search

docker / build-push-action

GitHub Action to build and push Docker images with Buildx
https://github.com/marketplace/actions/build-and-push-docker-images
Apache License 2.0
4.29k stars 551 forks source link

Action is stuck at "exporting to client directory" #1201

Closed SquirrelDeveloper closed 1 month ago

SquirrelDeveloper commented 1 month ago

Contributing guidelines

I've found a bug, and:

Description

My biggest (in term of size) project is stucked on the this action at exporting to client directory THe project is a dockerized React project with NPM. --> https://github.com/SquirrelCorporation/SquirrelServersManager/tree/master/client It is stuck on both my personal self-hosted server, and the default free ubuntu-latest runner. However, after trying with a bigger server, the error doesnt happen. I would very much like to make it work on the free server, as a single open source developer of my project

Expected behaviour

The docker image is correctly exported to the GHCR registry

Actual behaviour

Build is stuck to exporting to client directory

Repository URL

https://github.com/SquirrelCorporation/SquirrelServersManager

Workflow run URL

No response

YAML workflow

name: Publish Containers to Ghcr.io

# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.

on:
  push:
    # Publish semver tags as releases.
    tags: [ 'v*.*.*' ]

env:
  # Use docker.io for Docker Hub if empty
  REGISTRY: ghcr.io
  # github.repository as <account>/<repo>
  SERVER_IMAGE_NAME: ${{ github.repository }}-server
  CLIENT_IMAGE_NAME: ${{ github.repository }}-client
  PROXY_IMAGE_NAME: ${{ github.repository }}-proxy

jobs:
  build-and-publish-server:
    runs-on: self-hosted
    permissions:
      contents: read
      packages: write
      # This is used to complete the identity challenge
      # with sigstore/fulcio when running outside of PRs.
      id-token: write

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      # Install the cosign tool except on PR
      # https://github.com/sigstore/cosign-installer
      - name: Install cosign
        if: github.event_name != 'pull_request'
        uses: sigstore/cosign-installer@v3.5.0
        with:
          cosign-release: 'v2.2.4'

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3

      # Set up BuildKit Docker container builder to be able to build
      # multi-platform images and export cache
      # https://github.com/docker/setup-buildx-action
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      # Login against a Docker registry except on PR
      # https://github.com/docker/login-action
      - name: Log into registry ${{ env.REGISTRY }}
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      # Extract metadata (tags, labels) for Docker
      # https://github.com/docker/metadata-action
      - name: Extract Docker metadata
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.REGISTRY }}/${{ env.SERVER_IMAGE_NAME }}

      # Build and push Docker image with Buildx (don't push on PR)
      # https://github.com/docker/build-push-action
      - name: Build and push Docker image
        id: build-and-push
        uses: docker/build-push-action@v6 
        with:
          context: ./server
          build-contexts: |
            shared-lib=./shared-lib
          build-args: |
            NODE_ENV: production
          target: production
          provenance: false
          cache-from: type=gha,scope=buildkit
          cache-to: type=gha,mode=max,scope=buildkit
          platforms: linux/amd64,linux/arm64,linux/arm64/v8
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          outputs: type=image,name=target,annotation-index.org.opencontainers.image.description=Squirrel Servers Manager (SSM) Server ${{ steps.meta.outputs.tags }}
      # Sign the resulting Docker image digest except on PRs.
      # This will only write to the public Rekor transparency log when the Docker
      # repository is public to avoid leaking data.  If you would like to publish
      # transparency data even for private images, pass --force to cosign below.
      # https://github.com/sigstore/cosign
      - name: Sign the published Docker image
        if: ${{ github.event_name != 'pull_request' }}
        env:
          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
          TAGS: ${{ steps.meta.outputs.tags }}
          DIGEST: ${{ steps.build-and-push.outputs.digest }}
        # This step uses the identity token to provision an ephemeral certificate
        # against the sigstore community Fulcio instance.
        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}

  build-and-publish-client:
    runs-on: self-hosted
    permissions:
      contents: read
      packages: write
      # This is used to complete the identity challenge
      # with sigstore/fulcio when running outside of PRs.
      id-token: write

