images: | | |
name=ghcr.io/${{ github.repository_owner }}/${{env.image}} | |
name=altran1502/${{env.image}},enable=${{ github.event_name == 'release' }} | |
tags: | | |
# Tag with branch name | |
type=ref,event=branch,suffix=${{ matrix.suffix }} | |
# Tag with pr-number | |
type=ref,event=pr,suffix=${{ matrix.suffix }} | |
# Tag with git tag on release | |
type=ref,event=tag,suffix=${{ matrix.suffix }} | |
type=raw,value=release,enable=${{ github.event_name == 'release' }},suffix=${{ matrix.suffix }} | |
- name: Determine build cache output | |
id: cache-target | |
run: | | |
if [[ "${{ github.event_name }}" == "pull_request" ]]; then | |
# Essentially just ignore the cache output (PR can't write to registry cache) | |
echo "cache-to=type=local,dest=/tmp/discard,ignore-error=true" >> $GITHUB_OUTPUT | |
else | |
echo "cache-to=type=registry,mode=max,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{ env.image }}" >> $GITHUB_OUTPUT | |
fi | |
- name: Build and push image | |
uses: docker/build-push-action@v6.9.0 | |
with: | |
context: ${{ env.context }} | |
file: ${{ env.file }} | |
platforms: ${{ matrix.platforms }} | |
# Skip pushing when PR from a fork | |
push: ${{ !github.event.pull_request.head.repo.fork }} | |
cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{env.image}} | |
cache-to: ${{ steps.cache-target.outputs.cache-to }} | |
tags: ${{ steps.metadata.outputs.tags }} | |
labels: ${{ steps.metadata.outputs.labels }} | |
build-args: | | |
DEVICE=${{ matrix.device }} | |
BUILD_ID=${{ github.run_id }} | |
BUILD_IMAGE=${{ github.event_name == 'release' && github.ref_name || steps.metadata.outputs.tags }} | |
BUILD_SOURCE_REF=${{ github.ref_name }} | |
BUILD_SOURCE_COMMIT=${{ github.sha }} | |
build_and_push_server: | |
name: Build and Push Server | |
runs-on: ubuntu-latest | |
needs: pre-job | |
if: ${{ needs.pre-job.outputs.should_run_server == 'true' }} | |
env: | |
image: immich-server | |
context: . | |
file: server/Dockerfile | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- platforms: linux/amd64,linux/arm64 | |
device: cpu | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3.2.0 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3.7.0 | |
- name: Login to Docker Hub | |
# Only push to Docker Hub when making a release | |
if: ${{ github.event_name == 'release' }} | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
# Skip when PR from a fork | |
if: ${{ !github.event.pull_request.head.repo.fork }} | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Generate docker image tags | |
id: metadata | |
uses: docker/metadata-action@v5 | |
with: | |
flavor: | | |
# Disable latest tag | |
latest=false | |
images: | | |
name=ghcr.io/${{ github.repository_owner }}/${{env.image}} | |
name=altran1502/${{env.image}},enable=${{ github.event_name == 'release' }} | |
tags: | | |
# Tag with branch name | |
type=ref,event=branch,suffix=${{ matrix.suffix }} | |
# Tag with pr-number | |
type=ref,event=pr,suffix=${{ matrix.suffix }} | |
# Tag with git tag on release | |
type=ref,event=tag,suffix=${{ matrix.suffix }} | |
type=raw,value=release,enable=${{ github.event_name == 'release' }},suffix=${{ matrix.suffix }} | |
- name: Determine build cache output | |
id: cache-target | |
run: | | |
if [[ "${{ github.event_name }}" == "pull_request" ]]; then | |
# Essentially just ignore the cache output (PR can't write to registry cache) | |
echo "cache-to=type=local,dest=/tmp/discard,ignore-error=true" >> $GITHUB_OUTPUT | |
else | |
echo "cache-to=type=registry,mode=max,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{ env.image }}" >> $GITHUB_OUTPUT | |
fi | |
- name: Build and push image | |
uses: docker/build-push-action@v6.9.0 | |
with: | |
context: ${{ env.context }} | |
file: ${{ env.file }} | |
platforms: ${{ matrix.platforms }} | |
# Skip pushing when PR from a fork | |
push: ${{ !github.event.pull_request.head.repo.fork }} | |
cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{env.image}} | |
cache-to: ${{ steps.cache-target.outputs.cache-to }} | |
tags: ${{ steps.metadata.outputs.tags }} | |
labels: ${{ steps.metadata.outputs.labels }} | |
build-args: | | |
DEVICE=${{ matrix.device }} | |
BUILD_ID=${{ github.run_id }} | |
BUILD_IMAGE=${{ github.event_name == 'release' && github.ref_name || steps.metadata.outputs.tags }} | |
BUILD_SOURCE_REF=${{ github.ref_name }} | |
BUILD_SOURCE_COMMIT=${{ github.sha }} | |
success-check-server: | |
name: Docker Build & Push Server Success | |
needs: [build_and_push_server, retag_server] | |
runs-on: ubuntu-latest | |
if: always() | |
steps: | |
- name: Any jobs failed? | |
if: ${{ contains(needs.*.result, 'failure') }} | |
run: exit 1 | |
- name: All jobs passed or skipped | |
if: ${{ !(contains(needs.*.result, 'failure')) }} | |
run: echo "All jobs passed or skipped" && echo "${{ toJSON(needs.*.result) }}" | |
success-check-ml: | |
name: Docker Build & Push ML Success | |
needs: [build_and_push_ml, retag_ml] | |
runs-on: ubuntu-latest | |
if: always() | |
steps: | |
- name: Any jobs failed? | |
if: ${{ contains(needs.*.result, 'failure') }} | |
run: exit 1 | |
- name: All jobs passed or skipped | |
if: ${{ !(contains(needs.*.result, 'failure')) }} | |
run: echo "All jobs passed or skipped" && echo "${{ toJSON(needs.*.result) }}" |