admin/n8n-enterprise-unlocked
1
0
Fork 0
mirror of https://github.com/Abdulazizzn/n8n-enterprise-unlocked.git synced 2025-12-18 02:21:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Docker build and push workflow changes (no-changelog) (#17116)

Browse Source
This commit is contained in:
shortstacked
2025-07-08 14:02:08 +01:00
committed by GitHub
parent 9155ccc7e0
commit ac640605a4
1 changed files with 171 additions and 145 deletions
Download Patch File Download Diff File Expand all files Collapse all files

316
.github/workflows/docker-build-push.yml vendored
View File

@@ -1,4 +1,5 @@
# This workflow is used to build and push the Docker image for n8n # This workflow is used to build and push the Docker image for n8n
# - determine-build-context: Determines what needs to be built based on the trigger
# - build-and-push-docker: This builds on both an ARM64 and AMD64 runner so the builds are native to the platform. Uses blacksmith native runners and build-push-action # - build-and-push-docker: This builds on both an ARM64 and AMD64 runner so the builds are native to the platform. Uses blacksmith native runners and build-push-action
# - create_multi_arch_manifest: This creates the multi-arch manifest for the Docker image. Needed to recombine the images from the build-and-push-docker job since they are separate runners. # - create_multi_arch_manifest: This creates the multi-arch manifest for the Docker image. Needed to recombine the images from the build-and-push-docker job since they are separate runners.
# - security-scan: This scans the Docker image for security vulnerabilities using Trivy. # - security-scan: This scans the Docker image for security vulnerabilities using Trivy.
@@ -20,9 +21,9 @@ on:
type: string type: string
release_type: release_type:
description: 'Release type (stable, nightly, dev)' description: 'Release type (stable, nightly, dev)'
required: true required: false
type: string type: string
default: 'dev' default: 'stable'
push_enabled: push_enabled:
description: 'Whether to push the built images' description: 'Whether to push the built images'
required: false required: false
@@ -31,17 +32,7 @@ on:
workflow_dispatch: workflow_dispatch:
inputs: inputs:
release_type: push_enabled:
description: 'Release type'
required: true
type: choice
options:
- nightly
- dev
- stable
- branch
default: 'dev'
push_to_registry:
description: 'Push image to registry' description: 'Push image to registry'
required: false required: false
type: boolean type: boolean
@@ -60,27 +51,115 @@ on:
- 'docker/images/n8n/Dockerfile' - 'docker/images/n8n/Dockerfile'
jobs: jobs:
build-and-push-docker: determine-build-context:
strategy: name: Determine Build Context
matrix: runs-on: ubuntu-latest
platform: [amd64, arm64] outputs:
include: release_type: ${{ steps.context.outputs.release_type }}
- platform: amd64 n8n_version: ${{ steps.context.outputs.n8n_version }}
runner: blacksmith-4vcpu-ubuntu-2204 push_enabled: ${{ steps.context.outputs.push_enabled }}
