CI: create a reusable build workflow

1 files changed, 88 insertions, 0 deletions

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
new file mode 100644
index 0000000..172d905
--- /dev/null
+++ b/.github/workflows/build.yaml
@@ -0,0 +1,88 @@
+name: Build image
+
+on:
+  workflow_call:
+    outputs:
+      tag:
+        description: The tag used for the built image
+        value: ${{ jobs.build.outputs.tag }}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    outputs:
+      tag: ${{ steps.sha_tag.outputs.tag }}
+
+    steps:
+      # Create a short SHA with which to tag built images.
+      - name: Create SHA Container Tag
+        id: sha_tag
+        run: |
+          tag=$(cut -c 1-7 <<< $GITHUB_SHA)
+          echo "::set-output name=tag::$tag"
+
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      # The current version (v2) of Docker's build-push action uses buildx,
+      # which comes with BuildKit. It has cache features which can speed up
+      # the builds. See https://github.com/docker/build-push-action
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN  }}
+
+      # Create a local cache directory for PR builds, as the image built for
+      # PRs may start to deviate from the "latest" image currently in GHCR.
+      #
+      # Because the cache is scoped to the branch, it will not be available
+      # on the main branch when the PR is merged. Furthermore, using this cache
+      # on main is redundant since the previous build's images are already
+      # cached on GHCR. Thus, this step is only used for PRs.
+      - name: Cache image layers
+        if: github.event_name == 'pull_request'
+        uses: actions/cache@v2
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-v0-buildx-${{ github.ref }}-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-v0-buildx-${{ github.ref }}-
+
+      # Build the "DEV" version of the image, which targets the `venv` stage
+      # and includes development dependencies.
+      #
+      # Include an inline cache manifest in the image to support caching from
+      # GHCR. This enables subsequent builds to pull reusable layers from GHCR.
+      - name: Build image for linting and testing
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./Dockerfile
+          push: false
+          load: true
+          target: venv
+          build-args: DEV=1
+          cache-from: |
+            type=local,src=/tmp/.buildx-cache
+            ghcr.io/python-discord/snekbox-base:latest
+            ghcr.io/python-discord/snekbox-venv:latest
+          cache-to: type=local,dest=/tmp/.buildx-cache,mode=max
+          tags: ghcr.io/python-discord/snekbox-venv:${{ steps.sha_tag.outputs.tag }}
+
+      # Make the image available as an artefact so other jobs will be able to
+      # download it.
+      - name: Save image as a tar archive
+        run: docker save -o image_artefact_snekbox-venv.tar snekbox-venv
+
+      - name: Upload image archive as an artefact
+        uses: actions/upload-artifact@v2
+        with:
+          name: image_artefact_snekbox-venv_${{ steps.sha_tag.outputs.tag }}
+          path: image_artefact_snekbox-venv.tar
+          retention-days: 1  # It's only needed for the duration of the workflow.
+          if-no-files-found: error