build-push-action/.github/workflows/.e2e-run.yml

# reusable workflow
name: .e2e-run

on:
  workflow_call:
    inputs:
      id:
        required: false
        type: string
      type:
        required: true
        type: string
      name:
        required: true
        type: string
      registry:
        required: false
        type: string
      slug:
        required: false
        type: string
      username_secret:
        required: false
        type: string
      password_secret:
        required: false
        type: string
      cache:
        required: false
        type: string
        default: registry

env:
  HARBOR_VERSION: v2.13.2
  NEXUS_VERSION: 3.47.1
  DISTRIBUTION_VERSION: 3.0.0

jobs:
  run:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        include:
          -
            buildx_version: edge
            buildkit_image: moby/buildkit:latest
          -
            buildx_version: latest
            buildkit_image: moby/buildkit:buildx-stable-1
          -
            buildx_version: https://github.com/docker/buildx.git#master
            buildkit_image: crazymax/buildkit:6200
    steps:
      -
        name: Checkout
        uses: actions/checkout@v5
      -
        name: Set up env
        if: inputs.type == 'local'
        run: |
          cat ./.github/e2e/${{ inputs.id }}/env >> $GITHUB_ENV
      -
        name: Set up outputs
        uses: actions/github-script@v8
        env:
          INPUT_SLUG: ${{ env.REGISTRY_SLUG || inputs.slug }}
          INPUT_CACHE: ${{ inputs.cache }}
        with:
          script: |
            const inpSlug = core.getInput('slug');
            const inpCache = core.getInput('cache');
            if (inpCache === 'registry') {
              core.exportVariable('CACHE_FROM', `type=registry,ref=${inpSlug}:master`);
              core.exportVariable('CACHE_TO', 'type=inline');
            } else if (inpCache === 's3') {
              const cacheName = inpSlug.replace(/[^a-zA-Z0-9]/g, '-').toLowerCase();
              core.exportVariable('CACHE_FROM', `type=s3,region=us-east-2,bucket=buildkit-s3-cache-test,name=${cacheName}`);
              core.exportVariable('CACHE_TO', `type=s3,region=us-east-2,bucket=buildkit-s3-cache-test,name=${cacheName}`);
            }
      -
        name: Set up BuildKit config
        run: |
          touch /tmp/buildkitd.toml
          if [ "${{ inputs.type }}" = "local" ]; then
            echo -e "[registry.\"${{ env.REGISTRY_FQDN }}\"]\nhttp = true\ninsecure = true" > /tmp/buildkitd.toml
          fi
      -
        name: Set up Docker daemon
        if: inputs.type == 'local'
        run: |
          if [ ! -e /etc/docker/daemon.json ]; then
            echo '{}' | sudo tee /etc/docker/daemon.json >/dev/null
          fi
          DOCKERD_CONFIG=$(jq '.+{"insecure-registries":["http://${{ env.REGISTRY_FQDN }}"]}' /etc/docker/daemon.json)
          sudo tee /etc/docker/daemon.json <<<"$DOCKERD_CONFIG" >/dev/null
          cat /etc/docker/daemon.json
          sudo service docker restart
      -
        name: Install ${{ inputs.name }}
        if: inputs.type == 'local'
        run: |
          sudo -E bash ./.github/e2e/${{ inputs.id }}/install.sh
          sudo chown $(id -u):$(id -g) -R ~/.docker
      -
        name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.REGISTRY_SLUG || inputs.slug }}
          tags: |
            type=ref,event=branch,enable=${{ matrix.buildx_version == 'latest' && matrix.buildkit_image == 'moby/buildkit:buildx-stable-1' }}
            type=ref,event=tag,enable=${{ matrix.buildx_version == 'latest' && matrix.buildkit_image == 'moby/buildkit:buildx-stable-1' }}
            type=raw,gh-runid-${{ github.run_id }}
      -
        name: Set up QEMU
        uses: docker/setup-qemu-action@v3
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          version: ${{ matrix.buildx_version }}
          buildkitd-config: /tmp/buildkitd.toml
          buildkitd-flags: --debug --allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host
          driver-opts: |
            image=${{ matrix.buildkit_image }}
            network=host
      -
        name: Login to Registry
        if: github.event_name != 'pull_request' && (env.REGISTRY_USER || inputs.username_secret) != ''
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY_FQDN || inputs.registry }}
          username: ${{ env.REGISTRY_USER || secrets[inputs.username_secret] }}
          password: ${{ env.REGISTRY_PASSWORD || secrets[inputs.password_secret] }}
      -
        name: Build and push
        uses: ./
        with:
          context: ./test
          file: ./test/multi.Dockerfile
          platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          cache-from: ${{ env.CACHE_FROM }}
          cache-to: ${{ env.CACHE_TO }}
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_S3_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_S3_SECRET_ACCESS_KEY }}
          AWS_SESSION_TOKEN: ${{ secrets.AWS_S3_SESSION_TOKEN }}
      -
        name: Inspect image
        run: |
          docker pull ${{ env.REGISTRY_SLUG || inputs.slug }}:${{ steps.meta.outputs.version }}
          docker image inspect ${{ env.REGISTRY_SLUG || inputs.slug }}:${{ steps.meta.outputs.version }}
      -
        name: Check manifest
        run: |
          docker buildx imagetools inspect ${{ env.REGISTRY_SLUG || inputs.slug }}:${{ steps.meta.outputs.version }} --format '{{json .}}'