docker_platform: linux/amd64 build_matrix: ${{ steps.matrix.outputs.matrix }}
- platform: arm64 steps:
runner: blacksmith-4vcpu-ubuntu-2204-arm - name: Determine build context values
docker_platform: linux/arm64 id: context
run: |
# Debug info
echo "Event: ${{ github.event_name }}"
echo "Ref: ${{ github.ref }}"
echo "Ref Name: ${{ github.ref_name }}"
# Check if called by another workflow (has n8n_version input)
if [[ -n "${{ inputs.n8n_version }}" ]]; then
# workflow_call - used for releases
echo "release_type=${{ inputs.release_type }}" >> $GITHUB_OUTPUT
echo "n8n_version=${{ inputs.n8n_version }}" >> $GITHUB_OUTPUT
echo "push_enabled=${{ inputs.push_enabled }}" >> $GITHUB_OUTPUT
elif [[ "${{ github.event_name }}" == "schedule" ]]; then
# Nightly builds
echo "release_type=nightly" >> $GITHUB_OUTPUT
echo "n8n_version=snapshot" >> $GITHUB_OUTPUT
echo "push_enabled=true" >> $GITHUB_OUTPUT
elif [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
# Build branches for Nathan deploy
BRANCH_NAME="${{ github.ref_name }}"
# Fallback to parsing ref if ref_name is empty
if [[ -z "$BRANCH_NAME" ]] && [[ "${{ github.ref }}" =~ ^refs/heads/(.+)$ ]]; then
BRANCH_NAME="${BASH_REMATCH[1]}"
fi
# Sanitize branch name for Docker tag
SAFE_BRANCH_NAME=$(echo "$BRANCH_NAME" | tr '/' '-' | tr -cd '[:alnum:]-_')
if [[ -z "$SAFE_BRANCH_NAME" ]]; then
echo "Error: Could not determine valid branch name"
exit 1
fi
echo "release_type=branch" >> $GITHUB_OUTPUT
echo "n8n_version=branch-${SAFE_BRANCH_NAME}" >> $GITHUB_OUTPUT
echo "push_enabled=${{ inputs.push_enabled }}" >> $GITHUB_OUTPUT
elif [[ "${{ github.event_name }}" == "pull_request" ]]; then
# Direct PR triggers for testing Dockerfile changes
echo "release_type=dev" >> $GITHUB_OUTPUT
echo "n8n_version=pr-${{ github.event.pull_request.number }}" >> $GITHUB_OUTPUT
echo "push_enabled=false" >> $GITHUB_OUTPUT
fi
# Output summary for logs
echo "=== Build Context Summary ==="
echo "Release type: $(grep release_type $GITHUB_OUTPUT | cut -d= -f2)"
echo "N8N version: $(grep n8n_version $GITHUB_OUTPUT | cut -d= -f2)"
echo "Push enabled: $(grep push_enabled $GITHUB_OUTPUT | cut -d= -f2)"
- name: Determine build matrix
id: matrix
run: |
RELEASE_TYPE="${{ steps.context.outputs.release_type }}"
# Branch builds only need AMD64, everything else needs both platforms
if [[ "$RELEASE_TYPE" == "branch" ]]; then
MATRIX='{
"platform": ["amd64"],
"include": [{
"platform": "amd64",
"runner": "blacksmith-4vcpu-ubuntu-2204",
"docker_platform": "linux/amd64"
}]
}'
else
# All other builds (stable, nightly, dev, PR) need both platforms
MATRIX='{
"platform": ["amd64", "arm64"],
"include": [{
"platform": "amd64",
"runner": "blacksmith-4vcpu-ubuntu-2204",
"docker_platform": "linux/amd64"
}, {
"platform": "arm64",
"runner": "blacksmith-4vcpu-ubuntu-2204-arm",
"docker_platform": "linux/arm64"
}]
}'
fi
# Output matrix as single line for GITHUB_OUTPUT
echo "matrix=$(echo $MATRIX | jq -c .)" >> $GITHUB_OUTPUT
echo "Build matrix: $(echo $MATRIX | jq .)"