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      # Install the cosign tool except on PR
      # https://github.com/sigstore/cosign-installer
      - name: Install cosign
        if: github.event_name != 'pull_request'
        uses: sigstore/cosign-installer@v3.5.0
        with:
          cosign-release: 'v2.2.4'

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3

      # Set up BuildKit Docker container builder to be able to build
      # multi-platform images and export cache
      # https://github.com/docker/setup-buildx-action
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      # Login against a Docker registry except on PR
      # https://github.com/docker/login-action
      - name: Log into registry ${{ env.REGISTRY }}
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      # Extract metadata (tags, labels) for Docker
      # https://github.com/docker/metadata-action
      - name: Extract Docker metadata
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.REGISTRY }}/${{ env.CLIENT_IMAGE_NAME }}

      # Build and push Docker image with Buildx (don't push on PR)
      # https://github.com/docker/build-push-action
      - name: Build and push Docker image
        id: build-and-push
        uses: docker/build-push-action@v6
        with:
          context: ./client
          build-contexts: |
            shared-lib=./shared-lib
          target: production
          provenance: false
          cache-from: type=gha,scope=buildkit
          cache-to: type=gha,mode=max,scope=buildkit
          platforms: linux/amd64,linux/arm64,linux/arm64/v8
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          outputs: type=image,name=target,annotation-index.org.opencontainers.image.description=Squirrel Servers Manager (SSM) Client ${{ steps.meta.outputs.tags }}
      # Sign the resulting Docker image digest except on PRs.
      # This will only write to the public Rekor transparency log when the Docker
      # repository is public to avoid leaking data.  If you would like to publish
      # transparency data even for private images, pass --force to cosign below.
      # https://github.com/sigstore/cosign
      - name: Sign the published Docker image
        if: ${{ github.event_name != 'pull_request' }}
        env:
          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
          TAGS: ${{ steps.meta.outputs.tags }}
          DIGEST: ${{ steps.build-and-push.outputs.digest }}
        # This step uses the identity token to provision an ephemeral certificate
        # against the sigstore community Fulcio instance.
        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
  build-and-publish-proxy:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
      # This is used to complete the identity challenge
      # with sigstore/fulcio when running outside of PRs.
      id-token: write

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      # Install the cosign tool except on PR
      # https://github.com/sigstore/cosign-installer
      - name: Install cosign
        if: github.event_name != 'pull_request'
        uses: sigstore/cosign-installer@v3.5.0
        with:
          cosign-release: 'v2.2.4'

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3

      # Set up BuildKit Docker container builder to be able to build
      # multi-platform images and export cache
      # https://github.com/docker/setup-buildx-action
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      # Login against a Docker registry except on PR
      # https://github.com/docker/login-action
      - name: Log into registry ${{ env.REGISTRY }}
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      # Extract metadata (tags, labels) for Docker
      # https://github.com/docker/metadata-action
      - name: Extract Docker metadata
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.REGISTRY }}/${{ env.PROXY_IMAGE_NAME }}

      # Build and push Docker image with Buildx (don't push on PR)
      # https://github.com/docker/build-push-action
      - name: Build and push Docker image
        id: build-and-push
        uses: docker/build-push-action@v6
        with:
          context: ./proxy
          provenance: false
          platforms: linux/amd64,linux/arm64,linux/arm64/v8
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          cache-from: type=gha,scope=buildkit
          cache-to: type=gha,mode=max,scope=buildkit
          outputs: type=image,name=target,annotation-index.org.opencontainers.image.description=Squirrel Servers Manager (SSM) Proxy ${{ steps.meta.outputs.tags }}
      # Sign the resulting Docker image digest except on PRs.
      # This will only write to the public Rekor transparency log when the Docker
      # repository is public to avoid leaking data.  If you would like to publish
      # transparency data even for private images, pass --force to cosign below.
      # https://github.com/sigstore/cosign
      - name: Sign the published Docker image
        if: ${{ github.event_name != 'pull_request' }}
        env:
          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
          TAGS: ${{ steps.meta.outputs.tags }}
          DIGEST: ${{ steps.build-and-push.outputs.digest }}
        # This step uses the identity token to provision an ephemeral certificate
        # against the sigstore community Fulcio instance.
        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}

