From 74d7f39d6ca5ec132ca05d63aaf4e0600407cd63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mi=C5=82osz=20Linkiewicz?= Date: Thu, 21 Nov 2024 19:11:58 +0100 Subject: [PATCH 1/7] Create ubuntu-docker-publish.yaml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Ci/Cd: Added Docker Buildx Caching: - each stage have now a cache reference added - each image can now be pushed to namespaced registry - removed unused architectures and QEMU builder Update tags for image push: - fixed docker cache-from - fixed docker cache-to - fixed login issues Signed-off-by: Miłosz Linkiewicz --- .github/workflows/ubuntu-docker-publish.yaml | 78 ++++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100644 .github/workflows/ubuntu-docker-publish.yaml diff --git a/.github/workflows/ubuntu-docker-publish.yaml b/.github/workflows/ubuntu-docker-publish.yaml new file mode 100644 index 00000000..68890927 --- /dev/null +++ b/.github/workflows/ubuntu-docker-publish.yaml @@ -0,0 +1,78 @@ +name: Docker Build + +on: + push: + branches: [ "main", "maint-*" ] + +permissions: + contents: read + +env: + BUILD_TYPE: "Release" + DOCKER_IMAGE_BASE: "ghcr.io/openvisualcloud/media-communications-mesh" + DOCKER_IMAGE_TAG: "${{ github.sha }}" + +jobs: + docker-publish: + name: "Image build and publish for Intel® Media Communications Mesh" + runs-on: ubuntu-22.04 + if: github.repository == 'openvisualcloud/media-communications-mesh' + permissions: + packages: write + timeout-minutes: 120 + steps: + - name: Harden Runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: audit + + - name: Checkout + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0 + with: + buildkitd-flags: --debug --allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host + cache-binary: true + driver-opts: | + image=moby/buildkit:master + network=host + install: true + platforms: linux/amd64 + + - name: Login to GitHub Container Registry + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and publish SDK sample apps + uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0 + with: + file: sdk/Dockerfile + tags: "${{ env.DOCKER_IMAGE_BASE }}/sdk:${{ github.sha }}" + context: . + push: true + cache-from: type=registry,ref=${{ env.DOCKER_IMAGE_BASE }}/sdk:buildcache + cache-to: type=registry,ref=${{ env.DOCKER_IMAGE_BASE }}/sdk:buildcache,mode=max + + - name: Build and publish ffmpeg and plugins + uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0 + with: + file: ffmpeg-plugin/Dockerfile + tags: "${{ env.DOCKER_IMAGE_BASE }}/ffmpeg:${{ github.sha }}" + context: . + push: true + cache-from: type=registry,ref=${{ env.DOCKER_IMAGE_BASE }}/ffmpeg:buildcache + cache-to: type=registry,ref=${{ env.DOCKER_IMAGE_BASE }}/ffmpeg:buildcache,mode=max + + - name: Build and publish media proxy application + uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0 + with: + file: media-proxy/Dockerfile + tags: "${{ env.DOCKER_IMAGE_BASE }}/media-proxy:${{ github.sha }}" + context: . + push: true + cache-from: type=registry,ref=${{ env.DOCKER_IMAGE_BASE }}/media-proxy:buildcache + cache-to: type=registry,ref=${{ env.DOCKER_IMAGE_BASE }}/media-proxy:buildcache,mode=max From 2963ff52ec64ec63b5b9764b7b2120a8228740b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mi=C5=82osz=20Linkiewicz?= Date: Thu, 21 Nov 2024 19:13:23 +0100 Subject: [PATCH 2/7] Update ubuntu-docker-publish.yaml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Miłosz Linkiewicz --- .github/workflows/ubuntu-docker-publish.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ubuntu-docker-publish.yaml b/.github/workflows/ubuntu-docker-publish.yaml index 68890927..5e7ce397 100644 --- a/.github/workflows/ubuntu-docker-publish.yaml +++ b/.github/workflows/ubuntu-docker-publish.yaml @@ -1,4 +1,4 @@ -name: Docker Build +name: docker-publish on: push: From 4254cf2a29ba4146ad2c5c96d7e3c6fffc573d1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mi=C5=82osz=20Linkiewicz?= Date: Thu, 21 Nov 2024 19:18:05 +0100 Subject: [PATCH 3/7] Update ubuntu-docker-ffmpeg.yml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Added ffmepg caching function. Signed-off-by: Miłosz Linkiewicz --- .github/workflows/ubuntu-docker-ffmpeg.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ubuntu-docker-ffmpeg.yml b/.github/workflows/ubuntu-docker-ffmpeg.yml index 5b5c0d3c..9e261e5a 100644 --- a/.github/workflows/ubuntu-docker-ffmpeg.yml +++ b/.github/workflows/ubuntu-docker-ffmpeg.yml @@ -9,13 +9,17 @@ on: permissions: contents: read +env: + BUILD_TYPE: "Release" + DOCKER_IMAGE_BASE: "ghcr.io/openvisualcloud/media-communications-mesh" + DOCKER_IMAGE_TAG: "${{ github.sha }}" + jobs: docker: runs-on: ubuntu-latest timeout-minutes: 120 permissions: contents: read - packages: write steps: - name: Harden Runner uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 @@ -37,4 +41,5 @@ jobs: allow: network.host context: . push: false - tags: "mcm/ffmpeg:${{ github.sha }}" + tags: "${{ env.DOCKER_IMAGE_BASE }}/ffmpeg:${{ env.DOCKER_IMAGE_TAG }}" + cache-from: type=registry,ref=${{ env.DOCKER_IMAGE_BASE }}/ffmpeg:buildcache From 94ac254eadf938c05167a1cf4a3251f69b4ad2fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mi=C5=82osz=20Linkiewicz?