build-and-push-docker:
name: Build App, then Build and Push Docker Image (${{ matrix.platform }}) name: Build App, then Build and Push Docker Image (${{ matrix.platform }})
needs: determine-build-context
runs-on: ${{ matrix.runner }} runs-on: ${{ matrix.runner }}
timeout-minutes: 15 timeout-minutes: 15
strategy:
matrix: ${{ fromJSON(needs.determine-build-context.outputs.build_matrix) }}
outputs: outputs:
image_ref: ${{ steps.determine-tags.outputs.primary_ghcr_manifest_tag }} image_ref: ${{ steps.determine-tags.outputs.primary_ghcr_manifest_tag }}
primary_ghcr_manifest_tag: ${{ steps.determine-tags.outputs.primary_ghcr_manifest_tag }} primary_ghcr_manifest_tag: ${{ steps.determine-tags.outputs.primary_ghcr_manifest_tag }}
push_enabled_status: ${{ steps.context.outputs.push_enabled }}
release_type: ${{ steps.context.outputs.release_type }}
n8n_version: ${{ steps.context.outputs.n8n_version }}
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -108,69 +187,11 @@ jobs:
run: pnpm build:n8n run: pnpm build:n8n
shell: bash shell: bash
- name: Determine build context values
id: context
run: |
if [[ "${{ github.event_name }}" == "workflow_call" ]]; then
# workflow_call has n8n_version input (Used in release)
echo "release_type=${{ inputs.release_type }}" >> $GITHUB_OUTPUT
echo "n8n_version=${{ inputs.n8n_version }}" >> $GITHUB_OUTPUT
echo "push_enabled=${{ inputs.push_enabled }}" >> $GITHUB_OUTPUT
elif [[ "${{ github.event_name }}" == "schedule" ]]; then
# Nightly builds, build with nightly tag/snapshot
echo "release_type=nightly" >> $GITHUB_OUTPUT
echo "n8n_version=snapshot" >> $GITHUB_OUTPUT
echo "push_enabled=true" >> $GITHUB_OUTPUT
elif [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
# Manual dispatch, used for building branches for Nathan deploy
if [[ "${{ inputs.release_type }}" == "branch" ]]; then
# Get branch name with multiple fallbacks
if [[ -n "${{ github.ref_name }}" ]]; then
BRANCH_NAME="${{ github.ref_name }}"
elif [[ "${{ github.ref }}" =~ ^refs/heads/(.+)$ ]]; then
BRANCH_NAME="${BASH_REMATCH[1]}"
else
BRANCH_NAME=$(git rev-parse --abbrev-ref HEAD || echo "unknown")
fi
SAFE_BRANCH_NAME=$(echo "$BRANCH_NAME" | tr '/' '-' | tr -cd '[:alnum:]-_')
# Ensure we have a valid branch name
if [[ -z "$SAFE_BRANCH_NAME" ]]; then
echo "Error: Could not determine branch name"
exit 1
fi
echo "release_type=branch" >> $GITHUB_OUTPUT
echo "n8n_version=branch-${SAFE_BRANCH_NAME}" >> $GITHUB_OUTPUT
echo "push_enabled=${{ inputs.push_to_registry }}" >> $GITHUB_OUTPUT
else
# Other manual dispatch types (dev, stable, nightly), are these used, could cleanup?
echo "release_type=${{ inputs.release_type }}" >> $GITHUB_OUTPUT
echo "n8n_version=snapshot" >> $GITHUB_OUTPUT
echo "push_enabled=${{ inputs.push_to_registry }}" >> $GITHUB_OUTPUT
fi
elif [[ "${{ github.event_name }}" == "pull_request" ]]; then
# Pull requests, used for changes to the Dockerfile to test
echo "release_type=dev" >> $GITHUB_OUTPUT
echo "n8n_version=pr-${{ github.event.pull_request.number }}" >> $GITHUB_OUTPUT