Workflow logs

##[debug]Evaluating condition for step: 'Build and push Docker image'
##[debug]Evaluating: success()
##[debug]Evaluating success:
##[debug]=> true
##[debug]Result: true
##[debug]Starting: Build and push Docker image
##[debug]Register post job cleanup for action: docker/build-push-action@v6
##[debug]Loading inputs
##[debug]Evaluating: (github.event_name != 'pull_request')
##[debug]Evaluating NotEqual:
##[debug]..Evaluating Index:
##[debug]....Evaluating github:
##[debug]....=> Object
##[debug]....Evaluating String:
##[debug]....=> 'event_name'
##[debug]..=> 'push'
##[debug]..Evaluating String:
##[debug]..=> 'pull_request'
##[debug]=> true
##[debug]Expanded: ('push' != 'pull_request')
##[debug]Result: true
##[debug]Evaluating: steps.meta.outputs.tags
##[debug]Evaluating Index:
##[debug]..Evaluating Index:
##[debug]....Evaluating Index:
##[debug]......Evaluating steps:
##[debug]......=> Object
##[debug]......Evaluating String:
##[debug]......=> 'meta'
##[debug]....=> Object
##[debug]....Evaluating String:
##[debug]....=> 'outputs'
##[debug]..=> Object
##[debug]..Evaluating String:
##[debug]..=> 'tags'
##[debug]=> 'ghcr.io/squirrelcorporation/squirrelserversmanager-client:v0.1.17-alpha.3
##[debug]ghcr.io/squirrelcorporation/squirrelserversmanager-client:latest'
##[debug]Result: 'ghcr.io/squirrelcorporation/squirrelserversmanager-client:v0.1.17-alpha.3
##[debug]ghcr.io/squirrelcorporation/squirrelserversmanager-client:latest'
##[debug]Evaluating: steps.meta.outputs.labels
##[debug]Evaluating Index:
##[debug]..Evaluating Index:
##[debug]....Evaluating Index:
##[debug]......Evaluating steps:
##[debug]......=> Object
##[debug]......Evaluating String:
##[debug]......=> 'meta'
##[debug]....=> Object
##[debug]....Evaluating String:
##[debug]....=> 'outputs'
#38 334.8   984 B      dist/490[2](https://github.com/SquirrelCorporation/SquirrelServersManager/actions/runs/10244560732/job/28344395004#step:8:2).ae4f85e9.async.js
#38 334.8   972 B      dist/2517.e1882f88.async.js
#[3](https://github.com/SquirrelCorporation/SquirrelServersManager/actions/runs/10244560732/job/28344395004#step:8:3)8 334.8   967 B      dist/4912.a809c27a.async.js
#38 33[4](https://github.com/SquirrelCorporation/SquirrelServersManager/actions/runs/10244560732/job/28344395004#step:8:4).8   964 B      dist/911.2cc6f7e3.async.js
#38 334.8   949 B      dist/8084.4a3ea24a.async.js
#38 334.8   904 B      dist/4129.87b[5](https://github.com/SquirrelCorporation/SquirrelServersManager/actions/runs/10244560732/job/28344395004#step:8:5)2c62.async.js
#38 334.8   889 B      dist/4188.1cb97f5e.async.js
#38 334.8   8[6](https://github.com/SquirrelCorporation/SquirrelServersManager/actions/runs/10244560732/job/28344395004#step:8:6)6 B      dist/5062.d657cc3a.async.js
#38 334.8   859 B      dist/2060.cf195205.async.js
#38 334.8   81[7](https://github.com/SquirrelCorporation/SquirrelServersManager/actions/runs/10244560732/job/28344395004#step:8:7) B      dist/p__Devices__index.30629144.chunk.css
#38 334.8   717 B      dist/5[8](https://github.com/SquirrelCorporation/SquirrelServersManager/actions/runs/10244560732/job/28344395004#step:8:8)49.06191b60.async.js
#38 334.8   6[9](https://github.com/SquirrelCorporation/SquirrelServersManager/actions/runs/10244560732/job/28344395004#step:8:9)8 B      dist/p__Admin__Inventory__index.2f2871f6.chunk.css
#38 334.8   684 B      dist/3682.f12a3f12.async.js
#38 334.8   574 B      dist/2798.29cc5b3b.async.js