= Date: Thu, 21 Nov 2024 19:21:25 +0100 Subject: [PATCH 4/7] Update ubuntu-docker-media-proxy.yml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Miłosz Linkiewicz --- .../workflows/ubuntu-docker-media-proxy.yml | 23 +++++++++++-------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ubuntu-docker-media-proxy.yml b/.github/workflows/ubuntu-docker-media-proxy.yml index 4ef820db..669b9a78 100644 --- a/.github/workflows/ubuntu-docker-media-proxy.yml +++ b/.github/workflows/ubuntu-docker-media-proxy.yml @@ -1,21 +1,23 @@ -name: Build Dockerfiles Ubuntu +name: Build media-proxy Dockerfile Ubuntu on: - push: - branches: [ "main", "dev", "maint-*" ] - pull_request: - branches: [ "main", "dev", "maint-*" ] + push: + branches: [ "main", "dev", "maint-*" ] + pull_request: + branches: [ "main", "dev", "maint-*" ] permissions: contents: read +env: + BUILD_TYPE: "Release" + DOCKER_IMAGE_BASE: "ghcr.io/openvisualcloud/media-communications-mesh" + DOCKER_IMAGE_TAG: "${{ github.sha }}" + jobs: docker: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 timeout-minutes: 120 - permissions: - contents: read - packages: write steps: - name: Harden Runner uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 @@ -37,4 +39,5 @@ jobs: allow: network.host context: . push: false - tags: "mcm/media-proxy:${{ github.sha }}" + tags: "${{ env.DOCKER_IMAGE_BASE }}/media-proxy:${{ env.DOCKER_IMAGE_TAG }}" + cache-from: type=registry,ref=${{ env.DOCKER_IMAGE_BASE }}/media-proxy:buildcache From a1cd269417d541342b900231e6c0a2dbbae9c8b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mi=C5=82osz=20Linkiewicz?= Date: Thu, 21 Nov 2024 19:22:12 +0100 Subject: [PATCH 5/7] Update ubuntu-docker-ffmpeg.yml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Miłosz Linkiewicz --- .github/workflows/ubuntu-docker-ffmpeg.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ubuntu-docker-ffmpeg.yml b/.github/workflows/ubuntu-docker-ffmpeg.yml index 9e261e5a..c7ac8c32 100644 --- a/.github/workflows/ubuntu-docker-ffmpeg.yml +++ b/.github/workflows/ubuntu-docker-ffmpeg.yml @@ -1,10 +1,10 @@ name: Build FFmpeg Dockerfile Ubuntu on: - push: - branches: [ "main", "dev", "maint-*" ] - pull_request: - branches: [ "main", "dev", "maint-*" ] + push: + branches: [ "main", "dev", "maint-*" ] + pull_request: + branches: [ "main", "dev", "maint-*" ] permissions: contents: read @@ -16,8 +16,8 @@ env: jobs: docker: - runs-on: ubuntu-latest - timeout-minutes: 120 + runs-on: ubuntu-22.04 + timeout-minutes: 60 permissions: contents: read steps: From 8493e0bb22fb9288089662de16014b3e273035b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mi=C5=82osz=20Linkiewicz?= Date: Thu, 21 Nov 2024 19:24:04 +0100 Subject: [PATCH 6/7] Update ubuntu-docker-sdk.yml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Miłosz Linkiewicz --- .github/workflows/ubuntu-docker-sdk.yml | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ubuntu-docker-sdk.yml b/.github/workflows/ubuntu-docker-sdk.yml index 8cd22ae9..41007ead 100644 --- a/.github/workflows/ubuntu-docker-sdk.yml +++ b/.github/workflows/ubuntu-docker-sdk.yml @@ -1,21 +1,23 @@ name: Build SDK Dockerfile Ubuntu on: - push: - branches: [ "main", "dev", "maint-*" ] - pull_request: - branches: [ "main", "dev", "maint-*" ] + push: + branches: [ "main", "dev", "maint-*" ] + pull_request: + branches: [ "main", "dev", "maint-*" ] permissions: contents: read +env: + BUILD_TYPE: "Release" + DOCKER_IMAGE_BASE: "ghcr.io/openvisualcloud/media-communications-mesh" + DOCKER_IMAGE_TAG: "${{ github.sha }}" + jobs: docker: - runs-on: ubuntu-latest - timeout-minutes: 120 - permissions: - contents: read - packages: write + runs-on: ubuntu-22.04 + timeout-minutes: 60 steps: - name: Harden Runner uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 @@ -37,4 +39,5 @@ jobs: allow: network.host context: . push: false - tags: "mcm/sdk:${{ github.sha }}" + tags: "${{ env.DOCKER_IMAGE_BASE }}/sdk:${{ env.DOCKER_IMAGE_TAG }}" + cache-from: type=registry,ref=${{ env.DOCKER_IMAGE_BASE }}/sdk:buildcache From 65509b017db11fc30c3e6ae73793e3d235911d65 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mi=C5=82osz=20Linkiewicz?= Date: Thu, 21 Nov 2024 19:24:25 +0100 Subject: [PATCH 7/7] Update ubuntu-docker-media-proxy.yml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Miłosz Linkiewicz --- .github/workflows/ubuntu-docker-media-proxy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ubuntu-docker-media-proxy.yml b/.github/workflows/ubuntu-docker-media-proxy.yml index 669b9a78..b0ea7f66 100644 --- a/.github/workflows/ubuntu-docker-media-proxy.yml +++ b/.github/workflows/ubuntu-docker-media-proxy.yml @@ -17,7 +17,7 @@ env: jobs: docker: runs-on: ubuntu-22.04 - timeout-minutes: 120 + timeout-minutes: 60 steps: - name: Harden Runner uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1