ci: split container push steps to separate job and add deploy tag

[buildbot.git] / .github / workflows / build-push.yml

name: Build and push containers
on:
  push:
    branches:
      - master
    tags:
      - 'v*'
  pull_request:

env:
  BUILDBOT_VERSION: 3.8.0
  GITHUB_SHA_LEN: 8

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: ${{ github.event_name == 'pull_request' }}

jobs:
  test-lint:
    name: Test with Python ${{ matrix.python-version }}
    runs-on: ubuntu-latest

    strategy:
      matrix:
        python-version:
          - "3.9"
          - "3.10"

    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - uses: actions/setup-python@v4
        with:
          python-version: ${{ matrix.python-version }}

      - name: Install dependencies
        run: pip install -r requirements-dev.txt

      - name: Lint with ruff
        run: ruff phase*/master.cfg

      - name: Stylecheck with black
        run: black phase1/master.cfg

  build-test:
    name: Build and Test container
    runs-on: ubuntu-latest
    needs: test-lint

    permissions:
      packages: write

    strategy:
      fail-fast: ${{ github.event_name == 'pull_request' }}
      matrix:
        include:
          - container_flavor: master
            container_verify_string: "buildmaster configured in /master"
          - container_flavor: worker
            container_test_command: "--env BUILDWORKER_NAME=X --env BUILDWORKER_PASSWORD=Y"
            container_verify_string: "worker configured in /builder"

    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Environment variables
        run: |
          echo "GIT_SHA_SHORT=${GITHUB_SHA::${{ env.GITHUB_SHA_LEN }}}" >> $GITHUB_ENV

      - name: Build container and export it to local Docker
        uses: docker/build-push-action@v4
        with:
          load: true
          tags: local/${{ matrix.container_flavor }}
          file: docker/build${{ matrix.container_flavor }}/Dockerfile
          build-args: |
            BUILDBOT_VERSION=${{ env.BUILDBOT_VERSION }}
            OPENWRT_VERSION=${{ env.GIT_SHA_SHORT }}

      - name: Test ${{ matrix.container_flavor }} Docker container
        run: |
          docker run --detach ${{ matrix.container_test_command }} --name test-${{ matrix.container_flavor }} local/${{ matrix.container_flavor }}
          sleep 5
          docker logs test-${{ matrix.container_flavor }} | tee ${{ matrix.container_flavor }}.log
          grep "${{ matrix.container_verify_string }}" ${{ matrix.container_flavor }}.log

  deploy:
    name: Push Container
    if: github.event_name != 'pull_request' || github.repository_owner != 'openwrt'
    runs-on: ubuntu-latest
    needs: build-test

    environment: production

    permissions:
      packages: write

    strategy:
      matrix:
        container_flavor:
          - master
          - worker

    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Environment variables
        run: |
          echo "GIT_SHA_SHORT=${GITHUB_SHA::${{ env.GITHUB_SHA_LEN }}}" >> $GITHUB_ENV

      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v4
        with:
          images: name=ghcr.io/${{ github.repository }}/build${{ matrix.container_flavor }}-v${{ env.BUILDBOT_VERSION }}

      - name: Login to GitHub Container Registry
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build container again and push it
        uses: docker/build-push-action@v4
        with:
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          file: docker/build${{ matrix.container_flavor }}/Dockerfile
          build-args: |
            BUILDBOT_VERSION=${{ env.BUILDBOT_VERSION }}
            OPENWRT_VERSION=${{ env.GIT_SHA_SHORT }}