.github/actions/docker/action.yaml - cobalt - Git at Google

 name: Docker Image Build
 description: Builds Cobalt build docker images.
 inputs:
   docker_service:
     description: "Docker compose service."
     required: true
   docker_image:
     description: "Docker image name."
     required: true

 runs:
   using: "composite"
   steps:
     - name: Rename Limit
       run: git config diff.renameLimit 999999
       shell: bash
     - name: Get docker file changes
       id: changed-files
       uses: tj-actions/changed-files@2d756ea4c53f7f6b397767d8723b3a10a9f35bf2 # v44
       with:
         files_ignore: third_party/**
         files: |
           docker-compose.yml
           docker/linux/**
           .github/actions/docker/**
     - name: Retrieve Docker metadata
       id: meta
       uses: docker/metadata-action@507c2f2dc502c992ad446e3d7a5dfbe311567a96 # v4.3.0
       with:
         images: ${{env.REGISTRY}}/${{github.repository}}/${{inputs.docker_image}}
         tags: |
           type=ref,event=branch
           type=ref,event=tag
           type=ref,event=pr
     - name: Set Docker Tag
       id: set-docker-tag
       run: |
         set -x
         docker_tag="${{ steps.meta.outputs.tags }}"
         docker_tag="${docker_tag%.1[+,-]}"
         echo "DOCKER_TAG=${docker_tag}" >> $GITHUB_ENV
       shell: bash
     # We need to set docker tag properly for pull requests.  In those scenarios where no docker related files
     # were changed we need to use an existing image (e.g. main).  In cases where docker image is rebuilt we have
     # to use tag generated by the image build.
     - name: Retrieve Docker metadata for PR
       id: pr-meta
       uses: docker/metadata-action@507c2f2dc502c992ad446e3d7a5dfbe311567a96 # v4.3.0
       with:
         images: ${{env.REGISTRY}}/${{github.repository}}/${{inputs.docker_image}}
         tags: type=raw,value=${{ github.base_ref }}
     - name: Set Docker Tag
       id: set-docker-tag-presubmit-non-fork
       env:
         REPO: ${{ github.repository }}
       if: ${{ (steps.changed-files.outputs.any_changed == 'false') && (github.event_name == 'pull_request') }}
       run: |
         set -x
         docker_tag="${{ steps.pr-meta.outputs.tags }}"
         docker_tag="${docker_tag%.1[+,-]}"
         echo "DOCKER_TAG=${docker_tag}" >> $GITHUB_ENV
       shell: bash
     - name: Set up Cloud SDK
       if: ${{ (steps.changed-files.outputs.any_changed == 'true') && (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.fork) }}
       uses: isarkis/setup-gcloud@40dce7857b354839efac498d3632050f568090b6 # v1.1.1
     - name: Set Docker Tag
       id: set-docker-tag-presubmit-fork
       env:
         GITHUB_EVENT_NUMBER: ${{ github.event.number }}
       if: ${{ (steps.changed-files.outputs.any_changed == 'true') && (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.fork) }}
       run: |
         # Need to login to GCR to be able to push images created by fork based PR workflows.
         PROJECT_NAME=$(gcloud config get-value project)
         METADATA="http://metadata.google.internal./computeMetadata/v1"
         SVC_ACCT="${METADATA}/instance/service-accounts/default"
         ACCESS_TOKEN=$(curl -H 'Metadata-Flavor: Google' ${SVC_ACCT}/token | cut -d'"' -f 4)
         printf ${ACCESS_TOKEN} | docker login -u oauth2accesstoken --password-stdin https://gcr.io
         echo "DOCKER_TAG=gcr.io/${PROJECT_NAME}/${{inputs.docker_image}}:pr-${GITHUB_EVENT_NUMBER}" >> $GITHUB_ENV
       shell: bash
     - name: Process Docker metadata
       id: process-docker-metadata
       run: |
         set -x
         set +e
         docker manifest inspect $DOCKER_TAG > /dev/null
         if [[ $? -ne 0 || ${{ steps.changed-files.outputs.any_changed }} == 'true' ]]; then
           echo "need_to_build=true" >> $GITHUB_ENV
         else
           echo "need_to_build=false" >> $GITHUB_ENV
         fi
       shell: bash
     - name: Build containers with Docker Compose
       id: build-image
       if: env.need_to_build == 'true'
       env:
         SERVICE: ${{inputs.docker_service}}
       shell: bash
       run: |
         set -xue
         DOCKER_BUILDKIT=0 docker compose -f docker-compose.yml up --build --no-start "${SERVICE}"
     - name: Tag images
       id: tag-images
       if: env.need_to_build == 'true'
       run: docker tag ${{inputs.docker_image}} $DOCKER_TAG
       shell: bash
     - name: Push images
       id: push-image
       if: env.need_to_build == 'true'
       run: docker push ${DOCKER_TAG}
       shell: bash
	name: Docker Image Build
	description: Builds Cobalt build docker images.
	inputs:
	docker_service:
	description: "Docker compose service."
	required: true
	docker_image:
	description: "Docker image name."
	required: true

