mirror of
https://github.com/searxng/searxng.git
synced 2025-12-22 19:50:00 +00:00
b7ecc1c240
* [enh] container: reproducible layers We are not aiming for reproducibility compliance, but we look to make most builder layers reproducible without caching at least for a short period of time (until the builder's base image changes or the child dependencies of a requirements.txt package are updated). This feature is only available on Podman. This targets https://github.com/searxng/searxng/pull/5086 main goal. * [fix] misc: apply suggestions Suggested: https://github.com/searxng/searxng/pull/5222#discussion_r2364630496 Suggested: https://github.com/searxng/searxng/pull/5222#discussion_r2364630511 * [enh] container: prevent useless layer
248 lines
7.6 KiB
YAML
248 lines
7.6 KiB
YAML
---
|
|
name: Container
|
|
|
|
# yamllint disable-line rule:truthy
|
|
on:
|
|
workflow_dispatch:
|
|
workflow_run:
|
|
workflows:
|
|
- Integration
|
|
types:
|
|
- completed
|
|
branches:
|
|
- master
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}
|
|
cancel-in-progress: false
|
|
|
|
permissions:
|
|
contents: read
|
|
# Organization GHCR
|
|
packages: read
|
|
|
|
env:
|
|
PYTHON_VERSION: "3.13"
|
|
|
|
jobs:
|
|
build-base:
|
|
if: |
|
|
(github.repository_owner == 'searxng' && github.event.workflow_run.conclusion == 'success')
|
|
|| github.event_name == 'workflow_dispatch'
|
|
name: Build base
|
|
runs-on: ubuntu-24.04
|
|
permissions:
|
|
# Organization GHCR
|
|
packages: write
|
|
|
|
steps:
|
|
- if: github.repository_owner == 'searxng'
|
|
name: Checkout
|
|
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
with:
|
|
persist-credentials: "false"
|
|
|
|
- if: github.repository_owner == 'searxng'
|
|
name: Get date
|
|
id: date
|
|
run: echo "date=$(date +'%Y%m%d')" >>$GITHUB_OUTPUT
|
|
|
|
- if: github.repository_owner == 'searxng'
|
|
name: Check cache apko
|
|
id: cache-apko
|
|
uses: actions/cache/restore@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
|
|
with:
|
|
# yamllint disable-line rule:line-length
|
|
key: "apko-${{ steps.date.outputs.date }}-${{ hashFiles('./container/base.yml', './container/base-builder.yml') }}"
|
|
path: "/tmp/.apko/"
|
|
lookup-only: true
|
|
|
|
- if: github.repository_owner == 'searxng' && steps.cache-apko.outputs.cache-hit != 'true'
|
|
name: Setup cache apko
|
|
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
|
|
with:
|
|
# yamllint disable-line rule:line-length
|
|
key: "apko-${{ steps.date.outputs.date }}-${{ hashFiles('./container/base.yml', './container/base-builder.yml') }}"
|
|
restore-keys: "apko-${{ steps.date.outputs.date }}-"
|
|
path: "/tmp/.apko/"
|
|
|
|
- if: github.repository_owner == 'searxng' && steps.cache-apko.outputs.cache-hit != 'true'
|
|
name: Setup apko
|
|
run: |
|
|
eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
|
|
brew install apko
|
|
|
|
- if: github.repository_owner == 'searxng' && steps.cache-apko.outputs.cache-hit != 'true'
|
|
name: Login to GHCR
|
|
uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
|
|
with:
|
|
registry: "ghcr.io"
|
|
username: "${{ github.repository_owner }}"
|
|
password: "${{ secrets.GITHUB_TOKEN }}"
|
|
|
|
- if: github.repository_owner == 'searxng' && steps.cache-apko.outputs.cache-hit != 'true'
|
|
name: Build
|
|
run: |
|
|
eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
|
|
|
|
apko publish ./container/base.yml ghcr.io/${{ github.repository_owner }}/base:searxng \
|
|
--cache-dir=/tmp/.apko/ \
|
|
--sbom=false \
|
|
--vcs=false \
|
|
--log-level=debug
|
|
|
|
apko publish ./container/base-builder.yml ghcr.io/${{ github.repository_owner }}/base:searxng-builder \
|
|
--cache-dir=/tmp/.apko/ \
|
|
--sbom=false \
|
|
--vcs=false \
|
|
--log-level=debug
|
|
|
|
build:
|
|
