@@ -445,49 +445,48 @@ jobs:
445445 name : Build Docker Image
446446 runs-on : ubuntu-latest
447447
448- permissions :
449- contents : read
450- packages : write
451-
452448 strategy :
453449 matrix :
454450 image_name : ${{ fromJson(needs.build-setup.outputs.image_names) }}
455451
456452 env :
457453 PLATFORMS : " ${{ join(fromJson(needs.build-setup.outputs.platforms), ',') }}"
454+ DOCKER_IMAGE : " ghcr.io/getsentry/${{ matrix.image_name }}"
455+ REVISION : " ${{ github.event.pull_request.head.sha || github.sha }}"
458456
459457 steps :
460458 - uses : actions/checkout@v4
461459
460+ - uses : docker/setup-qemu-action@v3
461+ - uses : docker/setup-buildx-action@v3
462+
462463 - uses : actions/download-artifact@v5
463464 with :
464465 pattern : " ${{ matrix.image_name }}@*"
465466 merge-multiple : true
466467
467468 - name : Build and push to ghcr.io
468469 if : " !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]'"
469- uses : getsentry/action-build-and-push-images@a53f146fc1ea3cb404f2dcf7378f5b60dd98d3ca
470- with :
471- image_name : ${{ matrix.image_name }}
472- platforms : ${{ env.PLATFORMS }}
473- dockerfile_path : " ./Dockerfile.release "
474- ghcr : true
475- tag_nightly : true
476- tag_latest : true
477- google_ar : false
478- publish_on_pr : true
470+ run : |
471+ docker login --username '${{ github.actor }}' --password '${{ secrets.GITHUB_TOKEN }}' ghcr.io
472+
473+ docker buildx build \
474+ --platform "${PLATFORMS}" \
475+ --tag "${DOCKER_IMAGE}:${REVISION}" \
476+ $( [[ "${IS_MASTER}" == " true" ]] && printf %s "--tag ${DOCKER_IMAGE}:nightly" ) \
477+ --file Dockerfile.release \
478+ --push \
479+ .
479480
480481name : Build and publish docker artifact
481482 if : " github.event.pull_request.head.repo.fork || github.actor == 'dependabot[bot]'"
482- uses : getsentry/action-build-and-push-images@a53f146fc1ea3cb404f2dcf7378f5b60dd98d3ca
483- with :
484- image_name : ${{ matrix.image_name }}
485- platforms : ${{ env.PLATFORMS }}
486- dockerfile_path : " ./Dockerfile.release"
487- ghcr : false
488- google_ar : false
489- outputs : " type=docker,dest=${{ matrix.image_name }}-docker-image"
490- tags : " ghcr.io/getsentry/${{ matrix.image_name }}:${{ github.event.pull_request.head.sha || github.sha }}"
483+ run : |
484+ docker buildx build \
485+ --platform "${PLATFORMS}" \
486+ --tag "${DOCKER_IMAGE}:${REVISION}" \
487+ --file Dockerfile.release \
488+ --output type=docker,dest=${{ matrix.image_name }}-docker-image \
489+ .
491490
492491name : Upload docker image
493492 if : " github.event.pull_request.head.repo.fork || github.actor == 'dependabot[bot]'"
@@ -522,6 +521,21 @@ jobs:
522521 steps :
523522 - uses : actions/checkout@v4
524523
524+ - uses : docker/setup-qemu-action@v3
525+ - uses : docker/setup-buildx-action@v3
526+
527+ # Logic taken from: publish-to-gcr
528+ - name : Google Auth
529+ id : auth
530+ uses : google-github-actions/auth@v2
531+ with :
532+ workload_identity_provider : projects/868781662168/locations/global/workloadIdentityPools/prod-github/providers/github-oidc-pool
533+ service_account :
[email protected] 534+
535+ - name : Configure docker
536+ run : |
537+ gcloud auth configure-docker us-central1-docker.pkg.dev
538+
525539# Logic taken from: build-docker
526540 - uses : actions/download-artifact@v5
527541 with :
@@ -539,19 +553,48 @@ jobs:
539553 done
540554
541555name : Build and push to Internal AR
542- uses : getsentry/action-build-and-push-images@a53f146fc1ea3cb404f2dcf7378f5b60dd98d3ca
543- with :
544- image_name : ${{ matrix.image_name }}
545- platforms : ${{ env.PLATFORMS }}
546- dockerfile_path : " ./Dockerfile.release"
547- ghcr : false
548- publish_on_pr : true
549- tag_latest : true
550- google_ar : true
551- google_ar_image_name : ${{ env.AR_DOCKER_IMAGE }}
552- google_workload_identity_provider : projects/868781662168/locations/global/workloadIdentityPools/prod-github/providers/github-oidc-pool
553- google_service_account :
[email protected] 556+ run : |
557+ docker buildx build \
558+ --platform "${PLATFORMS}" \
559+ --tag "${AR_DOCKER_IMAGE}:${REVISION}" \
560+ $( [[ "${IS_MASTER}" == "true" ]] && printf %s "--tag ${AR_DOCKER_IMAGE}:latest" ) \
561+ --file Dockerfile.release \
562+ --push \
563+ .
564+
565+ publish-to-dockerhub :
566+ needs : [build-setup, build-docker]
567+
568+ runs-on : ubuntu-22.04
569+ name : Publish Relay to DockerHub
570+
571+ strategy :
572+ matrix :
573+ image_name : ["relay"] # Don't publish relay-pop (for now)
574+
575+ if : github.event_name == 'merge_group'
576+
577+ env :
578+ GHCR_DOCKER_IMAGE : " ghcr.io/getsentry/${{ matrix.image_name }}"
579+ DH_DOCKER_IMAGE : " getsentry/${{ matrix.image_name }}"
580+ REVISION : " ${{ github.event.pull_request.head.sha || github.sha }}"
581+
582+ steps :
583+ - name : Login to DockerHub
584+ run : docker login --username=sentrybuilder --password ${{ secrets.DOCKER_HUB_RW_TOKEN }}
585+
586+ - name : Copy Image from GHCR to DockerHub
587+ run : |
588+ # We push 3 tags to Dockerhub:
589+ # 1) the full sha of the commit
590+ docker buildx imagetools create --tag "${DH_DOCKER_IMAGE}:${REVISION}" "${GHCR_DOCKER_IMAGE}:${REVISION}"
591+
592+ # 2) the short sha
593+ SHORT_SHA=$(echo ${GITHUB_SHA} | cut -c1-8)
594+ docker buildx imagetools create --tag "${DH_DOCKER_IMAGE}:${SHORT_SHA}" "${GHCR_DOCKER_IMAGE}:${REVISION}"
554595
596+ # 3) nightly
597+ docker buildx imagetools create --tag "${DH_DOCKER_IMAGE}:nightly" "${GHCR_DOCKER_IMAGE}:${REVISION}"
555598
556599publish-to-gcr :
557600 timeout-minutes : 5
0 commit comments