# syntax=docker/dockerfile:1 # Copyright 2023 actions-toolkit authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ARG NODE_VERSION=20 ARG DOCKER_VERSION=28.3 ARG BUILDX_VERSION=0.30.1 ARG COMPOSE_VERSION=2.39.1 ARG UNDOCK_VERSION=0.10.0 ARG REGCTL_VERSION=v0.8.2 ARG COSIGN_VERSION=v3.0.2 FROM node:${NODE_VERSION}-alpine AS base RUN apk add --no-cache cpio findutils git WORKDIR /src RUN --mount=type=bind,target=.,rw \ --mount=type=cache,target=/src/.yarn/cache <&2 'ERROR: Vendor result differs. Please vendor your package with "docker buildx bake vendor-update"' git status --porcelain -- yarn.lock exit 1 fi EOT FROM deps AS build RUN --mount=type=bind,target=.,rw \ --mount=type=cache,target=/src/.yarn/cache \ --mount=type=cache,target=/src/node_modules \ yarn run build && mkdir /out && cp -Rf lib /out/ FROM scratch AS build-update COPY --from=build /out / FROM deps AS format RUN --mount=type=bind,target=.,rw \ --mount=type=cache,target=/src/.yarn/cache \ --mount=type=cache,target=/src/node_modules \ yarn run format \ && mkdir /out && find . -name '*.ts' -not -path './node_modules/*' -not -path './.yarn/*' | cpio -pdm /out FROM scratch AS format-update COPY --from=format /out / FROM deps AS lint RUN --mount=type=bind,target=.,rw \ --mount=type=cache,target=/src/node_modules \ yarn run lint FROM dockereng/cli-bin:${DOCKER_VERSION} AS docker FROM docker/buildx-bin:${BUILDX_VERSION} AS buildx FROM docker/compose-bin:v${COMPOSE_VERSION} AS compose FROM crazymax/undock:${UNDOCK_VERSION} AS undock FROM ghcr.io/regclient/regctl:${REGCTL_VERSION} AS regctl FROM ghcr.io/sigstore/cosign/cosign:${COSIGN_VERSION} AS cosign FROM deps AS test RUN --mount=type=bind,target=.,rw \ --mount=type=cache,target=/src/.yarn/cache \ --mount=type=cache,target=/src/node_modules \ --mount=type=bind,from=docker,source=/docker,target=/usr/bin/docker \ --mount=type=bind,from=buildx,source=/buildx,target=/usr/libexec/docker/cli-plugins/docker-buildx \ --mount=type=bind,from=buildx,source=/buildx,target=/usr/bin/buildx \ --mount=type=bind,from=compose,source=/docker-compose,target=/usr/libexec/docker/cli-plugins/docker-compose \ --mount=type=bind,from=compose,source=/docker-compose,target=/usr/bin/compose \ --mount=type=bind,from=undock,source=/usr/local/bin/undock,target=/usr/bin/undock \ --mount=type=bind,from=regctl,source=/regctl,target=/usr/bin/regctl \ --mount=type=bind,from=cosign,source=/ko-app/cosign,target=/usr/bin/cosign \ --mount=type=secret,id=GITHUB_TOKEN \ GITHUB_TOKEN=$(cat /run/secrets/GITHUB_TOKEN) yarn run test:coverage --coverageDirectory=/tmp/coverage FROM scratch AS test-coverage COPY --from=test /tmp/coverage / FROM base AS publish ARG GITHUB_REF RUN --mount=type=bind,target=.,rw \ --mount=type=cache,target=/src/.yarn/cache \ --mount=type=cache,target=/src/node_modules \ --mount=type=secret,id=NODE_AUTH_TOKEN,env=NODE_AUTH_TOKEN <