worker: remove automatic migration of legacy v1 cache #8448
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: buildkit | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions | |
| permissions: | |
| contents: read | |
| on: | |
| schedule: | |
| - cron: '0 10 * * *' | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - 'master' | |
| - 'v[0-9]+.[0-9]+' | |
| tags: | |
| - 'v*' | |
| pull_request: | |
| paths-ignore: | |
| - 'README.md' | |
| - 'docs/**' | |
| - 'frontend/dockerfile/docs/**' | |
| env: | |
| GO_VERSION: "1.25" | |
| SETUP_BUILDX_VERSION: "edge" | |
| SETUP_BUILDKIT_IMAGE: "moby/buildkit:latest" | |
| SCOUT_VERSION: "1.13.0" | |
| IMAGE_NAME: "moby/buildkit" | |
| DESTDIR: "./bin" | |
| jobs: | |
| prepare: | |
| runs-on: ubuntu-24.04 | |
| outputs: | |
| binaries-platforms: ${{ steps.platforms.outputs.matrix }} | |
| steps: | |
| - | |
| name: Checkout | |
| uses: actions/checkout@v6 | |
| - | |
| name: Platforms matrix | |
| id: platforms | |
| uses: docker/bake-action/subaction/matrix@v6 | |
| with: | |
| target: release | |
| fields: platforms | |
| binaries: | |
| uses: docker/github-builder/.github/workflows/bake.yml@v1 | |
| permissions: | |
| contents: read # same as global permission | |
| id-token: write # for signing attestation(s) with GitHub OIDC Token | |
| with: | |
| runner: amd64 | |
| setup-qemu: true | |
| artifact-name: buildkit-binaries | |
| artifact-upload: true | |
| cache: true | |
| cache-scope: binaries | |
| target: release | |
| output: local | |
| sbom: true | |
| sign: ${{ github.event_name != 'pull_request' }} | |
| binaries-finalize: | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - binaries | |
| steps: | |
| - | |
| name: Download artifacts | |
| uses: actions/download-artifact@v7 | |
| with: | |
| path: /tmp/buildx-output | |
| name: ${{ needs.binaries.outputs.artifact-name }} | |
| - | |
| name: Rename provenance and sbom | |
| run: | | |
| for pdir in /tmp/buildx-output/*/; do | |
| ( | |
| cd "$pdir" | |
| binname=$(find . -name 'buildkit-*') | |
| filename=$(basename "$binname" | sed -E 's/\.(tar\.gz|zip)$//') | |
| mv "provenance.json" "${filename}.provenance.json" | |
| mv "sbom-binaries.spdx.json" "${filename}.sbom.json" | |
| find . -name 'sbom*.json' -exec rm {} \; | |
| if [ -f "provenance.sigstore.json" ]; then | |
| mv "provenance.sigstore.json" "${filename}.sigstore.json" | |
| fi | |
| ) | |
| done | |
| mkdir -p "${{ env.DESTDIR }}" | |
| mv /tmp/buildx-output/**/* "${{ env.DESTDIR }}/" | |
| - | |
| name: List artifacts | |
| working-directory: ${{ env.DESTDIR }} | |
| run: | | |
| tree -nh . | |
| - | |
| name: Upload release binaries | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: buildkit-release | |
| path: ${{ env.DESTDIR }}/* | |
| if-no-files-found: error | |
| test: | |
| uses: ./.github/workflows/.test.yml | |
| secrets: inherit | |
| needs: | |
| - binaries | |
| with: | |
| cache_scope: build-integration-tests | |
| pkgs: ./client ./cmd/buildctl ./worker/containerd ./solver ./frontend | |
| kinds: integration | |
| codecov_flags: core | |
| includes: | | |
| - pkg: ./... | |
| skip-integration-tests: 1 | |
| typ: integration gateway | |
| - pkg: ./client | |
| worker: containerd | |
| tags: nydus | |
