Skip to content
Build and Push Devcontainer Image (Pre-Production)

fix(ci): rebuild multi-arch devcontainer images and push :dev and :la… #69

Sign in to view logs

fix(ci): rebuild multi-arch devcontainer images and push :dev and :la…

fix(ci): rebuild multi-arch devcontainer images and push :dev and :la… #69

Workflow file for this run

.github/workflows/build-push.yml at 06f9723
name: Build and Push Devcontainer Image (Pre-Production)
on:
push:
branches:
- main
permissions:
contents: read
packages: write
actions: read
id-token: write
env:
IMAGE_NAME: ghcr.io/beaniezombie/zombiekit-devcontainer
VERSION: dev
jobs:
build-amd64:
if: github.repository == 'BeanieZombie/zombiekit-devcontainer'
runs-on: ubuntu-latest
timeout-minutes: 60
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Log in to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
install: true
driver-opts: image=moby/buildkit:latest
buildkitd-flags: --debug
name: build-amd64-builder
- name: Prune Buildx Builder
run: docker buildx prune --force
- name: Trivy Scan (ubuntu:jammy)
uses: aquasecurity/trivy-action@master
with:
image-ref: 'ubuntu:jammy'
severity: 'CRITICAL,HIGH'
exit-code: '0'
scanners: 'vuln'
- name: Clean up previous image
run: docker rmi ${{ env.IMAGE_NAME }}:temp-amd64 || true
- name: Build & Push Docker Image (AMD64)
uses: docker/build-push-action@v6
with:
context: .
push: true
platforms: linux/amd64
tags: ghcr.io/beaniezombie/zombiekit-devcontainer:temp-amd64
provenance: false
cache-from: type=registry,ref=${{ env.IMAGE_NAME }}:cache-amd64
cache-to: type=registry,ref=${{ env.IMAGE_NAME }}:cache-amd64,mode=max
- name: Verify Image Push to GHCR
run: |
for i in {1..5}; do
docker manifest inspect ${{ env.IMAGE_NAME }}:temp-amd64 && break || sleep 5
done || {
echo "::error::temp-amd64 not found in GHCR. Check previous step for push failure."; exit 1;
}
build-arm64:
if: github.repository == 'BeanieZombie/zombiekit-devcontainer'
runs-on: [self-hosted, linux, ARM64]
timeout-minutes: 60
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Log in to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Check Docker + Buildx
run: |
docker info || exit 1
docker system info || exit 1
df -h || exit 1
free -h || exit 1
docker buildx version || exit 1
docker buildx inspect || exit 1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
install: true
driver-opts: image=moby/buildkit:latest
buildkitd-flags: --debug
name: build-arm64-builder
- name: Prune Buildx Builder
run: docker buildx prune --force
- name: Set up QEMU with Retry
run: |
for i in {1..3}; do
docker run --rm --privileged tonistiigi/binfmt:latest --install all && break || {
EXIT_CODE=$?
if [ $EXIT_CODE -eq 125 ]; then
break
fi
sleep 5
}
done || exit 1
- name: Trivy Scan (ubuntu:jammy)
uses: aquasecurity/trivy-action@master
with:
image-ref: 'ubuntu:jammy'
severity: 'CRITICAL,HIGH'
exit-code: '0'
scanners: 'vuln'
- name: Clean up previous image
run: docker rmi ${{ env.IMAGE_NAME }}:temp-arm64 || true
- name: Build & Push Docker Image (ARM64)
uses: docker/build-push-action@v6
with:
context: .
push: true
platforms: linux/arm64
tags: ghcr.io/beaniezombie/zombiekit-devcontainer:temp-arm64
provenance: false
cache-from: type=registry,ref=${{ env.IMAGE_NAME }}:cache-arm64
cache-to: type=registry,ref=${{ env.IMAGE_NAME }}:cache-arm64,mode=max
- name: Verify Image Push to GHCR
run: |
for i in {1..5}; do
docker manifest inspect ${{ env.IMAGE_NAME }}:temp-arm64 && break || sleep 5
done || {
echo "::error::temp-arm64 not found in GHCR. Check previous step for push failure."; exit 1;
}
combine-images:
needs: [build-amd64, build-arm64]
if: github.repository == 'BeanieZombie/zombiekit-devcontainer'
