mirror of
https://github.com/searxng/searxng.git
synced 2025-12-22 11:40:01 +00:00
3de7a6da2d
Building the container currently does not work properly. When rebuilding several times with `make container`, `version_frozen.py` is recreated, which wouldn't be an issue if the file’s timestamp was constant. Now, when creating `version_frozen.py`, it will have the same timestamp as the commit when it was created. (`version_frozen.py` is moved to a dedicated layer). Reusing "builder" cache when building "dist" could be slow (CD reports 2 seconds, but locally I've seen it take up to 10 seconds), so the Dockerfile is now split and we save a couple steps by importing the "builder" image directly. The last changes made it possible to remove the layer cache in "builder", since the overhead is now greater than building the layers from scratch. Until now, all "dist" layers were squashed into a single layer, which in most cases is a good idea (except for storage/delivery pricing/overhead), but in our case, since we manage the entire pipeline, we can ignore this and share layers between builds. This means (for example) that if we change files unrelated to the container in several consecutive commits (documentation changes), we don't have to push the entire image to registry, but only the different layers (`version_frozen.py` in this example). The same applies when pulling, as only the layers that have changed compared to the local layers will be downloaded (that's the theory, we'll see if this works as expected or if we need to tweak something else).
251 lines
6.9 KiB
YAML
251 lines
6.9 KiB
YAML
---
|
|
name: Container
|
|
|
|
# yamllint disable-line rule:truthy
|
|
on:
|
|
workflow_dispatch:
|
|
workflow_run:
|
|
workflows:
|
|
- Integration
|
|
types:
|
|
- completed
|
|
branches:
|
|
- master
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}
|
|
cancel-in-progress: false
|
|
|
|
permissions:
|
|
contents: read
|
|
# Organization GHCR
|
|
packages: read
|
|
|
|
env:
|
|
PYTHON_VERSION: "3.13"
|
|
|
|
jobs:
|
|
build-base:
|
|
if: |
|
|
(github.repository_owner == 'searxng' && github.event.workflow_run.conclusion == 'success')
|
|
|| github.event_name == 'workflow_dispatch'
|
|
name: Build base
|
|
runs-on: ubuntu-24.04
|
|
permissions:
|
|
# Organization GHCR
|
|
packages: write
|
|
|
|
steps:
|
|
- if: github.repository_owner == 'searxng'
|
|
name: Checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
persist-credentials: "false"
|
|
|
|
- if: github.repository_owner == 'searxng'
|
|
name: Get date
|
|
id: date
|
|
run: echo "date=$(date +'%Y%m%d')" >>$GITHUB_OUTPUT
|
|
|
|
- if: github.repository_owner == 'searxng'
|
|
name: Check cache apko
|
|
id: cache-apko
|
|
uses: actions/cache/restore@v4
|
|
with:
|
|
# yamllint disable-line rule:line-length
|
|
key: "apko-${{ steps.date.outputs.date }}-${{ hashFiles('./container/base.yml', './container/base-builder.yml') }}"
|
|
path: "/tmp/.apko/"
|
|
lookup-only: true
|
|
|
|
- if: github.repository_owner == 'searxng' && steps.cache-apko.outputs.cache-hit != 'true'
|
|
name: Setup cache apko
|
|
uses: actions/cache@v4
|
|
with:
|
|
# yamllint disable-line rule:line-length
|
|
key: "apko-${{ steps.date.outputs.date }}-${{ hashFiles('./container/base.yml', './container/base-builder.yml') }}"
|
|
restore-keys: "apko-${{ steps.date.outputs.date }}-"
|
|
path: "/tmp/.apko/"
|
|
|
|
- if: github.repository_owner == 'searxng' && steps.cache-apko.outputs.cache-hit != 'true'
|
|
name: Setup apko
|
|
run: |
|
|
eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
|
|
brew install apko
|
|
|
|
- if: github.repository_owner == 'searxng' && steps.cache-apko.outputs.cache-hit != 'true'
|
|
name: Login to GHCR
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: "ghcr.io"
|
|
username: "${{ github.repository_owner }}"
|
|
password: "${{ secrets.GITHUB_TOKEN }}"
|
|
|
|
- if: github.repository_owner == 'searxng' && steps.cache-apko.outputs.cache-hit != 'true'
|
|
name: Build
|
|
run: |
|
|
eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
|
|
|
|
apko publish ./container/base.yml ghcr.io/${{ github.repository_owner }}/base:searxng \
|
|
--cache-dir=/tmp/.apko/ \
|
|
--sbom=false \
|
|
--vcs=false \
|
|
--log-level=debug
|
|
|
|
apko publish ./container/base-builder.yml ghcr.io/${{ github.repository_owner }}/base:searxng-builder \
|
|
--cache-dir=/tmp/.apko/ \
|
|
--sbom=false \
|
|
--vcs=false \
|
|
--log-level=debug
|
|
|
|
build:
|
|
if: github.repository_owner == 'searxng' || github.event_name == 'workflow_dispatch'
|
|
name: Build (${{ matrix.arch }})
|
|
runs-on: ${{ matrix.os }}
|
|
needs: build-base
|
|
strategy:
|
|
fail-fast: false
|
|
# Faster runners first to cache arch independent wheels
|
|
max-parallel: 1
|
|
matrix:
|
|
include:
|
|
- arch: amd64
|
|
os: ubuntu-24.04
|
|
emulation: false
|
|
- arch: arm64
|
|
os: ubuntu-24.04-arm
|
|
emulation: false
|
|
- arch: armv7
|
|
os: ubuntu-24.04-arm
|
|
emulation: true
|
|
|
|
permissions:
|
|
# Organization GHCR
|
|
packages: write
|
|
|
|
outputs:
|
|
docker_tag: ${{ steps.build.outputs.docker_tag }}
|
|
git_url: ${{ steps.build.outputs.git_url }}
|
|
|
|
steps:
|
|
- name: Setup Python
|
|
uses: actions/setup-python@v5
|
|
with:
|
|
python-version: "${{ env.PYTHON_VERSION }}"
|
|
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
persist-credentials: "false"
|
|
|
|
- name: Setup cache Python
|
|
uses: actions/cache@v4
|
|
with:
|
|
key: "python-${{ env.PYTHON_VERSION }}-${{ runner.arch }}-${{ hashFiles('./requirements*.txt') }}"
|
|
restore-keys: "python-${{ env.PYTHON_VERSION }}-${{ runner.arch }}-"
|
|
path: "./local/"
|
|
|
|
- name: Setup cache container mounts
|
|
uses: actions/cache@v4
|
|
with:
|
|
key: "container-mounts-${{ hashFiles('./container/*.dockerfile') }}"
|
|
restore-keys: "container-mounts-"
|
|
path: |
|
|
/var/tmp/buildah-cache/
|
|
/var/tmp/buildah-cache-*/
|
|
|
|
- if: ${{ matrix.emulation }}
|
|
name: Setup QEMU
|
|
uses: docker/setup-qemu-action@v3
|
|
|
|
- name: Login to GHCR
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: "ghcr.io"
|
|
username: "${{ github.repository_owner }}"
|
|
password: "${{ secrets.GITHUB_TOKEN }}"
|
|
|
|
- name: Build
|
|
id: build
|
|
env:
|
|
OVERRIDE_ARCH: "${{ matrix.arch }}"
|
|
run: make podman.build
|
|
|
|
test:
|
|
name: Test (${{ matrix.arch }})
|
|
runs-on: ${{ matrix.os }}
|
|
needs: build
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- arch: amd64
|
|
os: ubuntu-24.04
|
|
emulation: false
|
|
- arch: arm64
|
|
os: ubuntu-24.04-arm
|
|
emulation: false
|
|
- arch: armv7
|
|
os: ubuntu-24.04-arm
|
|
emulation: true
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
persist-credentials: "false"
|
|
|
|
- if: ${{ matrix.emulation }}
|
|
name: Setup QEMU
|
|
uses: docker/setup-qemu-action@v3
|
|
|
|
- name: Login to GHCR
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: "ghcr.io"
|
|
username: "${{ github.repository_owner }}"
|
|
password: "${{ secrets.GITHUB_TOKEN }}"
|
|
|
|
- name: Test
|
|
env:
|
|
OVERRIDE_ARCH: "${{ matrix.arch }}"
|
|
GIT_URL: "${{ needs.build.outputs.git_url }}"
|
|
run: make container.test
|
|
|
|
release:
|
|
if: github.repository_owner == 'searxng' && github.ref_name == 'master'
|
|
name: Release
|
|
runs-on: ubuntu-24.04-arm
|
|
needs:
|
|
- build
|
|
- test
|
|
|
|
permissions:
|
|
# Organization GHCR
|
|
packages: write
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
persist-credentials: "false"
|
|
|
|
- name: Login to GHCR
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: "ghcr.io"
|
|
username: "${{ github.repository_owner }}"
|
|
password: "${{ secrets.GITHUB_TOKEN }}"
|
|
|
|
- name: Login to Docker Hub
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: "docker.io"
|
|
username: "${{ secrets.DOCKERHUB_USERNAME }}"
|
|
password: "${{ secrets.DOCKERHUB_TOKEN }}"
|
|
|
|
- name: Release
|
|
env:
|
|
GIT_URL: "${{ needs.build.outputs.git_url }}"
|
|
DOCKER_TAG: "${{ needs.build.outputs.docker_tag }}"
|
|
run: make container.push
|