echo "push_enabled=false" >> $GITHUB_OUTPUT
fi
# Debug output
echo "Event: ${{ github.event_name }}"
echo "Release type: $(grep release_type $GITHUB_OUTPUT | cut -d= -f2)"
echo "N8N version: $(grep n8n_version $GITHUB_OUTPUT | cut -d= -f2)"
echo "Push enabled: $(grep push_enabled $GITHUB_OUTPUT | cut -d= -f2)"
- name: Determine Docker tags - name: Determine Docker tags
id: determine-tags id: determine-tags
run: | run: |
RELEASE_TYPE="${{ steps.context.outputs.release_type }}" RELEASE_TYPE="${{ needs.determine-build-context.outputs.release_type }}"
N8N_VERSION_TAG="${{ steps.context.outputs.n8n_version }}" N8N_VERSION_TAG="${{ needs.determine-build-context.outputs.n8n_version }}"
GHCR_BASE="ghcr.io/${{ github.repository_owner }}/n8n" GHCR_BASE="ghcr.io/${{ github.repository_owner }}/n8n"
DOCKER_BASE="${{ secrets.DOCKER_USERNAME }}/n8n" DOCKER_BASE="${{ secrets.DOCKER_USERNAME }}/n8n"
PLATFORM="${{ matrix.platform }}" PLATFORM="${{ matrix.platform }}"
@@ -179,7 +200,6 @@ jobs:
DOCKER_TAGS_FOR_PUSH="" DOCKER_TAGS_FOR_PUSH=""
PRIMARY_GHCR_MANIFEST_TAG_VALUE="" PRIMARY_GHCR_MANIFEST_TAG_VALUE=""
PRIMARY_DOCKER_MANIFEST_TAG_VALUE=""
# Validate inputs # Validate inputs
if [[ "$RELEASE_TYPE" == "stable" && -z "$N8N_VERSION_TAG" ]]; then if [[ "$RELEASE_TYPE" == "stable" && -z "$N8N_VERSION_TAG" ]]; then
@@ -196,21 +216,18 @@ jobs:
case "$RELEASE_TYPE" in case "$RELEASE_TYPE" in
"stable") "stable")
PRIMARY_GHCR_MANIFEST_TAG_VALUE="${GHCR_BASE}:${N8N_VERSION_TAG}" PRIMARY_GHCR_MANIFEST_TAG_VALUE="${GHCR_BASE}:${N8N_VERSION_TAG}"
PRIMARY_DOCKER_MANIFEST_TAG_VALUE="${DOCKER_BASE}:${N8N_VERSION_TAG}"
GHCR_TAGS_FOR_PUSH="${PRIMARY_GHCR_MANIFEST_TAG_VALUE}-${PLATFORM}" GHCR_TAGS_FOR_PUSH="${PRIMARY_GHCR_MANIFEST_TAG_VALUE}-${PLATFORM}"
DOCKER_TAGS_FOR_PUSH="${PRIMARY_DOCKER_MANIFEST_TAG_VALUE}-${PLATFORM}" DOCKER_TAGS_FOR_PUSH="${DOCKER_BASE}:${N8N_VERSION_TAG}-${PLATFORM}"
;; ;;
"nightly") "nightly")
PRIMARY_GHCR_MANIFEST_TAG_VALUE="${GHCR_BASE}:nightly" PRIMARY_GHCR_MANIFEST_TAG_VALUE="${GHCR_BASE}:nightly"
PRIMARY_DOCKER_MANIFEST_TAG_VALUE="${DOCKER_BASE}:nightly"
GHCR_TAGS_FOR_PUSH="${PRIMARY_GHCR_MANIFEST_TAG_VALUE}-${PLATFORM}" GHCR_TAGS_FOR_PUSH="${PRIMARY_GHCR_MANIFEST_TAG_VALUE}-${PLATFORM}"
DOCKER_TAGS_FOR_PUSH="${PRIMARY_DOCKER_MANIFEST_TAG_VALUE}-${PLATFORM}" DOCKER_TAGS_FOR_PUSH="${DOCKER_BASE}:nightly-${PLATFORM}"
;; ;;
"branch") "branch")
PRIMARY_GHCR_MANIFEST_TAG_VALUE="${GHCR_BASE}:${N8N_VERSION_TAG}" PRIMARY_GHCR_MANIFEST_TAG_VALUE="${GHCR_BASE}:${N8N_VERSION_TAG}"
GHCR_TAGS_FOR_PUSH="${PRIMARY_GHCR_MANIFEST_TAG_VALUE}-${PLATFORM}" GHCR_TAGS_FOR_PUSH="${PRIMARY_GHCR_MANIFEST_TAG_VALUE}-${PLATFORM}"
# No Docker Hub tags for branch builds # No Docker Hub tags for branch builds
PRIMARY_DOCKER_MANIFEST_TAG_VALUE=""
DOCKER_TAGS_FOR_PUSH="" DOCKER_TAGS_FOR_PUSH=""
;; ;;
"dev"|*) "dev"|*)
@@ -218,14 +235,12 @@ jobs:
# PR builds only go to GHCR # PR builds only go to GHCR
PRIMARY_GHCR_MANIFEST_TAG_VALUE="${GHCR_BASE}:${N8N_VERSION_TAG}" PRIMARY_GHCR_MANIFEST_TAG_VALUE="${GHCR_BASE}:${N8N_VERSION_TAG}"
