Michael Schiemer
77abc65cd7
Some checks failed
Deploy Application / deploy (push) Has been cancelled
257 lines
8.7 KiB
YAML
257 lines
8.7 KiB
YAML
name: 🧊 Warm Docker Build Cache
|
||
|
||
run-name: Warm Cache - ${{ inputs.branch || 'main' }}
|
||
|
||
on:
|
||
schedule:
|
||
- cron: '0 4 * * 0'
|
||
workflow_dispatch:
|
||
inputs:
|
||
branch:
|
||
description: 'Branch to use for warming caches'
|
||
required: false
|
||
default: 'main'
|
||
|
||
env:
|
||
REGISTRY: registry.michaelschiemer.de
|
||
IMAGE_NAME: framework
|
||
RUNTIME_IMAGE_NAME: framework-runtime
|
||
|
||
jobs:
|
||
warm:
|
||
name: Refresh Buildx Caches
|
||
runs-on: docker-build
|
||
steps:
|
||
- name: Install git and tooling
|
||
shell: sh
|
||
run: |
|
||
if ! command -v bash >/dev/null 2>&1 || ! command -v git >/dev/null 2>&1; then
|
||
apk add --no-cache git bash curl
|
||
fi
|
||
bash --version
|
||
git --version
|
||
|
||
- name: Determine target ref
|
||
id: target
|
||
shell: bash
|
||
run: |
|
||
TARGET="${{ inputs.branch }}"
|
||
if [ -z "$TARGET" ]; then
|
||
TARGET="main"
|
||
fi
|
||
echo "target_ref=$TARGET" >> "$GITHUB_OUTPUT"
|
||
echo "TARGET_REF=$TARGET" >> $GITHUB_ENV
|
||
echo "BRANCH_NAME=$TARGET" >> $GITHUB_ENV
|
||
|
||
- name: Download CI helpers
|
||
shell: bash
|
||
env:
|
||
CI_TOKEN: ${{ secrets.CI_TOKEN }}
|
||
run: |
|
||
set -euo pipefail
|
||
REF="${{ steps.target.outputs.target_ref }}"
|
||
URL="https://git.michaelschiemer.de/${{ github.repository }}/raw/${REF}/scripts/ci/clone_repo.sh"
|
||
mkdir -p /tmp/ci-tools
|
||
if [ -n "$CI_TOKEN" ]; then
|
||
curl -sfL -u "$CI_TOKEN:x-oauth-basic" "$URL" -o /tmp/ci-tools/clone_repo.sh
|
||
else
|
||
curl -sfL "$URL" -o /tmp/ci-tools/clone_repo.sh
|
||
fi
|
||
chmod +x /tmp/ci-tools/clone_repo.sh
|
||
|
||
- name: Checkout repository
|
||
shell: bash
|
||
env:
|
||
TARGET_REF: ${{ steps.target.outputs.target_ref }}
|
||
run: |
|
||
export CI_REPOSITORY="${{ github.repository }}"
|
||
export CI_TOKEN="${{ secrets.CI_TOKEN }}"
|
||
export CI_REF_NAME="$TARGET_REF"
|
||
export CI_INPUT_BRANCH="$TARGET_REF"
|
||
export CI_DEFAULT_BRANCH="main"
|
||
export CI_TARGET_DIR="/workspace/repo"
|
||
export CI_FETCH_DEPTH="1"
|
||
/tmp/ci-tools/clone_repo.sh
|
||
cd /workspace/repo
|
||
git rev-parse HEAD
|
||
|
||
- name: Setup Docker Buildx
|
||
shell: bash
|
||
run: |
|
||
docker buildx version || echo "Buildx nicht gefunden"
|
||
if ! docker buildx ls 2>/dev/null | grep -q builder; then
|
||
docker buildx create --name builder --use --driver docker-container
|
||
else
|
||
docker buildx use builder
|
||
fi
|
||
docker buildx inspect --bootstrap
|
||
|
||
- name: Login to registry
|
||
id: login
|
||
shell: bash
|
||
run: |
|
||
REGISTRY_USER="${{ secrets.REGISTRY_USER }}"
|
||
REGISTRY_PASSWORD="${{ secrets.REGISTRY_PASSWORD }}"
|
||
REGISTRY_URL="${{ env.REGISTRY }}"
|
||
DEPLOYMENT_HOST="94.16.110.151"
|
||
|
||
if [ -z "$REGISTRY_USER" ] || [ -z "$REGISTRY_PASSWORD" ]; then
|
||
echo "❌ Error: Registry credentials missing"
|
||
exit 1
|
||
fi
|
||
|
||
echo "🔐 Logging in to registry..."