if: github.repository_owner == 'searxng' || github.event_name == 'workflow_dispatch'
|
|
name: Build (${{ matrix.arch }})
|
|
runs-on: ${{ matrix.os }}
|
|
needs: build-base
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- arch: amd64
|
|
os: ubuntu-24.04
|
|
emulation: false
|
|
- arch: arm64
|
|
os: ubuntu-24.04-arm
|
|
emulation: false
|
|
- arch: armv7
|
|
os: ubuntu-24.04-arm
|
|
emulation: true
|
|
|
|
permissions:
|
|
# Organization GHCR
|
|
packages: write
|
|
|
|
outputs:
|
|
docker_tag: ${{ steps.build.outputs.docker_tag }}
|
|
git_url: ${{ steps.build.outputs.git_url }}
|
|
|
|
steps:
|
|
- name: Setup Python
|
|
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
|
|
with:
|
|
python-version: "${{ env.PYTHON_VERSION }}"
|
|
|
|
- name: Checkout
|
|
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
with:
|
|
persist-credentials: "false"
|
|
fetch-depth: "0"
|
|
|
|
- name: Setup cache Python
|
|
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
|
|
with:
|
|
key: "python-${{ env.PYTHON_VERSION }}-${{ runner.arch }}-${{ hashFiles('./requirements*.txt') }}"
|
|
restore-keys: "python-${{ env.PYTHON_VERSION }}-${{ runner.arch }}-"
|
|
path: "./local/"
|
|
|
|
- name: Setup cache container uv
|
|
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
|
|
with:
|
|
key: "container-uv-${{ matrix.arch }}-${{ hashFiles('./requirements*.txt') }}"
|
|
restore-keys: "container-uv-${{ matrix.arch }}-"
|
|
path: "/var/tmp/buildah-cache-1001/uv/"
|
|
|
|
- if: ${{ matrix.emulation }}
|
|
name: Setup QEMU
|
|
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
|
|
|
|
- name: Login to GHCR
|
|
uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
|
|
with:
|
|
registry: "ghcr.io"
|
|
username: "${{ github.repository_owner }}"
|
|
password: "${{ secrets.GITHUB_TOKEN }}"
|
|
|
|
- name: Build
|
|
id: build
|
|
env:
|
|
OVERRIDE_ARCH: "${{ matrix.arch }}"
|
|
run: make podman.build
|
|
|
|
test:
|
|
name: Test (${{ matrix.arch }})
|
|
runs-on: ${{ matrix.os }}
|
|
needs: build
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- arch: amd64
|
|
os: ubuntu-24.04
|
|
emulation: false
|
|
- arch: arm64
|
|
os: ubuntu-24.04-arm
|
|
emulation: false
|
|
- arch: armv7
|
|
os: ubuntu-24.04-arm
|
|
emulation: true
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
with:
|
|
persist-credentials: "false"
|
|
|
|
- if: ${{ matrix.emulation }}
|
|
name: Setup QEMU
|
|
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
|
|
|
|
- name: Login to GHCR
|
|
uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
|
|
with:
|
|
registry: "ghcr.io"
|
|
username: "${{ github.repository_owner }}"
|
|
password: "${{ secrets.GITHUB_TOKEN }}"
|
|
|
|
- name: Test
|
|
env:
|
|
OVERRIDE_ARCH: "${{ matrix.arch }}"
|
|
GIT_URL: "${{ needs.build.outputs.git_url }}"
|
|
run: make container.test
|
|
|
|
release:
|
|
if: github.repository_owner == 'searxng' && github.ref_name == 'master'
|
|
name: Release
|
|
runs-on: ubuntu-24.04-arm
|
|
needs:
|
|
- build
|
|
- test
|
|
|
|
permissions:
|
|
# Organization GHCR
|
|
packages: write
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
with:
|
|
persist-credentials: "false"
|
|
|
|
- name: Login to GHCR
|
|
uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
|
|
with:
|
|
registry: "ghcr.io"
|
|
username: "${{ github.repository_owner }}"
|
|
password: "${{ secrets.GITHUB_TOKEN }}"
|
|
|
|
- name: Login to Docker Hub
|
|
uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
|
|
with:
|
|
registry: "docker.io"
|
|
username: "${{ secrets.DOCKERHUB_USERNAME }}"
|
|
password: "${{ secrets.DOCKERHUB_TOKEN }}"
|
|
|
|
- name: Release
|
|
env:
|
|
GIT_URL: "${{ needs.build.outputs.git_url }}"
|
|
DOCKER_TAG: "${{ needs.build.outputs.docker_tag }}"
|
|
run: make container.push
|