#38 334.8   563 B      dist/8946.db2f8a9f.async.js
#38 334.8   372 B      dist/t__plugin-layout__Layout.5012e1ab.chunk.css
#38 334.8   368 B      dist/1471.dec2b60d.async.js
#38 334.8   314 B      dist/p__404.ef784511.async.js
#38 334.8   218 B      dist/1576.02126f63.async.js
#38 334.8 
#38 334.8 The bundle size is significantly larger than recommended.
#38 334.8 Consider reducing it with code splitting:  https://umijs.org/blog/code-splitting
#38 334.8 You can also analyze the project dependencies:  https://umijs.org/docs/guides/env-variables#analyze
#38 334.8 
#38 334.9 event - Build index.html
#38 DONE 336.5s
#39 exporting to client directory
#39 copying files linux/arm64 9.60MB 0.1s
#39 copying files linux/amd64 21B
#39 copying files linux/arm64 17.85MB 4.3s
#39 copying files linux/amd64 35.60MB 5.1s
#39 ...
#40 exporting to image
#40 exporting layers
#40 WARN: Duplicate platform result requested "linux/arm64"
#40 ...
#39 exporting to client directory
#39 copying files linux/arm64 [10](https://github.com/SquirrelCorporation/SquirrelServersManager/actions/runs/10244560732/job/28344395004#step:8:10)5.64MB 10.3s
#39 copying files linux/amd64 69.28MB 10.2s
#39 copying files linux/arm64 83.30MB 14.4s
#39 copying files linux/amd64 95.35MB 15.2s
#39 copying files linux/arm64 162.62MB 20.4s
#39 copying files linux/amd64 121.08MB 20.3s
#39 copying files linux/arm64 199.41MB 25.6s
#39 copying files linux/amd64 148.49MB 25.4s
#39 copying files linux/arm64 166.71MB 29.8s
#39 copying files linux/amd64 183.12MB 30.5s
#39 copying files linux/arm64 199.76MB 34.8s
#39 copying files linux/amd64 213.89MB 35.5s
#39 copying files linux/arm64 235.19MB 39.9s
#39 copying files linux/amd64 251.34MB 40.6s
#39 copying files linux/arm64 280.37MB 44.9s
#39 copying files linux/amd64 298.59MB 45.6s
#39 ...
#40 exporting to image
#40 exporting layers 81.8s done
#40 exporting manifest sha256:15eaf7d051741cad339d907aac4dd7e7d5c2625c6166fcd9af2cfa5173ce8407 0.0s done
#40 exporting config sha256:fc3e4517d9b2c57e39a3bd7aff8100aa1d1edf8c9f289dbc137e1d92ee2c46dc 0.0s done
#40 exporting manifest sha256:04e3efcf616029152e6ccce90ddca9735a3a262bdd3b1f6bd8cba3dfe6e44aa0 done
#40 exporting config sha256:de9dd779276a730267faa021d6ab06cd04e8ae925e55c080a42b5dedf093a0f1 done
#40 exporting manifest list sha256:a1ddbd8929a653e8f794339956bb86a48a412a7a7df143fce562abbf90dc3a02 0.0s done
#40 pushing layers
#40 ...
#41 [auth] squirrelcorporation/squirrelserversmanager-client:pull,push token for ghcr.io
#41 DONE 0.0s
#40 exporting to image
#40 pushing layers 31.1s done
#40 pushing manifest for ghcr.io/squirrelcorporation/squirrelserversmanager-client:v0.1.17-alpha.3@sha256:a1ddbd8929a653e8f794339956bb86a48a412a7a7df143fce562abbf90dc3a02
#40 pushing manifest for ghcr.io/squirrelcorporation/squirrelserversmanager-client:v0.1.17-alpha.3@sha256:a1ddbd8929a653e8f794339956bb86a48a412a7a7df143fce562abbf90dc3a02 1.6s done
#40 pushing layers 1.1s done
#40 pushing manifest for ghcr.io/squirrelcorporation/squirrelserversmanager-client:latest@sha256:a1ddbd8929a653e8f794339956bb86a48a412a7a7df143fce562abbf90dc3a02
#40 pushing manifest for ghcr.io/squirrelcorporation/squirrelserversmanager-client:latest@sha256:a1ddbd8929a653e8f794339956bb86a48a412a7a7df143fce562abbf90dc3a02 0.7s done
#40 DONE [11](https://github.com/SquirrelCorporation/SquirrelServersManager/actions/runs/10244560732/job/28344395004#step:8:11)6.4s
#39 exporting to client directory

