name: Docker Images Builder on: workflow_dispatch: inputs: gh_ref: description: 'Name of the branch or ref' type: string required: true default: 'develop' workflow_call: inputs: gh_ref: description: 'Name of the branch or ref' type: string required: true default: 'develop' jobs: build-and-push: name: Build and Push Penpot Docker Images runs-on: penpot-runner-02 steps: - name: Set common environment variables run: | # Each job execution will use its own docker configuration. echo "DOCKER_CONFIG=${{ runner.temp }}/.docker-${{ github.run_id }}-${{ github.job }}" >> $GITHUB_ENV - name: Checkout code uses: actions/checkout@v4 with: fetch-depth: 0 ref: ${{ inputs.gh_ref }} - name: Extract some useful variables id: vars run: | echo "gh_ref=${{ inputs.gh_ref || github.ref_name }}" >> $GITHUB_OUTPUT - name: Download Penpot Bundles id: bundles env: FILE_NAME: penpot-${{ steps.vars.outputs.gh_ref }}.zip AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }} run: | tmp=$(aws s3api head-object \ --bucket ${{ secrets.S3_BUCKET }} \ --key "$FILE_NAME" \ --query 'Metadata."bundle-version"' \ --output text) echo "bundle_version=$tmp" >> $GITHUB_OUTPUT pushd docker/images aws s3 cp s3://${{ secrets.S3_BUCKET }}/$FILE_NAME . unzip $FILE_NAME > /dev/null mv penpot/backend bundle-backend mv penpot/frontend bundle-frontend mv penpot/exporter bundle-exporter mv penpot/storybook bundle-storybook mv penpot/mcp bundle-mcp popd - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Login to Docker Registry uses: docker/login-action@v3 with: registry: ${{ secrets.DOCKER_REGISTRY }} username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} # To avoid the β€œ429 Too Many Requests” error when downloading # images from DockerHub for unregistered users. # https://docs.docker.com/docker-hub/usage/ - name: Login to DockerHub Registry uses: docker/login-action@v3 with: username: ${{ secrets.PUB_DOCKER_USERNAME }} password: ${{ secrets.PUB_DOCKER_PASSWORD }} - name: Extract metadata (tags, labels) id: meta uses: docker/metadata-action@v5 with: images: frontend backend exporter storybook mcp labels: | bundle_version=${{ steps.bundles.outputs.bundle_version }} - name: Build and push Backend Docker image uses: docker/build-push-action@v6 env: DOCKER_IMAGE: 'backend' BUNDLE_PATH: './bundle-backend' with: context: ./docker/images/ file: ./docker/images/Dockerfile.backend platforms: linux/amd64,linux/arm64 push: true tags: ${{ secrets.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE }}:${{ steps.vars.outputs.gh_ref }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=registry,ref=${{ secrets.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE }}:buildcache cache-to: type=registry,ref=${{ secrets.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE }}:buildcache,mode=max - name: Build and push Frontend Docker image uses: docker/build-push-action@v6 env: DOCKER_IMAGE: 'frontend' BUNDLE_PATH: './bundle-frontend' with: context: ./docker/images/ file: ./docker/images/Dockerfile.frontend platforms: linux/amd64,linux/arm64 push: true tags: ${{ secrets.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE }}:${{ steps.vars.outputs.gh_ref }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=registry,ref=${{ secrets.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE }}:buildcache cache-to: type=registry,ref=${{ secrets.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE }}:buildcache,mode=max - name: Build and push Exporter Docker image uses: docker/build-push-action@v6 env: DOCKER_IMAGE: 'exporter' BUNDLE_PATH: './bundle-exporter' with: context: ./docker/images/ file: ./docker/images/Dockerfile.exporter platforms: linux/amd64,linux/arm64 push: true tags: ${{ secrets.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE }}:${{ steps.vars.outputs.gh_ref }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=registry,ref=${{ secrets.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE }}:buildcache cache-to: type=registry,ref=${{ secrets.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE }}:buildcache,mode=max - name: Build and push Storybook Docker image uses: docker/build-push-action@v6 env: DOCKER_IMAGE: 'storybook' BUNDLE_PATH: './bundle-storybook' with: context: ./docker/images/ file: ./docker/images/Dockerfile.storybook platforms: linux/amd64,linux/arm64 push: true tags: ${{ secrets.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE }}:${{ steps.vars.outputs.gh_ref }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=registry,ref=${{ secrets.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE }}:buildcache cache-to: type=registry,ref=${{ secrets.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE }}:buildcache,mode=max - name: Build and push MCP Docker image uses: docker/build-push-action@v6 env: DOCKER_IMAGE: 'mcp' BUNDLE_PATH: './bundle-mcp' with: context: ./docker/images/ file: ./docker/images/Dockerfile.mcp platforms: linux/amd64,linux/arm64 push: true tags: ${{ secrets.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE }}:${{ steps.vars.outputs.gh_ref }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=registry,ref=${{ secrets.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE }}:buildcache cache-to: type=registry,ref=${{ secrets.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE }}:buildcache,mode=max - name: Notify Mattermost if: failure() uses: mattermost/action-mattermost-notify@master with: MATTERMOST_WEBHOOK_URL: ${{ secrets.MATTERMOST_WEBHOOK }} MATTERMOST_CHANNEL: bot-alerts-cicd TEXT: | ❌ 🐳 *[PENPOT] Error building penpot docker images.* πŸ“„ Triggered from ref: `${{ steps.vars.outputs.gh_ref }}` πŸ“¦ Bundle: `${{ steps.bundles.outputs.bundle_version }}` πŸ”— Run: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} @infra