fjmwkj
/
searxng
mirror of https://github.com/searxng/searxng


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249
							---
name: Container

# yamllint disable-line rule:truthy
on:
  workflow_dispatch:
  workflow_run:
    workflows:
      - Integration
    types:
      - completed
    branches:
      - master

concurrency:
  group: ${{ github.workflow }}
  cancel-in-progress: false

permissions:
  contents: read
  # Organization GHCR
  packages: read

env:
  PYTHON_VERSION: "3.13"

jobs:
  build-base:
    if: |
      (github.repository_owner == 'searxng' && github.event.workflow_run.conclusion == 'success')
      || github.event_name == 'workflow_dispatch'
    name: Build base
    runs-on: ubuntu-24.04
    permissions:
      # Organization GHCR
      packages: write

    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          persist-credentials: "false"

      - name: Get date
        id: date
        run: echo "date=$(date +'%Y%m%d')" >>$GITHUB_OUTPUT

      - name: Check cache apko
        id: cache-apko
        uses: actions/cache/restore@v4
        with:
          # yamllint disable-line rule:line-length
          key: "apko-${{ steps.date.outputs.date }}-${{ hashFiles('./container/base.yml', './container/base-builder.yml') }}"
          path: "/tmp/.apko/"
          lookup-only: true

      - if: steps.cache-apko.outputs.cache-hit != 'true'
        name: Setup cache apko
        uses: actions/cache@v4
        with:
          # yamllint disable-line rule:line-length
          key: "apko-${{ steps.date.outputs.date }}-${{ hashFiles('./container/base.yml', './container/base-builder.yml') }}"
          restore-keys: "apko-${{ steps.date.outputs.date }}-"
          path: "/tmp/.apko/"

      - if: steps.cache-apko.outputs.cache-hit != 'true'
        name: Setup apko
        run: |
          eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
          brew install apko

      - if: steps.cache-apko.outputs.cache-hit != 'true'
        name: Login to GHCR
        uses: docker/login-action@v3
        with:
          registry: "ghcr.io"
          username: "${{ github.repository_owner }}"
          password: "${{ secrets.GITHUB_TOKEN }}"

      - if: steps.cache-apko.outputs.cache-hit != 'true'
        name: Build
        run: |
          eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"

          apko publish ./container/base.yml ghcr.io/${{ github.repository_owner }}/base:searxng \
            --cache-dir=/tmp/.apko/ \
            --sbom=false \
            --vcs=false \
            --log-level=debug

          apko publish ./container/base-builder.yml ghcr.io/${{ github.repository_owner }}/base:searxng-builder \
            --cache-dir=/tmp/.apko/ \
            --sbom=false \
            --vcs=false \
            --log-level=debug

  build:
    if: github.repository_owner == 'searxng' || github.event_name == 'workflow_dispatch'
    name: Build (${{ matrix.arch }})
    runs-on: ${{ matrix.os }}
    needs: build-base
    strategy:
      fail-fast: false
      matrix:
        include:
          - arch: amd64
            os: ubuntu-24.04
            emulation: false
          - arch: arm64
            os: ubuntu-24.04-arm
            emulation: false
          - arch: armv7
            os: ubuntu-24.04-arm
            emulation: true

    permissions:
      # Organization GHCR
      packages: write

    outputs:
      version_string: ${{ steps.build.outputs.version_string }}
      version_tag: ${{ steps.build.outputs.version_tag }}
      docker_tag: ${{ steps.build.outputs.docker_tag }}
      git_url: ${{ steps.build.outputs.git_url }}
      git_branch: ${{ steps.build.outputs.git_branch }}

    steps:
      - name: Setup Python
        uses: actions/setup-python@v5
        with:
          python-version: "${{ env.PYTHON_VERSION }}"

      - name: Checkout
        uses: actions/checkout@v4
        with:
          persist-credentials: "false"

      - name: Setup cache Python
        uses: actions/cache@v4
        with:
          key: "python-${{ env.PYTHON_VERSION }}-${{ runner.arch }}-${{ hashFiles('./requirements*.txt') }}"
          restore-keys: "python-${{ env.PYTHON_VERSION }}-${{ runner.arch }}-"
          path: "./local/"

      - name: Setup cache container mounts
        uses: actions/cache@v4
        with:
          # yamllint disable-line rule:line-length
          key: "container-mounts-${{ matrix.arch }}-${{ hashFiles('./container/Dockerfile', './container/legacy/Dockerfile') }}"
          restore-keys: "container-mounts-${{ matrix.arch }}-"
          path: |
            /var/tmp/buildah-cache/
            /var/tmp/buildah-cache-*/

      - if: ${{ matrix.emulation }}
        name: Setup QEMU
        uses: docker/setup-qemu-action@v3

      - name: Login to GHCR
        uses: docker/login-action@v3
        with:
          registry: "ghcr.io"
          username: "${{ github.repository_owner }}"
          password: "${{ secrets.GITHUB_TOKEN }}"

      - name: Build
        id: build
        env:
          OVERRIDE_ARCH: "${{ matrix.arch }}"
        run: make podman.build

  test:
    name: Test (${{ matrix.arch }})
    runs-on: ${{ matrix.os }}
    needs: build
    strategy:
      fail-fast: false
      matrix:
        include:
          - arch: amd64
            os: ubuntu-24.04
            emulation: false
          - arch: arm64
            os: ubuntu-24.04-arm
            emulation: false
          - arch: armv7
            os: ubuntu-24.04-arm
            emulation: true

    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          persist-credentials: "false"

      - if: ${{ matrix.emulation }}
        name: Setup QEMU
        uses: docker/setup-qemu-action@v3

      - name: Login to GHCR
        uses: docker/login-action@v3
        with:
          registry: "ghcr.io"
          username: "${{ github.repository_owner }}"
          password: "${{ secrets.GITHUB_TOKEN }}"

      - name: Test
        env:
          OVERRIDE_ARCH: "${{ matrix.arch }}"
          GIT_URL: "${{ needs.build.outputs.git_url }}"
        run: make container.test

  release:
    if: github.repository_owner == 'searxng' && github.ref_name == 'master'
    name: Release
    runs-on: ubuntu-24.04-arm
    needs:
      - build
      - test

    permissions:
      # Organization GHCR
      packages: write

    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          persist-credentials: "false"

      - name: Login to GHCR
        uses: docker/login-action@v3
        with:
          registry: "ghcr.io"
          username: "${{ github.repository_owner }}"
          password: "${{ secrets.GITHUB_TOKEN }}"

      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          registry: "docker.io"
          username: "${{ secrets.DOCKERHUB_USERNAME }}"
          password: "${{ secrets.DOCKERHUB_TOKEN }}"

      - name: Release
        env:
          GIT_URL: "${{ needs.build.outputs.git_url }}"
          DOCKER_TAG: "${{ needs.build.outputs.docker_tag }}"
        run: make container.push