diff --git a/.github/workflows/pushDockerRepos.yml b/.github/workflows/pushDockerRepos.yml index 6bf0c5a2..102e4994 100644 --- a/.github/workflows/pushDockerRepos.yml +++ b/.github/workflows/pushDockerRepos.yml @@ -3,105 +3,197 @@ name: Build and Push Docker Image to Docker Hub on: push: branches: [ main ] - + +env: + IMAGES: >- + cybics-attack-machine:software/attack-machine:software/attack-machine/Dockerfile + cybicsopenplc:software/OpenPLC:software/OpenPLC/Dockerfile + cybicsopcua:software/opcua:software/opcua/Dockerfile + cybicss7com:software/s7com:software/s7com/Dockerfile + cybicsfuxa:software/FUXA:software/FUXA/Dockerfile + cybicshwio:software/hwio-virtual:software/hwio-virtual/Dockerfile + landing:.:software/landing/Dockerfile + cybics-engineeringws:software:software/engineeringWS/Dockerfile + cybicsagent:software/cybicsagent:software/cybicsagent/Dockerfile + cybics-ids:software/ids:software/ids/Dockerfile + jobs: - linux_amd64_push_to_registry: - name: (linux/amd64) push docker image to hub + # ==== Build amd64 natively on x86 runner ==== + build-amd64: + name: Build amd64 images runs-on: ubuntu-latest steps: - name: Free up disk space run: | - sudo rm -rf /usr/share/dotnet - sudo rm -rf /usr/local/lib/android - sudo rm -rf /opt/ghc - sudo rm -rf /opt/hostedtoolcache/CodeQL + sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghc /opt/hostedtoolcache/CodeQL sudo docker system prune -af df -h - - name: check repository + - name: Checkout repository uses: actions/checkout@v4 with: submodules: recursive - - name: login to docker registry + - name: Login to Docker Hub uses: docker/login-action@v3 with: - username: ${{secrets.DOCKERHUB_USERNAME}} - password: ${{secrets.DOCKERHUB_TOKEN}} + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: "Create environment files" + - name: Create environment files run: .devcontainer/prepare-env.sh - name: Extract version metadata id: meta run: | - # Get short SHA for versioning - echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT - - # Check if this commit is tagged (for releases) + SHA_SHORT=$(git rev-parse --short HEAD) + echo "sha_short=${SHA_SHORT}" >> $GITHUB_OUTPUT GIT_TAG=$(git describe --exact-match --tags 2>/dev/null || echo "") echo "git_tag=${GIT_TAG}" >> $GITHUB_OUTPUT - # Create tag list: always include latest and SHA, optionally include git tag - if [ -n "$GIT_TAG" ]; then - # Remove 'v' prefix if present for Docker tag - VERSION_TAG=${GIT_TAG#v} - echo "tags=latest,$(git rev-parse --short HEAD),${VERSION_TAG}" >> $GITHUB_OUTPUT - echo "Building release version: ${GIT_TAG}" - else - echo "tags=latest,$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT - echo "Building development version" - fi - - - name: Build and push docker images to registry + - name: Build and push amd64 images env: SHA_SHORT: ${{ steps.meta.outputs.sha_short }} GIT_TAG: ${{ steps.meta.outputs.git_tag }} run: | - # Create a new builder instance - docker buildx create --name multiarch-builder --use || true + for entry in $IMAGES; do + IFS=':' read -r NAME CONTEXT DOCKERFILE <<< "$entry" + IMAGE="mniedermaier1337/${NAME}" + + TAG_ARGS="-t ${IMAGE}:${SHA_SHORT}-amd64 -t ${IMAGE}:latest-amd64" + if [ -n "$GIT_TAG" ]; then + VERSION_TAG=${GIT_TAG#v} + TAG_ARGS="${TAG_ARGS} -t ${IMAGE}:${VERSION_TAG}-amd64" + fi + + echo "::group::Building ${NAME} (amd64)" + docker buildx build \ + --platform linux/amd64 \ + ${TAG_ARGS} \ + --push \ + -f ${DOCKERFILE} \ + ${CONTEXT} + echo "::endgroup::" + done + + # ==== Build arm64 natively on ARM runner ==== + build-arm64: + name: Build arm64 images + runs-on: ubuntu-24.04-arm + steps: + - name: Free up disk space + run: | + sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghc /opt/hostedtoolcache/CodeQL + sudo docker system prune -af + df -h + + - name: Checkout repository + uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Create