GHCR_TAGS_FOR_PUSH="${PRIMARY_GHCR_MANIFEST_TAG_VALUE}-${PLATFORM}" GHCR_TAGS_FOR_PUSH="${PRIMARY_GHCR_MANIFEST_TAG_VALUE}-${PLATFORM}"
PRIMARY_DOCKER_MANIFEST_TAG_VALUE=""
DOCKER_TAGS_FOR_PUSH="" DOCKER_TAGS_FOR_PUSH=""
else else
# Regular dev builds go to both registries # Regular dev builds go to both registries
PRIMARY_GHCR_MANIFEST_TAG_VALUE="${GHCR_BASE}:dev" PRIMARY_GHCR_MANIFEST_TAG_VALUE="${GHCR_BASE}:dev"
PRIMARY_DOCKER_MANIFEST_TAG_VALUE="${DOCKER_BASE}:dev"
GHCR_TAGS_FOR_PUSH="${PRIMARY_GHCR_MANIFEST_TAG_VALUE}-${PLATFORM}" GHCR_TAGS_FOR_PUSH="${PRIMARY_GHCR_MANIFEST_TAG_VALUE}-${PLATFORM}"
DOCKER_TAGS_FOR_PUSH="${PRIMARY_DOCKER_MANIFEST_TAG_VALUE}-${PLATFORM}" DOCKER_TAGS_FOR_PUSH="${DOCKER_BASE}:dev-${PLATFORM}"
fi fi
;; ;;
esac esac
@@ -243,13 +258,17 @@ jobs:
echo "ghcr_platform_tag=${GHCR_TAGS_FOR_PUSH}" >> $GITHUB_OUTPUT echo "ghcr_platform_tag=${GHCR_TAGS_FOR_PUSH}" >> $GITHUB_OUTPUT
echo "dockerhub_platform_tag=${DOCKER_TAGS_FOR_PUSH}" >> $GITHUB_OUTPUT echo "dockerhub_platform_tag=${DOCKER_TAGS_FOR_PUSH}" >> $GITHUB_OUTPUT
echo "primary_ghcr_manifest_tag=${PRIMARY_GHCR_MANIFEST_TAG_VALUE}" >> $GITHUB_OUTPUT
# Only output manifest tags from the first platform to avoid duplicates
if [[ "$PLATFORM" == "amd64" ]]; then
echo "primary_ghcr_manifest_tag=${PRIMARY_GHCR_MANIFEST_TAG_VALUE}" >> $GITHUB_OUTPUT
fi
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
- name: Login to GitHub Container Registry - name: Login to GitHub Container Registry
if: steps.context.outputs.push_enabled == 'true' if: needs.determine-build-context.outputs.push_enabled == 'true'
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with: with:
registry: ghcr.io registry: ghcr.io
@@ -257,7 +276,7 @@ jobs:
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to DockerHub - name: Login to DockerHub
if: steps.context.outputs.push_enabled == 'true' && needs.build-and-push-docker.outputs.release_type != 'branch' if: needs.determine-build-context.outputs.push_enabled == 'true' && steps.determine-tags.outputs.dockerhub_platform_tag != ''
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with: with:
username: ${{ secrets.DOCKER_USERNAME }} username: ${{ secrets.DOCKER_USERNAME }}
@@ -270,20 +289,20 @@ jobs:
file: ./docker/images/n8n/Dockerfile file: ./docker/images/n8n/Dockerfile
build-args: | build-args: |
NODE_VERSION=22 NODE_VERSION=22
N8N_VERSION=${{ steps.context.outputs.n8n_version }} N8N_VERSION=${{ needs.determine-build-context.outputs.n8n_version }}
N8N_RELEASE_TYPE=${{ steps.context.outputs.release_type }} N8N_RELEASE_TYPE=${{ needs.determine-build-context.outputs.release_type }}
platforms: ${{ matrix.docker_platform }} platforms: ${{ matrix.docker_platform }}
provenance: false provenance: false
push: ${{ steps.context.outputs.push_enabled == 'true' }} push: ${{ needs.determine-build-context.outputs.push_enabled == 'true' }}
