ci: cloud builder test

.github/workflows/bake-publish-cloud-builder.yaml

@@ -0,0 +1,145 @@
+---
+  # This is a reusable workflow for building and publishing Docker images
+  # using a bake file and building using Docker Cloud Builder
+
+  name: Simple Bake & Publish
+  on:
+    workflow_call:
+      inputs:
+        file:
+          description: 'The file name of the bake file to use. If not provided will use default.'
+          type: string
+          default: 'docker-bake.hcl'
+          required: false
+        group:
+          description: 'Group to use from the bake file.'
+          type: string
+          default: ''
+          required: true
+        registry:
+          description: 'The container registry to use.'
+          type: string
+          default: 'ghcr.io'
+          required: false
+        organization:
+          description: 'The organization to use for the docker image'
+          type: string
+          required: true
+      secrets:
+        username:
+          description: 'Username for the docker registry'
+          required: true
+        token:
+          description: 'PAT for the docker registry'
+          required: true
+        endpoint:
+          description: 'The endpoint for the docker cloud builder'
+          required: true
+
+  jobs:
+    # Generate a matrix based on all the targets defined in the
+    # bake file. The reason for this is to parallelize the build
+    # process and allow for docker layer caching to be saved
+    # for each, otherwise they would overwrite the same cache.
+    targets:
+      name: Generate targets list from provided bake file
+      runs-on: ubuntu-22.04
+      outputs:
+        targets: ${{ steps.generate.outputs.targets }}
+
+      steps:
+        # 1.1 - checkout the files
+        - name: Checkout
+          uses: actions/checkout@v4
+
+        # 1.2 - Generate a matrix output of all the targets for the specified group
+        - name: List targets
+          id: generate
+          uses: docker/bake-action/subaction/[email protected]
+          with:
+            target: ${{ inputs.group }}
+            files: ${{ inputs.file }}
+
+        # 1.3 (optional) - output the generated target list for verification
+        - name: Show matrix
+          run: |
+            echo ${{ steps.generate.outputs.targets }}
+  
+    build-push:
+      # NOTE: this name is used for waiting on in the retag workflow
+      name: build-bake-push
+      runs-on: ubuntu-22.04
+      permissions:
+        packages: write
+        contents: read
+      # this job depends on the 'targets' job
+      needs:
+        - targets
+
+      # 2.0 - Build a matrix strategy from the retrieved target list
+      strategy:
+        fail-fast: true
+        matrix:
+          target: ${{ fromJson(needs.targets.outputs.targets) }}
+
+      steps:
+        # 2.1 - Checkout the repository
+        - name: Checkout the repository
+          uses: actions/checkout@v4
+
+        # 2.2 - Generate Image Metadata
+        # Automatically generates the defaul OCI labels that can be extended
+        # Automatically determine the version tag to use based by the following
+        # priority list:
+        #   - if tag is semantic version compliant use the version (strip prefix/suffix)
+        #   - if tagged but not semver, use tag directly
+        #   - if no tag use PR branch
+        #   - if neither of the above and is default branch then use latest
+        # NOTE: that all 3 may be generated as tags but the priority for the version
+        # to be embedded within the image label is top to bottom
+        - name: Docker meta
+          id: meta
+          uses: docker/[email protected]
+          with:
+            images: ghcr.io/${{ github.repository }}
+            tags: |
+              type=semver,pattern={{version}}
+              type=ref,event=tag
+              type=ref,event=pr
+              # set latest tag for default branch
+              type=raw,value=latest,enable={{is_default_branch}}
+
+        # 2.3 - Login against the docker registry
+        - name: Login to registry GHCR
+          uses: docker/[email protected]
+          with:
+            registry: ghcr.io
+            username: ${{ github.repository_owner }}
+            password: ${{ secrets.GITHUB_TOKEN }}
+
+        # 2.4 - Login against the Docker registry
+        - name: Login to registry Docker Cloud
+          uses: docker/[email protected]
+          with:
+            username: ${{ secrets.username }}
+            password: ${{ secrets.token }}
+
+        # 2.5 - Setup Docker BuildX for multi platform Cloud building
+        # NOTE: Experimental
+        - name: Set up Docker Buildx
+          uses: docker/[email protected]
+          with:
+            version: "lab:latest"
+            driver: cloud
+            endpoint: "${{ secrets.endpoint }}"
+
+        # 2.6 - Build Docker Images
+        - name: Build Images using BuildX Bake
+          uses: docker/[email protected]
+          with:
+            files: |
+              ${{ inputs.file }}
+              ${{ steps.meta.outputs.bake-file }}
+            targets: ${{ matrix.target }}
+            push: false
+

