Cache docker images used by CI

The alpine docker images builds quickly but if we want to use this
approach for all the ubuntu configurations as well, we might want to
cache it.

Do this by reverting dc9668c8a4 (Remove unused workflow to build
docker images, 2026-05-30), except:
- Remove "attestations" and "id-token" permissions; I'm not sure if these are necessary
- Given that our CI uses docker/docker_run_tests.sh which will always
  rebuild if necessary (i.e. only use the registry as cache), run on
  all branches, not just on master, for correctness.
- Let the builder use caching as well, I guess.

Part of #12626
This commit is contained in:
Johannes Altmanninger
2026-06-23 08:58:25 +02:00
parent 234fda7a0b
commit ddc52eb5c1
3 changed files with 61 additions and 0 deletions

View File

@@ -0,0 +1,56 @@
name: Build Docker test images
on:
push:
paths:
- 'docker/**'
workflow_dispatch:
concurrency:
group: docker-builds
env:
REGISTRY: ghcr.io
NAMESPACE: fish-ci
jobs:
docker-build:
if: github.repository_owner == 'fish-shell'
permissions:
contents: read
packages: write
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
target: alpine
runs-on: ${{ matrix.os }}
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2, build_tools/update-dependencies.sh
- name: Login to Container registry
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0, build_tools/update-dependencies.sh
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0, build_tools/update-dependencies.sh
with:
images: ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ env.NAMESPACE }}/${{ matrix.target }}
flavor: |
latest=true
- name: Build and push
uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0, build_tools/update-dependencies.sh
with:
context: docker/context
push: true
file: docker/${{ matrix.target }}.Dockerfile
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ env.NAMESPACE }}/${{ matrix.target }}:latest
cache-to: type=inline

View File

@@ -32,6 +32,9 @@ update_gh_action actions/download-artifact
update_gh_action actions/github-script
update_gh_action actions/upload-artifact
update_gh_action dessant/lock-threads
update_gh_action docker/build-push-action
update_gh_action docker/login-action
update_gh_action docker/metadata-action
update_gh_action EmbarkStudios/cargo-deny-action
update_gh_action msys2/setup-msys2
update_gh_action softprops/action-gh-release

View File

@@ -48,7 +48,9 @@ test -n "$DOCKERFILE" || usage
# Construct a docker image.
IMG_TAGNAME="ghcr.io/fish-shell/fish-ci/$(basename -s .Dockerfile "$DOCKERFILE"):latest"
docker pull "$IMG_TAGNAME" || true
docker build \
--cache-from "$IMG_TAGNAME" \
-t "$IMG_TAGNAME" \
-f "$DOCKERFILE" \
"$workspace_root"/docker/context/