| typ: integration | |
| - pkg: ./client | |
| worker: oci | |
| tags: nydus | |
| typ: integration | |
| - pkg: ./... | |
| tags: nydus | |
| skip-integration-tests: 1 | |
| typ: integration | |
| - pkg: ./cache/remotecache/gha | |
| worker: oci | |
| typ: integration | |
| govulncheck: | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| # same as global permission | |
| contents: read | |
| # required to write sarif report | |
| security-events: write | |
| steps: | |
| - | |
| name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| version: ${{ env.SETUP_BUILDX_VERSION }} | |
| driver-opts: image=${{ env.SETUP_BUILDKIT_IMAGE }} | |
| buildkitd-flags: --debug | |
| - | |
| name: Run | |
| uses: docker/bake-action@v6 | |
| with: | |
| targets: govulncheck | |
| env: | |
| GOVULNCHECK_FORMAT: sarif | |
| - | |
| name: Upload SARIF report | |
| if: ${{ github.ref == 'refs/heads/master' && github.repository == 'moby/buildkit' }} | |
| uses: github/codeql-action/upload-sarif@v4 | |
| with: | |
| sarif_file: ${{ env.DESTDIR }}/govulncheck.out | |
| image-prepare: | |
| runs-on: ubuntu-24.04 | |
| outputs: | |
| includes: ${{ steps.set.outputs.includes }} | |
| steps: | |
| - | |
| name: Set outputs | |
| id: set | |
| uses: actions/github-script@v8 | |
| env: | |
| INPUT_DEFAULT-BASE: alpine | |
| INPUT_REF: ${{ github.ref }} | |
| INPUT_IMAGE-NAME: ${{ env.IMAGE_NAME }} | |
| with: | |
| script: | | |
| const defaultBase = core.getInput('default-base'); | |
| const ref = core.getInput('ref'); | |
| const imageName = core.getInput('image-name'); | |
| function getTagSuffixAndLatest(base, target) { | |
| let tagSuffix = ''; | |
| if (target) { | |
| tagSuffix += `-${target}`; | |
| } | |
| if (base && base !== defaultBase) { | |
| tagSuffix += `-${base}`; | |
| } | |
| let tagLatest = ''; | |
| if (ref && ref.startsWith('refs/tags/v')) { | |
| const version = ref.replace('refs/tags/', ''); | |
| if (/^v[0-9]+\.[0-9]+\.[0-9]+$/.test(version)) { | |
| tagLatest = target ? target : 'latest'; | |
| if (base && base !== defaultBase) { | |
| tagLatest += `-${base}`; | |
| } | |
| } | |
| } | |
| return { tagSuffix, tagLatest }; | |
| } | |
| const matrix = [ | |
| { base: 'alpine' }, | |
| { base: 'alpine', target: 'rootless'}, | |
| { base: 'ubuntu', buildTags: 'nvidia venus' } | |
| ] | |
| for (const entry of matrix) { | |
| const { tagSuffix, tagLatest } = getTagSuffixAndLatest(entry.base, entry.target); | |
| entry.imageName = imageName; | |
| entry.tagSuffix = tagSuffix; | |
| entry.tagLatest = tagLatest; | |
| } | |
| core.info(JSON.stringify(matrix, null, 2)); | |
| core.setOutput('includes', JSON.stringify(matrix)); | |
| image: | |
| uses: docker/github-builder/.github/workflows/bake.yml@v1 | |
| needs: | |
| - image-prepare | |
| - test | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: ${{ fromJson(needs.image-prepare.outputs.includes) }} | |
| permissions: | |
| contents: read # same as global permission | |
| id-token: write # for signing attestation(s) with GitHub OIDC Token | |
| with: | |
| runner: amd64 | |
| setup-qemu: true | |
| target: image-cross | |
| cache: true | |
| cache-scope: image | |
| output: image | |