BuildKit logs

No response

Additional info

No response

crazy-max commented 1 month ago

Workflow run URL

No response

Do you have a link to the workflow that fails please?

crazy-max commented 1 month ago

Ok I think I found it: https://github.com/SquirrelCorporation/SquirrelServersManager/actions/runs/10244560732/job/28344395004#step:8:353

Looking at invoked command:

/usr/bin/docker buildx build --build-context shared-lib=./shared-lib --cache-from type=gha,scope=buildkit --cache-to type=gha,mode=max,scope=buildkit --label org.opencontainers.image.created=2024-08-05T10:06:57.580Z --label org.opencontainers.image.description=A user friendly, UI/UX focus server & configuration management tool --label org.opencontainers.image.licenses=AGPL-3.0 --label org.opencontainers.image.revision=3c2e9b6e81116e98654d31c929181332479902cc --label org.opencontainers.image.source=https://github.com/SquirrelCorporation/SquirrelServersManager --label org.opencontainers.image.title=SquirrelServersManager --label org.opencontainers.image.url=https://github.com/SquirrelCorporation/SquirrelServersManager --label org.opencontainers.image.version=v0.1.17-alpha.3 --output type=image,name=target,annotation-index.org.opencontainers.image.description=Squirrel Servers Manager (SSM) Client ghcr.io/squirrelcorporation/squirrelserversmanager-client:v0.1.17-alpha.3 --output ghcr.io/squirrelcorporation/squirrelserversmanager-client:latest --platform linux/amd64,linux/arm64,linux/arm64/v8 --attest type=provenance,disabled=true --tag ghcr.io/squirrelcorporation/squirrelserversmanager-client:v0.1.17-alpha.3 --tag ghcr.io/squirrelcorporation/squirrelserversmanager-client:latest --target production --metadata-file /home/server/actions-runner/_work/_temp/docker-actions-toolkit-tLwOOl/build-metadata-fad14fd127.json --push ./client

It seems to export both an image and to client directory:

--output type=image,name=target,annotation-index.org.opencontainers.image.description=Squirrel Servers Manager (SSM) Client ghcr.io/squirrelcorporation/squirrelserversmanager-client:v0.1.17-alpha.3
--output ghcr.io/squirrelcorporation/squirrelserversmanager-client:latest

I think that's because you set the outputs input wrong here:

outputs: type=image,name=target,annotation-index.org.opencontainers.image.description=Squirrel Servers Manager (SSM) Proxy ${{ steps.meta.outputs.tags }}

You should put quotes for the annotation:

outputs: type=image,name=target,"annotation-index.org.opencontainers.image.description=Squirrel Servers Manager (SSM) Proxy ${{ steps.meta.outputs.tags }}"