tags: ${{ steps.determine-tags.outputs.tags }} tags: ${{ steps.determine-tags.outputs.tags }}
create_multi_arch_manifest: create_multi_arch_manifest:
name: Create Multi-Arch Manifest name: Create Multi-Arch Manifest
needs: build-and-push-docker needs: [determine-build-context, build-and-push-docker]
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: | if: |
needs.build-and-push-docker.result == 'success' && needs.build-and-push-docker.result == 'success' &&
needs.build-and-push-docker.outputs.push_enabled_status == 'true' needs.determine-build-context.outputs.push_enabled == 'true'
steps: steps:
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
@@ -295,63 +314,70 @@ jobs:
username: ${{ github.actor }} username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
- name: Determine Docker Hub manifest tag
id: dockerhub_check
run: |
RELEASE_TYPE="${{ needs.determine-build-context.outputs.release_type }}"
N8N_VERSION="${{ needs.determine-build-context.outputs.n8n_version }}"
DOCKER_BASE="${{ secrets.DOCKER_USERNAME }}/n8n"
# Determine if Docker Hub manifest is needed and construct the tag
case "$RELEASE_TYPE" in
"stable")
echo "DOCKER_MANIFEST_TAG=${DOCKER_BASE}:${N8N_VERSION}" >> $GITHUB_OUTPUT
echo "CREATE_DOCKERHUB_MANIFEST=true" >> $GITHUB_OUTPUT
;;
"nightly")
echo "DOCKER_MANIFEST_TAG=${DOCKER_BASE}:nightly" >> $GITHUB_OUTPUT
echo "CREATE_DOCKERHUB_MANIFEST=true" >> $GITHUB_OUTPUT
;;
"dev")
if [[ "$N8N_VERSION" != pr-* ]]; then
echo "DOCKER_MANIFEST_TAG=${DOCKER_BASE}:dev" >> $GITHUB_OUTPUT
echo "CREATE_DOCKERHUB_MANIFEST=true" >> $GITHUB_OUTPUT
else
echo "CREATE_DOCKERHUB_MANIFEST=false" >> $GITHUB_OUTPUT
fi
;;
*)
echo "CREATE_DOCKERHUB_MANIFEST=false" >> $GITHUB_OUTPUT
;;
esac
- name: Login to Docker Hub - name: Login to Docker Hub
if: needs.build-and-push-docker.outputs.release_type != 'branch' && needs.build-and-push-docker.outputs.release_type != 'pr' if: steps.dockerhub_check.outputs.CREATE_DOCKERHUB_MANIFEST == 'true'
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with: with:
username: ${{ secrets.DOCKER_USERNAME }} username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }} password: ${{ secrets.DOCKER_PASSWORD }}
- name: Reconstruct Docker Hub Primary Tag
id: reconstruct_dockerhub_tag
run: |
RELEASE_TYPE="${{ needs.build-and-push-docker.outputs.release_type }}"
N8N_VERSION="${{ needs.build-and-push-docker.outputs.n8n_version }}"
DOCKER_BASE="${{ secrets.DOCKER_USERNAME }}/n8n"
PRIMARY_DOCKER_MANIFEST_TAG=""
case "$RELEASE_TYPE" in
"stable")
PRIMARY_DOCKER_MANIFEST_TAG="${DOCKER_BASE}:${N8N_VERSION}"
;;
"nightly")
PRIMARY_DOCKER_MANIFEST_TAG="${DOCKER_BASE}:nightly"
;;
"dev")
if [[ "$N8N_VERSION" != pr-* ]]; then
PRIMARY_DOCKER_MANIFEST_TAG="${DOCKER_BASE}:dev"
fi
;;
esac
if [[ -n "$PRIMARY_DOCKER_MANIFEST_TAG" ]]; then
echo "PRIMARY_DOCKER_MANIFEST_TAG=$PRIMARY_DOCKER_MANIFEST_TAG" >> "$GITHUB_ENV"
else
echo "::notice::No Docker Hub primary tag to reconstruct for release type '$RELEASE_TYPE' and version '$N8N_VERSION'. Skipping Docker Hub manifest creation."