| push: ${{ github.repository == 'moby/buildkit' && (github.event_name == 'schedule' || github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v')) }} | |
| sbom: true | |
| vars: | | |
| IMAGE_TARGET=${{ matrix.target }} | |
| EXPORT_BASE=${{ matrix.base }} | |
| BUILDKITD_TAGS=${{ matrix.buildTags }} | |
| set-meta-annotations: true | |
| meta-images: | | |
| ${{ matrix.imageName }} | |
| # versioning strategy | |
| ## push semver tag v0.24.0 | |
| ### moby/buildkit:v0.24.0 | |
| ### moby/buildkit:latest | |
| ### moby/buildkit:v0.24.0-rootless | |
| ### moby/buildkit:rootless | |
| ### moby/buildkit:v0.24.0-ubuntu | |
| ### moby/buildkit:latest-ubuntu | |
| ## push semver prerelease tag v0.24.0-rc1 | |
| ### moby/buildkit:v0.24.0-rc1 | |
| ### moby/buildkit:v0.24.0-rc1-rootless | |
| ### moby/buildkit:v0.24.0-rc1-ubuntu | |
| ## push on master | |
| ### moby/buildkit:master | |
| ### moby/buildkit:master-rootless | |
| ### moby/buildkit:master-ubuntu | |
| ## scheduled event on master | |
| ### moby/buildkit:nightly | |
| ### moby/buildkit:nightly-rootless | |
| ### moby/buildkit:nightly-ubuntu | |
| meta-tags: | | |
| type=schedule,pattern=nightly,suffix=${{ matrix.tagSuffix }} | |
| type=ref,event=branch,suffix=${{ matrix.tagSuffix }} | |
| type=ref,event=pr,suffix=${{ matrix.tagSuffix }} | |
| type=semver,pattern={{raw}},suffix=${{ matrix.tagSuffix }} | |
| type=raw,value=${{ matrix.tagLatest }} | |
| meta-flavor: | | |
| latest=false | |
| meta-annotations: | | |
| org.opencontainers.image.title=BuildKit | |
| org.opencontainers.image.vendor=Moby | |
| meta-bake-target: meta-helper | |
| secrets: | |
| registry-auths: | | |
| - registry: docker.io | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| scout: | |
| runs-on: ubuntu-24.04 | |
| if: ${{ github.ref == 'refs/heads/master' && github.repository == 'moby/buildkit' }} | |
| permissions: | |
| # same as global permission | |
| contents: read | |
| # required to write sarif report | |
| security-events: write | |
| needs: | |
| - image | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| tag: | |
| - master | |
| - master-rootless | |
| steps: | |
| - | |
| name: Checkout | |
| uses: actions/checkout@v6 | |
| - | |
| name: Login to DockerHub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - | |
| name: Scout | |
| id: scout | |
| uses: crazy-max/.github/.github/actions/docker-scout@ccae1c98f1237b5c19e4ef77ace44fa68b3bc7e4 | |
| with: | |
| version: ${{ env.SCOUT_VERSION }} | |
| format: sarif | |
| image: registry://${{ env.IMAGE_NAME }}:${{ matrix.tag }} | |
| - | |
| name: Result output | |
| run: | | |
| jq . ${{ steps.scout.outputs.result-file }} | |
| - | |
| name: Upload SARIF report | |
| uses: github/codeql-action/upload-sarif@v4 | |
| with: | |
| sarif_file: ${{ steps.scout.outputs.result-file }} | |
| release: | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| # required to create GitHub release | |
| contents: write | |
| needs: | |
| - test | |
| - binaries-finalize | |
| - image | |
| steps: | |
| - | |
| name: Download release binaries | |
| uses: actions/download-artifact@v7 | |
| with: | |
| path: ${{ env.DESTDIR }} | |
| name: buildkit-release | |
| - | |
| name: GitHub Release | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| draft: true | |
| files: ${{ env.DESTDIR }}/* |