|
||
|
||
HOST_IP=$(ip route | grep default | awk '{print $3}' 2>/dev/null | head -1 || echo "$DEPLOYMENT_HOST")
|
||
|
||
REGISTRY_URLS=(
|
||
"registry.michaelschiemer.de"
|
||
"$REGISTRY_URL"
|
||
"$DEPLOYMENT_HOST"
|
||
"$DEPLOYMENT_HOST:5000"
|
||
"${HOST_IP}:5000"
|
||
)
|
||
|
||
LOGIN_SUCCESS=false
|
||
|
||
for TEST_URL in "${REGISTRY_URLS[@]}"; do
|
||
echo "🔍 Testing registry: $TEST_URL"
|
||
|
||
if [[ "$TEST_URL" == *":5000" ]]; then
|
||
HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" "http://$TEST_URL/v2/" 2>&1 || echo "000")
|
||
|
||
if [ "$HTTP_CODE" = "401" ] || [ "$HTTP_CODE" = "200" ]; then
|
||
set +e
|
||
LOGIN_OUTPUT=$(echo "$REGISTRY_PASSWORD" | docker login "$TEST_URL" -u "$REGISTRY_USER" --password-stdin 2>&1)
|
||
LOGIN_EXIT_CODE=$?
|
||
set -e
|
||
|
||
if [ $LOGIN_EXIT_CODE -eq 0 ]; then
|
||
REGISTRY_URL="$TEST_URL"
|
||
LOGIN_SUCCESS=true
|
||
break
|
||
fi
|
||
fi
|
||
else
|
||
HTTPS_CODE=$(curl -k -s -o /dev/null -w "%{http_code}" "https://$TEST_URL/v2/" 2>&1 || echo "000")
|
||
|
||
if [ "$HTTPS_CODE" = "401" ] || [ "$HTTPS_CODE" = "200" ]; then
|
||
set +e
|
||
LOGIN_OUTPUT=$(echo "$REGISTRY_PASSWORD" | docker login "$TEST_URL" -u "$REGISTRY_USER" --password-stdin 2>&1)
|
||
LOGIN_EXIT_CODE=$?
|
||
set -e
|
||
|
||
if [ $LOGIN_EXIT_CODE -eq 0 ]; then
|
||
REGISTRY_URL="$TEST_URL"
|
||
LOGIN_SUCCESS=true
|
||
break
|
||
fi
|
||
fi
|
||
fi
|
||
done
|
||
|
||
if [ "$LOGIN_SUCCESS" = false ]; then
|
||
echo "❌ Registry login failed"
|
||
exit 1
|
||
fi
|
||
|
||
echo "✅ Registry login successful: $REGISTRY_URL"
|
||
echo "REGISTRY_URL=$REGISTRY_URL" >> $GITHUB_ENV
|
||
echo "CACHE_REGISTRY=${{ env.REGISTRY }}" >> $GITHUB_ENV
|
||
|
||
- name: Warm runtime base cache
|
||
shell: bash
|
||
env:
|
||
REGISTRY_URL: ${{ env.REGISTRY_URL }}
|
||
CACHE_REGISTRY: ${{ env.CACHE_REGISTRY }}
|
||
run: |
|
||
cd /workspace/repo
|
||
|
||
TARGET_REGISTRY="$CACHE_REGISTRY"
|
||
if [ -z "$TARGET_REGISTRY" ]; then
|
||
TARGET_REGISTRY="$REGISTRY_URL"
|
||
fi
|
||
|
||
IMAGE_NAME="${{ env.RUNTIME_IMAGE_NAME }}"
|
||
DATE_TAG="warm-$(date -u +%Y%m%d%H%M)"
|
||
BRANCH_NAME="${{ env.BRANCH_NAME || 'main' }}"
|
||
|
||
# Build cache sources - multiple sources for better cache hit rate
|
||
CACHE_SOURCES=(
|
||
"type=registry,ref=${TARGET_REGISTRY}/${IMAGE_NAME}:buildcache"
|
||
"type=registry,ref=${TARGET_REGISTRY}/${IMAGE_NAME}:${BRANCH_NAME}-cache"
|
||
"type=registry,ref=${TARGET_REGISTRY}/${IMAGE_NAME}:latest"
|
||
)
|
||
|
||
CACHE_FROM_ARGS=""
|
||
for CACHE_SRC in "${CACHE_SOURCES[@]}"; do
|
||
CACHE_FROM_ARGS="${CACHE_FROM_ARGS} --cache-from ${CACHE_SRC}"
|
||
done
|
||
|
||
docker buildx build \
|
||
--platform linux/amd64 \
|
||
--file ./Dockerfile.production \
|
||
--target runtime-base \
|
||
--build-arg RUNTIME_IMAGE=runtime-base \
|
||
${CACHE_FROM_ARGS} \
|
||
--cache-to type=registry,ref="${TARGET_REGISTRY}/${IMAGE_NAME}:buildcache",mode=max \
|
||
--cache-to type=registry,ref="${TARGET_REGISTRY}/${IMAGE_NAME}:${BRANCH_NAME}-cache",mode=max \
|
||
--tag "$TARGET_REGISTRY/$IMAGE_NAME:$DATE_TAG" \
|
||
--push \
|
||
.
