CI/CD Pipeline

Netshoot uses GitHub Actions for its Continuous Integration and Continuous Deployment (CI/CD) pipeline. The workflows are defined in the .github/workflows/ directory and handle testing pull requests and publishing release images.

Testing Pull Requests (test-pr-buildx.yml)

This workflow ensures that proposed changes don't break the build process.

  • Trigger: Runs on every pull request targeting the master branch.

  • Actions:

    1. Checkout Code: Checks out the source code from the pull request.
    2. Set up QEMU: Configures QEMU to enable building for different CPU architectures (specifically arm64 on an amd64 runner).
    3. Set up Docker Buildx: Initializes the Docker Buildx builder instance.

    4. Run Buildx: Executes a multi-platform build for linux/amd64 and linux/arm64. 

      docker buildx build \
  --platform linux/amd64,linux/arm64 \
  --output "type=image,push=false" \
  --file ./Dockerfile .

    5. Result: The key part is --output "type=image,push=false". The workflow only builds the image to confirm that the Dockerfile and related scripts are working correctly for all target platforms. It does not push the resulting image to any registry.

Creating a Release (release-buildx.yml)

This workflow automates the process of building and publishing the official Netshoot images when a new version is tagged.

  • Trigger: Runs whenever a push event includes a tag matching the pattern v* (e.g., v0.14, v1.0).

  • Actions:

    1. Checkout & Setup: Similar to the PR workflow, it checks out the code and sets up QEMU and Docker Buildx.
    2. Login to Registries: It logs into both Docker Hub and the GitHub Container Registry (GHCR) using secrets stored in the repository.

    3. Run Buildx and Push: It runs the multi-platform build with a different output configuration: 

      docker buildx build \
  --platform linux/amd64,linux/arm64 \
  --output "type=image,push=true" \
  --file ./Dockerfile \
  --tag nicolaka/netshoot:$RELEASE_VERSION \
  --tag nicolaka/netshoot:latest \
  --tag ghcr.io/nicolaka/netshoot:$RELEASE_VERSION \
  --tag ghcr.io/nicolaka/netshoot:latest \
  .

    4. Result: The --output "type=image,push=true" flag instructs Buildx to build the images and push them to the specified registries with multiple tags (the specific version tag and latest).