	runs:
	using: "composite"
	steps:
	- name: Rename Limit
	run: git config diff.renameLimit 999999
	shell: bash
	- name: Get docker file changes
	id: changed-files
	uses: tj-actions/changed-files@2d756ea4c53f7f6b397767d8723b3a10a9f35bf2 # v44
	with:
	files_ignore: third_party/**
	files: \|
	docker-compose.yml
	docker/linux/**
	.github/actions/docker/**
	- name: Retrieve Docker metadata
	id: meta
	uses: docker/metadata-action@507c2f2dc502c992ad446e3d7a5dfbe311567a96 # v4.3.0
	with:
	images: ${{env.REGISTRY}}/${{github.repository}}/${{inputs.docker_image}}
	tags: \|
	type=ref,event=branch
	type=ref,event=tag
	type=ref,event=pr
	- name: Set Docker Tag
	id: set-docker-tag
	run: \|
	set -x
	docker_tag="${{ steps.meta.outputs.tags }}"
	docker_tag="${docker_tag%.1[+,-]}"
	echo "DOCKER_TAG=${docker_tag}" >> $GITHUB_ENV
	shell: bash
	# We need to set docker tag properly for pull requests. In those scenarios where no docker related files
	# were changed we need to use an existing image (e.g. main). In cases where docker image is rebuilt we have
	# to use tag generated by the image build.
	- name: Retrieve Docker metadata for PR
	id: pr-meta
	uses: docker/metadata-action@507c2f2dc502c992ad446e3d7a5dfbe311567a96 # v4.3.0
	with:
	images: ${{env.REGISTRY}}/${{github.repository}}/${{inputs.docker_image}}
	tags: type=raw,value=${{ github.base_ref }}
	- name: Set Docker Tag
	id: set-docker-tag-presubmit-non-fork
	env:
	REPO: ${{ github.repository }}
	if: ${{ (steps.changed-files.outputs.any_changed == 'false') && (github.event_name == 'pull_request') }}
	run: \|
	set -x
	docker_tag="${{ steps.pr-meta.outputs.tags }}"
	docker_tag="${docker_tag%.1[+,-]}"
	echo "DOCKER_TAG=${docker_tag}" >> $GITHUB_ENV
	shell: bash
	- name: Set up Cloud SDK
	if: ${{ (steps.changed-files.outputs.any_changed == 'true') && (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.fork) }}
	uses: isarkis/setup-gcloud@40dce7857b354839efac498d3632050f568090b6 # v1.1.1
	- name: Set Docker Tag
	id: set-docker-tag-presubmit-fork
	env:
	GITHUB_EVENT_NUMBER: ${{ github.event.number }}
	if: ${{ (steps.changed-files.outputs.any_changed == 'true') && (github.event_name == 'pull_request') && (github.event.pull_request.head.repo.fork) }}
	run: \|
	# Need to login to GCR to be able to push images created by fork based PR workflows.
	PROJECT_NAME=$(gcloud config get-value project)
	METADATA="http://metadata.google.internal./computeMetadata/v1"
	SVC_ACCT="${METADATA}/instance/service-accounts/default"
	ACCESS_TOKEN=$(curl -H 'Metadata-Flavor: Google' ${SVC_ACCT}/token \| cut -d'"' -f 4)
	printf ${ACCESS_TOKEN} \| docker login -u oauth2accesstoken --password-stdin https://gcr.io
	echo "DOCKER_TAG=gcr.io/${PROJECT_NAME}/${{inputs.docker_image}}:pr-${GITHUB_EVENT_NUMBER}" >> $GITHUB_ENV
	shell: bash
	- name: Process Docker metadata
	id: process-docker-metadata
	run: \|
	set -x
	set +e
	docker manifest inspect $DOCKER_TAG > /dev/null
	if [[ $? -ne 0 \|\| ${{ steps.changed-files.outputs.any_changed }} == 'true' ]]; then
	echo "need_to_build=true" >> $GITHUB_ENV
	else
	echo "need_to_build=false" >> $GITHUB_ENV
	fi
	shell: bash
	- name: Build containers with Docker Compose
	id: build-image
	if: env.need_to_build == 'true'
	env:
	SERVICE: ${{inputs.docker_service}}
	shell: bash
	run: \|
	set -xue
	DOCKER_BUILDKIT=0 docker compose -f docker-compose.yml up --build --no-start "${SERVICE}"
	- name: Tag images
	id: tag-images
	if: env.need_to_build == 'true'
	run: docker tag ${{inputs.docker_image}} $DOCKER_TAG
	shell: bash
	- name: Push images
	id: push-image
	if: env.need_to_build == 'true'
	run: docker push ${DOCKER_TAG}
	shell: bash