.github/workflows/publish-cloud-builder.yaml

@@ -0,0 +1,64 @@
+---
+# Automatically build Docker images using a cloud builder and publish them to a
+# container registry using HCL Bake file.
+
+name: Build Docker Images using Cloud Builder
+
+on:
+  # workflow_dispatch:
+  pull_request:
+    branches: ['main']
+  push:
+    branches: ['main']
+    tags: ['*']
+
+jobs:
+  bake-target:
+    name: Determine bake target
+    runs-on: ubuntu-22.04 # don't use the big runners for this small step
+    outputs:
+      target: ${{ steps.generate.outputs.bake_target }}
+    steps:
+      - name: Determine target
+        id: generate
+        run: |
+          if [[ '${{ github.event_name }}' == 'pull_request' ]]; then
+            TGT=default
+          else
+            TGT=prod
+          fi
+
+          echo "$TGT"
+          echo "bake_target=${TGT,,}" >> ${GITHUB_OUTPUT}
+
+      - name: Show Generated Target
+        run: echo ${{ steps.generate.outputs.bake_target }}
+
+  # Build and Publish all targets associated with specified group
+  bake:
+    needs:
+      - bake-target
+    uses: darpa-askem/sciml-service/.github/workflows/bake-publish-cloud-builder@cloud-builder
+    with:
+      file: 'docker/docker-bake.hcl'
+      group: ${{ needs.bake-target.outputs.target }}
+      registry: 'ghcr.io'
+      organization: ${{ github.repository_owner }}
+    secrets:
+      username: ${{ secrets.DOCKER_CLOUD_BUILD_USERNAME }}
+      token: ${{ secrets.DOCKER_CLOUD_BUILD_TOKEN }}
+      endpoint: "${{ secrets.DOCKER_CLOUD_BUILD_ENDPOINT }}"
+
+  # Execute simulation-integration reporting
+  simulation-integration:
+    runs-on: ubuntu-latest
+    needs: 
+      - bake-target
+    steps:
+      - name: Report
+        env: 
+          GITHUB_TOKEN: ${{ secrets.GHP_ACCESS_TOKEN }}
+        run: |
+          gh workflow run report.yaml --repo DARPA-ASKEM/simulation-integration --ref main
+            
+            

docker/docker-bake.hcl

@@ -36,10 +36,13 @@ group "default" {
 }
 
 # ----------------------------------------------------------------------------------------------------------------------
+# Used by the metafile GH action
+# DO NOT ADD ANYTHING HERE THIS WILL BE POPULATED DYNAMICALLY
+# MAKE SURE THIS IS INHERITED NEAR THE END SO THAT IT DOES NOT GET OVERRIDEN
+target "docker-metadata-action" {}
 
-# Removed linux/arm64 for now to ass CI build - Dec 2022
 target "_platforms" {
-  platforms = ["linux/amd64"]
+  platforms = ["linux/amd64", "linux/arm64"]
 }
 
 target "sciml-service-base" {
@@ -49,5 +52,5 @@ target "sciml-service-base" {
 }
 
 target "sciml-service" {
-  inherits = ["_platforms", "sciml-service-base"]
+  inherits = ["sciml-service-base", "docker-metadata-action", "_platforms"]
 }