environment files + run: .devcontainer/prepare-env.sh + + - name: Extract version metadata + id: meta + run: | + SHA_SHORT=$(git rev-parse --short HEAD) + echo "sha_short=${SHA_SHORT}" >> $GITHUB_OUTPUT + GIT_TAG=$(git describe --exact-match --tags 2>/dev/null || echo "") + echo "git_tag=${GIT_TAG}" >> $GITHUB_OUTPUT - # Helper function to build and push with multiple tags - build_and_push() { - local IMAGE_NAME=$1 - local CONTEXT=$2 - local DOCKERFILE=$3 + - name: Build and push arm64 images + env: + SHA_SHORT: ${{ steps.meta.outputs.sha_short }} + GIT_TAG: ${{ steps.meta.outputs.git_tag }} + run: | + for entry in $IMAGES; do + IFS=':' read -r NAME CONTEXT DOCKERFILE <<< "$entry" + IMAGE="mniedermaier1337/${NAME}" - # Build tag arguments - TAG_ARGS="" + TAG_ARGS="-t ${IMAGE}:${SHA_SHORT}-arm64 -t ${IMAGE}:latest-arm64" if [ -n "$GIT_TAG" ]; then VERSION_TAG=${GIT_TAG#v} - TAG_ARGS="-t ${IMAGE_NAME}:latest -t ${IMAGE_NAME}:${SHA_SHORT} -t ${IMAGE_NAME}:${VERSION_TAG}" - echo "Building ${IMAGE_NAME} with tags: latest, ${SHA_SHORT}, ${VERSION_TAG}" - else - TAG_ARGS="-t ${IMAGE_NAME}:latest -t ${IMAGE_NAME}:${SHA_SHORT}" - echo "Building ${IMAGE_NAME} with tags: latest, ${SHA_SHORT}" + TAG_ARGS="${TAG_ARGS} -t ${IMAGE}:${VERSION_TAG}-arm64" fi - # Build and push + echo "::group::Building ${NAME} (arm64)" docker buildx build \ - --platform linux/amd64,linux/arm64 \ + --platform linux/arm64 \ ${TAG_ARGS} \ --push \ -f ${DOCKERFILE} \ ${CONTEXT} - } - - # Build and push all images - build_and_push "mniedermaier1337/cybics-attack-machine" "software/attack-machine" "software/attack-machine/Dockerfile" - build_and_push "mniedermaier1337/cybicsopenplc" "software/OpenPLC" "software/OpenPLC/Dockerfile" - build_and_push "mniedermaier1337/cybicsopcua" "software/opcua" "software/opcua/Dockerfile" - build_and_push "mniedermaier1337/cybicss7com" "software/s7com" "software/s7com/Dockerfile" - build_and_push "mniedermaier1337/cybicsfuxa" "software/FUXA" "software/FUXA/Dockerfile" - build_and_push "mniedermaier1337/cybicshwio" "software/hwio-virtual" "software/hwio-virtual/Dockerfile" - build_and_push "mniedermaier1337/landing" "." "software/landing/Dockerfile" - build_and_push "mniedermaier1337/cybics-engineeringws" "software" "software/engineeringWS/Dockerfile" - build_and_push "mniedermaier1337/cybicsagent" "software/cybicsagent" "software/cybicsagent/Dockerfile" - build_and_push "mniedermaier1337/cybics-ids" "software/ids" "software/ids/Dockerfile" + echo "::endgroup::" + done + + # ==== Create multi-arch manifests ==== + create-manifests: + name: Create multi-arch manifests + runs-on: ubuntu-latest + needs: [build-amd64, build-arm64] + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Extract version metadata + id: meta + run: | + SHA_SHORT=$(git rev-parse --short HEAD) + echo "sha_short=${SHA_SHORT}" >> $GITHUB_OUTPUT + GIT_TAG=$(git describe --exact-match --tags 2>/dev/null || echo "") + echo "git_tag=${GIT_TAG}" >> $GITHUB_OUTPUT + + - name: Create and push multi-arch manifests + env: + SHA_SHORT: ${{ steps.meta.outputs.sha_short }} + GIT_TAG: ${{ steps.meta.outputs.git_tag }} + run: | + for entry in $IMAGES; do + IFS=':' read -r NAME CONTEXT DOCKERFILE <<< "$entry" + IMAGE="mniedermaier1337/${NAME}" + + echo "::group::Creating manifest for ${NAME}" + + # Create 'latest' manifest + docker buildx imagetools create \ + -t ${IMAGE}:latest \ + ${IMAGE}:latest-amd64 \ + ${IMAGE}:latest-arm64 + + # Create SHA-tagged manifest + docker buildx imagetools create \ + -t ${IMAGE}:${SHA_SHORT} \ + ${IMAGE}:${SHA_SHORT}-amd64 \ + ${IMAGE}:${SHA_SHORT}-arm64 + + # Create version-tagged manifest if this is a release + if [ -n "$GIT_TAG" ]; then + VERSION_TAG=${GIT_TAG#v} + docker buildx imagetools create \ + -t ${IMAGE}:${VERSION_TAG} \ + ${IMAGE}:${VERSION_TAG}-amd64 \ + ${IMAGE}:${VERSION_TAG}-arm64 + fi + echo "::endgroup::" + done