|
||
|
||
- name: Warm production cache
|
||
shell: bash
|
||
env:
|
||
REGISTRY_URL: ${{ env.REGISTRY_URL }}
|
||
CACHE_REGISTRY: ${{ env.CACHE_REGISTRY }}
|
||
run: |
|
||
cd /workspace/repo
|
||
|
||
REGISTRY_TO_USE="$REGISTRY_URL"
|
||
CACHE_TARGET="$CACHE_REGISTRY"
|
||
if [ -z "$CACHE_TARGET" ]; then
|
||
CACHE_TARGET="$REGISTRY_TO_USE"
|
||
fi
|
||
|
||
IMAGE_NAME="${{ env.IMAGE_NAME }}"
|
||
DATE_TAG="warm-$(date -u +%Y%m%d%H%M)"
|
||
BRANCH_NAME="${{ env.BRANCH_NAME || 'main' }}"
|
||
|
||
DEFAULT_RUNTIME="$CACHE_TARGET/${{ env.RUNTIME_IMAGE_NAME }}:latest"
|
||
RUNTIME_ARG="runtime-base"
|
||
if docker pull "$DEFAULT_RUNTIME" >/dev/null 2>&1; then
|
||
RUNTIME_ARG="$DEFAULT_RUNTIME"
|
||
fi
|
||
|
||
# Build cache sources - multiple sources for better cache hit rate
|
||
CACHE_SOURCES=(
|
||
"type=registry,ref=${CACHE_TARGET}/${IMAGE_NAME}:buildcache"
|
||
"type=registry,ref=${REGISTRY_TO_USE}/${IMAGE_NAME}:${BRANCH_NAME}-cache"
|
||
"type=registry,ref=${REGISTRY_TO_USE}/${IMAGE_NAME}:latest"
|
||
)
|
||
|
||
CACHE_FROM_ARGS=""
|
||
for CACHE_SRC in "${CACHE_SOURCES[@]}"; do
|
||
CACHE_FROM_ARGS="${CACHE_FROM_ARGS} --cache-from ${CACHE_SRC}"
|
||
done
|
||
|
||
docker buildx build \
|
||
--platform linux/amd64 \
|
||
--file ./Dockerfile.production \
|
||
--build-arg RUNTIME_IMAGE="$RUNTIME_ARG" \
|
||
${CACHE_FROM_ARGS} \
|
||
--cache-to type=registry,ref="${CACHE_TARGET}/${IMAGE_NAME}:buildcache",mode=max \
|
||
--cache-to type=registry,ref="${REGISTRY_TO_USE}/${IMAGE_NAME}:${BRANCH_NAME}-cache",mode=max \
|
||
--tag "$REGISTRY_TO_USE/$IMAGE_NAME:$DATE_TAG" \
|
||
--push \
|
||
.
|
||
|
||
- name: Cleanup warm tags
|
||
shell: bash
|
||
env:
|
||
REGISTRY_URL: ${{ env.REGISTRY_URL }}
|
||
CACHE_REGISTRY: ${{ env.CACHE_REGISTRY }}
|
||
run: |
|
||
echo "ℹ️ Cleanup of warm tags deferred to registry retention policy"
|