Create ubuntu-docker-publish.yaml (#262)

* Create ubuntu-docker-publish.yaml Ci/Cd: Added Docker Buildx Caching: - each stage have now a cache reference added - each image can now be pushed to namespaced registry - removed unused architectures and QEMU builder Update tags for image push: - fixed docker cache-from - fixed docker cache-to - fixed login issues * Update ubuntu-docker-publish.yaml * Update ubuntu-docker-ffmpeg.yml * Update ubuntu-docker-sdk.yml * Update ubuntu-docker-media-proxy.yml --------- Signed-off-by: Miłosz Linkiewicz <milosz.linkiewicz@intel.com>
OpenVisualCloud · Nov 26, 2024 · 411047f · 411047f
1 parent b50078f
commit 411047f
Show file tree

Hide file tree

Showing 4 changed files with 118 additions and 29 deletions.
diff --git a/.github/workflows/ubuntu-docker-ffmpeg.yml b/.github/workflows/ubuntu-docker-ffmpeg.yml
@@ -1,21 +1,25 @@
 name: Build FFmpeg Dockerfile Ubuntu
 
 on:
-    push:
-      branches: [ "main", "dev", "maint-*" ]
-    pull_request:
-      branches: [ "main", "dev", "maint-*" ]
+  push:
+    branches: [ "main", "dev", "maint-*" ]
+  pull_request:
+    branches: [ "main", "dev", "maint-*" ]
 
 permissions:
   contents: read
 
+env:
+  BUILD_TYPE: "Release"
+  DOCKER_IMAGE_BASE: "ghcr.io/openvisualcloud/media-communications-mesh"
+  DOCKER_IMAGE_TAG: "${{ github.sha }}"
+
 jobs:
   docker:
-    runs-on: ubuntu-latest
-    timeout-minutes: 120
+    runs-on: ubuntu-22.04
+    timeout-minutes: 60
     permissions:
       contents: read
-      packages: write
     steps:
       - name: Harden Runner
         uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
@@ -37,4 +41,5 @@ jobs:
           allow: network.host
           context: .
           push: false
-          tags: "mcm/ffmpeg:${{ github.sha }}"
+          tags: "${{ env.DOCKER_IMAGE_BASE }}/ffmpeg:${{ env.DOCKER_IMAGE_TAG }}"
+          cache-from: type=registry,ref=${{ env.DOCKER_IMAGE_BASE }}/ffmpeg:buildcache
diff --git a/.github/workflows/ubuntu-docker-media-proxy.yml b/.github/workflows/ubuntu-docker-media-proxy.yml
@@ -1,21 +1,23 @@
-name: Build Dockerfiles Ubuntu
+name: Build media-proxy Dockerfile Ubuntu
 
 on:
-    push:
-      branches: [ "main", "dev", "maint-*" ]
-    pull_request:
-      branches: [ "main", "dev", "maint-*" ]
+  push:
+    branches: [ "main", "dev", "maint-*" ]
+  pull_request:
+    branches: [ "main", "dev", "maint-*" ]
 
