--- name: Container # yamllint disable-line rule:truthy on: workflow_dispatch: workflow_run: workflows: - Integration types: - completed branches: - master concurrency: group: ${{ github.workflow }} cancel-in-progress: false permissions: contents: read packages: read env: PYTHON_VERSION: "3.14" jobs: build: if: github.repository_owner == 'searxng' || github.event_name == 'workflow_dispatch' name: Build (${{ matrix.arch }}) runs-on: ${{ matrix.os }} strategy: fail-fast: false matrix: include: - arch: amd64 march: amd64 os: ubuntu-24.04 emulation: false - arch: arm64 march: arm64 os: ubuntu-24.04-arm emulation: false - arch: armv7 march: arm64 os: ubuntu-24.04-arm emulation: true permissions: packages: write outputs: docker_tag: ${{ steps.build.outputs.docker_tag }} git_url: ${{ steps.build.outputs.git_url }} steps: # yamllint disable rule:line-length - name: Setup podman env: PODMAN_VERSION: "v5.6.2" run: | # dpkg man-db trigger is very slow on GHA runners # https://github.com/actions/runner-images/issues/10977 # https://github.com/actions/runner/issues/4030 sudo rm -f /var/lib/man-db/auto-update sudo apt-get purge -y podman runc crun conmon curl -fsSLO "https://github.com/mgoltzsche/podman-static/releases/download/${{ env.PODMAN_VERSION }}/podman-linux-${{ matrix.march }}.tar.gz" curl -fsSLO "https://github.com/mgoltzsche/podman-static/releases/download/${{ env.PODMAN_VERSION }}/podman-linux-${{ matrix.march }}.tar.gz.asc" gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 0CCF102C4F95D89E583FF1D4F8B5AF50344BB503 gpg --batch --verify "podman-linux-${{ matrix.march }}.tar.gz.asc" "podman-linux-${{ matrix.march }}.tar.gz" tar -xzf "podman-linux-${{ matrix.march }}.tar.gz" sudo cp -rfv ./podman-linux-${{ matrix.march }}/etc/. /etc/ sudo cp -rfv ./podman-linux-${{ matrix.march }}/usr/. /usr/ sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 # yamllint enable rule:line-length - name: Setup Python uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: "${{ env.PYTHON_VERSION }}" - name: Checkout uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: "false" fetch-depth: "0" - name: Setup cache Python uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: key: "python-${{ env.PYTHON_VERSION }}-${{ runner.arch }}-${{ hashFiles('./requirements*.txt') }}" restore-keys: "python-${{ env.PYTHON_VERSION }}-${{ runner.arch }}-" path: "./local/" - name: Get date id: date run: echo "date=$(date +'%Y%m%d')" >>$GITHUB_OUTPUT - name: Setup cache container uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: key: "container-${{ matrix.arch }}-${{ steps.date.outputs.date }}-${{ hashFiles('./requirements*.txt') }}" restore-keys: | "container-${{ matrix.arch }}-${{ steps.date.outputs.date }}-" "container-${{ matrix.arch }}-" path: "/var/tmp/buildah-cache-*/*" - if: ${{ matrix.emulation }} name: Setup QEMU uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Login to GHCR uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: "ghcr.io" username: "${{ github.repository_owner }}" password: "${{ secrets.GITHUB_TOKEN }}" - name: Build id: build env: OVERRIDE_ARCH: "${{ matrix.arch }}" run: make podman.build test: name: Test (${{ matrix.arch }}) runs-on: ${{ matrix.os }} needs: build strategy: fail-fast: false matrix: include: - arch: amd64 os: ubuntu-24.04 emulation: false - arch: arm64 os: ubuntu-24.04-arm emulation: false - arch: armv7 os: ubuntu-24.04-arm emulation: true steps: - name: Checkout uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: "false" - if: ${{ matrix.emulation }} name: Setup QEMU uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Login to GHCR uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: "ghcr.io" username: "${{ github.repository_owner }}" password: "${{ secrets.GITHUB_TOKEN }}" - name: Test env: OVERRIDE_ARCH: "${{ matrix.arch }}" GIT_URL: "${{ needs.build.outputs.git_url }}" run: make container.test release: if: github.repository_owner == 'searxng' && github.ref_name == 'master' name: Release runs-on: ubuntu-24.04-arm needs: - build - test permissions: packages: write steps: - name: Checkout uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: "false" - name: Login to GHCR uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: "ghcr.io" username: "${{ github.repository_owner }}" password: "${{ secrets.GITHUB_TOKEN }}" - name: Login to Docker Hub uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: "docker.io" username: "${{ secrets.DOCKERHUB_USERNAME }}" password: "${{ secrets.DOCKERHUB_TOKEN }}" - name: Release env: GIT_URL: "${{ needs.build.outputs.git_url }}" DOCKER_TAG: "${{ needs.build.outputs.docker_tag }}" run: make container.push