1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
name: docker-init
inputs:
deploy-user:
required: true
deploy-token:
required: true
image-name:
required: true
distro-release:
required: false
runs:
using: composite
steps:
- name: Set up QEMU
shell: bash
env:
QEMU_USER_STATIC_PACKAGE: qemu-user-static_7.2+dfsg-7+deb12u12_amd64.deb
REPO_DATE: 20250130T084806Z
PACKAGE_SHA256: 1a2696081c1f30d464f79fd300196822397c77f05440ea9ce6dc8e9658b595ec
run: |
# temporarily use Debian qemu-user-static until Ubuntu fixes theirs
wget -q http://snapshot.debian.org/archive/debian/${REPO_DATE}/pool/main/q/qemu/${QEMU_USER_STATIC_PACKAGE}
echo "${PACKAGE_SHA256} ${QEMU_USER_STATIC_PACKAGE}" | sha256sum -c
sudo dpkg -i ${QEMU_USER_STATIC_PACKAGE}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: image=moby/buildkit:v0.16.0
- name: Login to ghcr.io
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ inputs.deploy-user }}
password: ${{ inputs.deploy-token }}
- name: Set SOURCE_DATE_EPOCH
run: |
echo "SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV
shell: bash
- name: Determine Debian tag
run: |
if [[ ! "${{ inputs.distro-release }}" == debian-* ]]; then
echo "Non debian 'distro-release' values are currently not supported"
exit 1
fi
COMMIT_DATE=$(date -d @$(git log -1 --pretty=%ct) +%Y%m%d)
DEBIAN_LATEST_RELEASE=$(grep -m 1 'ARG DEBIAN_TAG=' Dockerfile | sed 's/.*DEBIAN_TAG=\(.*\)-.*/\1/')
if [ -n "${{ inputs.distro-release }}" ]; then
DISTRO_RELEASE="${{ inputs.distro-release }}"
DEBIAN_RELEASE="${DISTRO_RELEASE#debian-}"
else
DEBIAN_RELEASE=$DEBIAN_LATEST_RELEASE
fi
echo "DEBIAN_TAG=$(podman search --list-tags docker.io/debian --limit 1000000000 | \
grep "$DEBIAN_RELEASE-.*-slim" | sort -r | sed 's/.*[ ]\+//' | \
./scripts/lower-bound.py $DEBIAN_RELEASE-$COMMIT_DATE-slim )" \
>> $GITHUB_ENV
echo "DISTRO_LATEST_RELEASE=debian-$DEBIAN_LATEST_RELEASE" >> $GITHUB_ENV
shell: bash
- name: Prepare repository for COPY-in
run: |
git clone . /home/runner/kas-clone
shell: bash
- name: Define image metadata
run: |
case ${{ inputs.image-name }} in
kas)
echo "IMAGE_DESCRIPTION=kas build environment for Yocto/OpenEmbedded projects" >> $GITHUB_ENV
;;
kas-isar)
echo "IMAGE_DESCRIPTION=kas build environment for isar-based Debian projects" >> $GITHUB_ENV
;;
esac
# make image metadata reproducible (also for image re-builders)
echo "IMAGE_COMMIT_DATE=$(date -d @$(git log -1 --pretty=%ct) --iso-8601=seconds)" >> $GITHUB_ENV
echo "IMAGE_OFFICIAL_URL=https://github.com/siemens/kas" >> $GITHUB_ENV
shell: bash
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
annotations: |
org.opencontainers.image.description=${{ env.IMAGE_DESCRIPTION }}
org.opencontainers.image.licenses=MIT and others
org.opencontainers.image.created=${{ env.IMAGE_COMMIT_DATE }}
org.opencontainers.image.source=${{ env.IMAGE_OFFICIAL_URL }}
org.opencontainers.image.url=${{ env.IMAGE_OFFICIAL_URL }}
env:
DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
- name: Cache apt
id: cache-apt
uses: actions/cache@v4
with:
path: |
var-cache-apt
var-lib-apt
key: cache-apt-${{ env.DEBIAN_TAG }}-${{ inputs.image-name }}
- name: Inject cache into docker
uses: reproducible-containers/buildkit-cache-dance@5b6db76d1da5c8b307d5d2e0706d266521b710de #v3.1.2
with:
cache-map: |
{
"var-cache-apt": "/var/cache/apt",
"var-lib-apt": "/var/lib/apt"
}
skip-extraction: ${{ steps.cache.outputs.cache-hit }}
|