 permissions:
   contents: read
 
+env:
+  BUILD_TYPE: "Release"
+  DOCKER_IMAGE_BASE: "ghcr.io/openvisualcloud/media-communications-mesh"
+  DOCKER_IMAGE_TAG: "${{ github.sha }}"
+
 jobs:
   docker:
-    runs-on: ubuntu-latest
-    timeout-minutes: 120
-    permissions:
-      contents: read
-      packages: write
+    runs-on: ubuntu-22.04
+    timeout-minutes: 60
     steps:
       - name: Harden Runner
         uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
@@ -37,4 +39,5 @@ jobs:
           allow: network.host
           context: .
           push: false
-          tags: "mcm/media-proxy:${{ github.sha }}"
+          tags: "${{ env.DOCKER_IMAGE_BASE }}/media-proxy:${{ env.DOCKER_IMAGE_TAG }}"
+          cache-from: type=registry,ref=${{ env.DOCKER_IMAGE_BASE }}/media-proxy:buildcache
diff --git a/.github/workflows/ubuntu-docker-publish.yaml b/.github/workflows/ubuntu-docker-publish.yaml
@@ -0,0 +1,78 @@
+name: docker-publish
+
+on:
+  push:
+    branches: [ "main", "maint-*" ]
+
+permissions:
+  contents: read
+
+env:
+  BUILD_TYPE: "Release"
+  DOCKER_IMAGE_BASE: "ghcr.io/openvisualcloud/media-communications-mesh"
+  DOCKER_IMAGE_TAG: "${{ github.sha }}"
+
+jobs:
+  docker-publish:
+    name: "Image build and publish for Intel® Media Communications Mesh"
+    runs-on: ubuntu-22.04
+    if: github.repository == 'openvisualcloud/media-communications-mesh'
+    permissions:
+      packages: write
+    timeout-minutes: 120
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+        with:
+          egress-policy: audit
+
+      - name: Checkout
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
+        with:
+          buildkitd-flags: --debug --allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host
+          cache-binary: true
+          driver-opts: |
+            image=moby/buildkit:master
+            network=host
+          install: true
+          platforms: linux/amd64
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and publish SDK sample apps
+        uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0
+        with:
+          file: sdk/Dockerfile
+          tags: "${{ env.DOCKER_IMAGE_BASE }}/sdk:${{ github.sha }}"
+          context: .
+          push: true
+          cache-from: type=registry,ref=${{ env.DOCKER_IMAGE_BASE }}/sdk:buildcache
+          cache-to: type=registry,ref=${{ env.DOCKER_IMAGE_BASE }}/sdk:buildcache,mode=max
+
+      - name: Build and publish ffmpeg and plugins
+        uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0
+        with:
+          file: ffmpeg-plugin/Dockerfile
+          tags: "${{ env.DOCKER_IMAGE_BASE }}/ffmpeg:${{ github.sha }}"
+          context: .
+          push: true
+          cache-from: type=registry,ref=${{ env.DOCKER_IMAGE_BASE }}/ffmpeg:buildcache
+          cache-to: type=registry,ref=${{ env.DOCKER_IMAGE_BASE }}/ffmpeg:buildcache,mode=max
+
+      - name: Build and publish media proxy application
+        uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0
+        with:
+          file: media-proxy/Dockerfile
+          tags: "${{ env.DOCKER_IMAGE_BASE }}/media-proxy:${{ github.sha }}"
+          context: .
+          push: true
+          cache-from: type=registry,ref=${{ env.DOCKER_IMAGE_BASE }}/media-proxy:buildcache
+          cache-to: type=registry,ref=${{ env.DOCKER_IMAGE_BASE }}/media-proxy:buildcache,mode=max
diff --git a/.github/workflows/ubuntu-docker-sdk.yml b/.github/workflows/ubuntu-docker-sdk.yml
@@ -1,21 +1,23 @@
 name: Build SDK Dockerfile Ubuntu
 
 on:
-    push:
-      branches: [ "main", "dev", "maint-*" ]
-    pull_request:
-      branches: [ "main", "dev", "maint-*" ]
+  push:
+    branches: [ "main", "dev", "maint-*" ]
+  pull_request:
+    branches: [ "main", "dev", "maint-*" ]
 
 permissions:
   contents: read
 
+env:
+  BUILD_TYPE: "Release"
+  DOCKER_IMAGE_BASE: "ghcr.io/openvisualcloud/media-communications-mesh"
+  DOCKER_IMAGE_TAG: "${{ github.sha }}"
+
 jobs:
   docker:
-    runs-on: ubuntu-latest
-    timeout-minutes: 120
-    permissions:
-      contents: read
-      packages: write
+    runs-on: ubuntu-22.04
+    timeout-minutes: 60
     steps:
       - name: Harden Runner
         uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
@@ -37,4 +39,5 @@ jobs:
           allow: network.host
           context: .
           push: false
-          tags: "mcm/sdk:${{ github.sha }}"
+          tags: "${{ env.DOCKER_IMAGE_BASE }}/sdk:${{ env.DOCKER_IMAGE_TAG }}"
+          cache-from: type=registry,ref=${{ env.DOCKER_IMAGE_BASE }}/sdk:buildcache