fi
- name: Create GHCR multi-arch manifest - name: Create GHCR multi-arch manifest
if: needs.build-and-push-docker.outputs.primary_ghcr_manifest_tag != '' if: needs.build-and-push-docker.outputs.primary_ghcr_manifest_tag != ''
run: | run: |
MANIFEST_TAG="${{ needs.build-and-push-docker.outputs.primary_ghcr_manifest_tag }}" MANIFEST_TAG="${{ needs.build-and-push-docker.outputs.primary_ghcr_manifest_tag }}"
RELEASE_TYPE="${{ needs.determine-build-context.outputs.release_type }}"
echo "Creating GHCR manifest: $MANIFEST_TAG" echo "Creating GHCR manifest: $MANIFEST_TAG"
# Create and push the multi-arch manifest using buildx # For branch builds, only AMD64 is built
docker buildx imagetools create \ if [[ "$RELEASE_TYPE" == "branch" ]]; then
--tag $MANIFEST_TAG \ docker buildx imagetools create \
${MANIFEST_TAG}-amd64 \ --tag $MANIFEST_TAG \
${MANIFEST_TAG}-arm64 ${MANIFEST_TAG}-amd64
else
docker buildx imagetools create \
--tag $MANIFEST_TAG \
${MANIFEST_TAG}-amd64 \
${MANIFEST_TAG}-arm64
fi
- name: Create Docker Hub multi-arch manifest - name: Create Docker Hub multi-arch manifest
if: env.PRIMARY_DOCKER_MANIFEST_TAG != '' if: steps.dockerhub_check.outputs.CREATE_DOCKERHUB_MANIFEST == 'true'
run: | run: |
MANIFEST_TAG="${{ env.PRIMARY_DOCKER_MANIFEST_TAG }}" MANIFEST_TAG="${{ steps.dockerhub_check.outputs.DOCKER_MANIFEST_TAG }}"
echo "Creating Docker Hub manifest: $MANIFEST_TAG" echo "Creating Docker Hub manifest: $MANIFEST_TAG"
# Create and push the multi-arch manifest using buildx
docker buildx imagetools create \ docker buildx imagetools create \
--tag $MANIFEST_TAG \ --tag $MANIFEST_TAG \
${MANIFEST_TAG}-amd64 \ ${MANIFEST_TAG}-amd64 \
@@ -374,11 +400,11 @@ jobs:
security-scan: security-scan:
name: Security Scan name: Security Scan
needs: [build-and-push-docker] needs: [determine-build-context, build-and-push-docker]
if: | if: |
success() && success() &&
(github.event_name == 'schedule' || (needs.determine-build-context.outputs.release_type == 'stable' ||
(github.event_name == 'workflow_call' && inputs.release_type == 'stable')) needs.determine-build-context.outputs.release_type == 'nightly')
uses: ./.github/workflows/security-trivy-scan-callable.yml uses: ./.github/workflows/security-trivy-scan-callable.yml
with: with:
image_ref: ${{ needs.build-and-push-docker.outputs.image_ref }} image_ref: ${{ needs.build-and-push-docker.outputs.image_ref }}