name: build concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true on: push: # needs push event on default branch otherwise cache is evicted when pull request is merged branches: - main pull_request: env: # Use edge release of buildx (latest RC, fallback to latest stable) SETUP_BUILDX_VERSION: edge SETUP_BUILDKIT_IMAGE: "moby/buildkit:latest" permissions: contents: read # to fetch code (actions/checkout) jobs: releaser: runs-on: ubuntu-24.04 steps: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 with: version: ${{ env.SETUP_BUILDX_VERSION }} driver-opts: image=${{ env.SETUP_BUILDKIT_IMAGE }} - name: Build uses: docker/bake-action@v6 with: files: | docker-bake.hcl targets: releaser-build build: runs-on: ubuntu-24.04 needs: - releaser steps: - name: Checkout uses: actions/checkout@v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Build uses: docker/bake-action@v6 with: source: . files: | docker-bake.hcl targets: release - name: Check Cloudfront config uses: docker/bake-action@v6 with: source: . targets: aws-cloudfront-update env: DRY_RUN: true AWS_REGION: us-east-1 AWS_CLOUDFRONT_ID: 0123456789ABCD AWS_LAMBDA_FUNCTION: DockerDocsRedirectFunction-dummy vale: if: ${{ github.event_name == 'pull_request' }} runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 - uses: errata-ai/vale-action@reviewdog env: PIP_BREAK_SYSTEM_PACKAGES: 1 with: files: content validate: runs-on: ubuntu-24.04 strategy: fail-fast: false matrix: target: - lint - test - unused-media - test-go-redirects - dockerfile-lint - path-warnings - validate-vendor steps: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Validate uses: docker/bake-action@v6 with: files: | docker-bake.hcl targets: ${{ matrix.target }} set: | *.args.BUILDKIT_CONTEXT_KEEP_GIT_DIR=1