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install jq (for debugging)
run: sudo apt-get update && sudo apt-get install -y jq
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
install: true
driver-opts: image=moby/buildkit:latest
buildkitd-flags: --debug
name: combine-images-builder
- name: Set up QEMU with Retry
run: |
for i in {1..3}; do
docker run --rm --privileged tonistiigi/binfmt:latest --install all && break || {
EXIT_CODE=$?
if [ $EXIT_CODE -eq 125 ]; then
break
fi
sleep 5
}
done || exit 1
- name: Check Docker Info
run: |
docker info || exit 1
docker ps -a || exit 1
docker images || exit 1
docker version || exit 1
- name: Log in to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Check GHCR Availability
run: curl -sI https://ghcr.io || exit 1
- name: Verify Architecture Manifests Exist
run: |
docker manifest inspect ${{ env.IMAGE_NAME }}:temp-amd64 || {
echo "::error::Missing temp-amd64 image. Build job may have failed."; exit 1;
}
docker manifest inspect ${{ env.IMAGE_NAME }}:temp-arm64 || {
echo "::error::Missing temp-arm64 image. Build job may have failed."; exit 1;
}
- name: Pull Architecture Images with Retry
run: |
for i in {1..5}; do
docker pull ${{ env.IMAGE_NAME }}:temp-amd64 && break || sleep 10
done || {
echo "::error::Failed to pull temp-amd64 after retries. Check build-amd64 logs."; exit 1;
}
for i in {1..5}; do
docker pull ${{ env.IMAGE_NAME }}:temp-arm64 && break || sleep 10
done || {
echo "::error::Failed to pull temp-arm64 after retries. Check build-arm64 logs."; exit 1;
}
- name: Pre-Check Images Exist in GHCR
run: |
curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
https://ghcr.io/v2/beaniezombie/zombiekit-devcontainer/manifests/temp-amd64 | jq .mediaType || {
echo "::error::Missing temp-amd64 manifest in registry. Build may have failed."; exit 1;
}
curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
https://ghcr.io/v2/beaniezombie/zombiekit-devcontainer/manifests/temp-arm64 | jq .mediaType || {
echo "::error::Missing temp-arm64 manifest in registry. Build may have failed."; exit 1;
}
- name: Verify Architecture Images in GHCR
run: |
docker buildx imagetools inspect ${{ env.IMAGE_NAME }}:temp-amd64 || {
echo "::error::Failed to verify temp-amd64 image in GHCR."; exit 1;
}
docker buildx imagetools inspect ${{ env.IMAGE_NAME }}:temp-arm64 || {
echo "::error::Failed to verify temp-arm64 image in GHCR."; exit 1;
}
- name: List Images and Verify Registry State
run: |
docker images
curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" https://ghcr.io/v2/beaniezombie/zombiekit-devcontainer/tags/list | jq
- name: Create & Push Multi-Arch Manifest (:dev)
run: |
for i in {1..3}; do
docker buildx imagetools create \
-t ghcr.io/beaniezombie/zombiekit-devcontainer:dev \
ghcr.io/beaniezombie/zombiekit-devcontainer:temp-amd64 \
ghcr.io/beaniezombie/zombiekit-devcontainer:temp-arm64 && break || sleep 10
done || {
echo "::error::Failed to create multi-arch manifest."; exit 1;
}
- name: Create & Push Multi-Arch Manifest (:latest)
run: |
for i in {1..3}; do
docker buildx imagetools create \
-t ghcr.io/beaniezombie/zombiekit-devcontainer:latest \
ghcr.io/beaniezombie/zombiekit-devcontainer:temp-amd64 \
ghcr.io/beaniezombie/zombiekit-devcontainer:temp-arm64 && break || sleep 10
done || {
echo "::error::Failed to create multi-arch manifest."; exit 1;
}
- name: Log Dev Visibility
run: echo "::notice::Container published publicly as :dev and :latest for testing only – not production ready."
- name: Warn Not Production-Ready
run: echo "::warning::This image is public for testing and CI workflows only. DO NOT use in production environments."