.github/workflows/tool_docker.yml - third_party/github/protocolbuffers/protobuf - Git at Google

 name: Run a Docker workflow

 on:
   workflow_call:
     inputs:
       name:
         required: True
         description: "The name to display for the test"
         type: string
       image:
         required: false
         default: 'us-docker.pkg.dev/protobuf-build/containers/common/linux/bazel:5.1.1-aec4d74f2eb6938fc53ef7d9a79a4bf2da24abc1'
         description: "The docker image to use"
         type: string
       safe-checkout:
         required: true
         description: "The SHA key for the commit we want to run over"
         type: string
       run-flags:
         required: false
         description: "Additional flags to pass to docker run"
         type: string
       bazel-cache:
         required: false
         description: >
           A unique path for the Bazel cache.  This will trigger the generation
           of a BAZEL_CACHE environment variant that provides the appropriate
           flags for any bazel command.
         type: string

       # WARNING: loading from cache appears to be slower than pull!
       docker-cache:
         required: false
         description: "Enabled caching of pulled docker images."
         default: false
         type: boolean

       # Non-Bazel options
       command:
         required: false
         description: "A raw docker command to run"
         type: string

       # Bazel options
       bazel:
         required: false
         description: "The Bazel command to run"
         type: string

 jobs:
   run:
     name: ${{ inputs.name }}
     timeout-minutes: 120
     runs-on: ubuntu-latest
     steps:
       - name: Checkout pending changes
         uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
         with:
           ref: ${{ inputs.safe-checkout }}

       # Authentication
       - name: Setup QEMU for possible emulation
         id: qemu-arm64
         uses: docker/setup-qemu-action@27d0a4f181a40b142cce983c5393082c365d1480 # v1.2.0

       - name: Authenticate to Google Cloud
         uses: google-github-actions/auth@ef5d53e30bbcd8d0836f4288f5e50ff3e086997d # v1.0.0
         with:
           credentials_json: ${{ secrets.GAR_SERVICE_ACCOUNT }}
           export_environment_variables: true
       - name: Set up Cloud SDK
         uses: google-github-actions/setup-gcloud@d51b5346f85640ec2aa2fa057354d2b82c2fcbce # v1.0.1
       - name: Use gcloud CLI
         run: gcloud info
       - name: Authenticate for GAR use
         run: gcloud auth configure-docker -q us-docker.pkg.dev

       # Create the docker command
       - name: Validate Docker command
         if: ${{ inputs.command && inputs.bazel}}
         run: echo "Invalid specification of both non-Bazel and Bazel command"; exit 1
       - name: Configure Bazel caching
         # Skip bazel cache for local act runs due to issue with credential files
         # and nested docker images
         if: ${{ inputs.bazel-cache && !github.event.act_local_test }}
         run: >
           echo "BAZEL_CACHE=
           --google_credentials=/workspace/$(basename $GOOGLE_APPLICATION_CREDENTIALS)
           --remote_cache=https://storage.googleapis.com/protobuf-bazel-cache/protobuf/gha/${{ inputs.bazel-cache }}" >> $GITHUB_ENV
       - name: Configure Bazel cache updating
         # External runs should never write to our caches.
         if: ${{ inputs.bazel-cache && !inputs.safe-checkout && !github.event.act_local_test }}
         run: echo "BAZEL_CACHE=$BAZEL_CACHE --remote_upload_local_results" >> $GITHUB_ENV
       - name: Configure Bazel command
         if: ${{ inputs.bazel }}
         run: >
           echo "DOCKER_COMMAND=${{ inputs.bazel }}
           --keep_going --test_output=errors --test_timeout=600
           $BAZEL_CACHE" >> $GITHUB_ENV

       # Grab Docker image
       - name: Check docker cache
         if: ${{ inputs.docker-cache }}
         id: check-docker-cache
         uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920 # v3.2.4
         with:
           path: ci/docker/
           key: ${{ inputs.image }}
       - name: Pull and store if cache miss
         if: ${{ inputs.docker-cache && steps.check-docker-cache.outputs.cache-hit != 'true' }}
         run: >
           docker pull ${{ inputs.image }} &&
           mkdir -p ci/docker/$(dirname ${{ inputs.image }}) &&
           docker image save ${{ inputs.image }} --output ./ci/docker/${{ inputs.image }}.tar
       - name: Use the cached image on cache hit
         if: ${{ inputs.docker-cache && steps.check-docker-cache.outputs.cache-hit == 'true' }}
         run: docker image load --input ./ci/docker/${{ inputs.image }}.tar
       - name: Pull fresh docker image
         if: ${{ !inputs.docker-cache }}
         run: docker pull ${{ inputs.image }}

       - name: Run docker
         run: >
           docker run ${{ inputs.run-flags}}
           -v${{ github.workspace }}:/workspace
           ${{ inputs.image }}
           ${{ inputs.command || '$DOCKER_COMMAND' }}
	name: Run a Docker workflow

	on:
	workflow_call:
	inputs:
	name:
	required: True
	description: "The name to display for the test"
	type: string
	image:
	required: false
	default: 'us-docker.pkg.dev/protobuf-build/containers/common/linux/bazel:5.1.1-aec4d74f2eb6938fc53ef7d9a79a4bf2da24abc1'
	description: "The docker image to use"
	type: string
	safe-checkout:
	required: true
	description: "The SHA key for the commit we want to run over"
	type: string
	run-flags:
	required: false
	description: "Additional flags to pass to docker run"
	type: string
	bazel-cache:
	required: false
	description: >
	A unique path for the Bazel cache. This will trigger the generation
	of a BAZEL_CACHE environment variant that provides the appropriate
	flags for any bazel command.
	type: string

	# WARNING: loading from cache appears to be slower than pull!
	docker-cache:
	required: false
	description: "Enabled caching of pulled docker images."
	default: false
	type: boolean

	# Non-Bazel options
	command:
	required: false
	description: "A raw docker command to run"
	type: string

	# Bazel options
	bazel:
	required: false
	description: "The Bazel command to run"
	type: string

	jobs:
	run:
	name: ${{ inputs.name }}
	timeout-minutes: 120
	runs-on: ubuntu-latest
	steps:
	- name: Checkout pending changes
	uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
	with:
	ref: ${{ inputs.safe-checkout }}

	# Authentication
	- name: Setup QEMU for possible emulation
	id: qemu-arm64
	uses: docker/setup-qemu-action@27d0a4f181a40b142cce983c5393082c365d1480 # v1.2.0

	- name: Authenticate to Google Cloud
	uses: google-github-actions/auth@ef5d53e30bbcd8d0836f4288f5e50ff3e086997d # v1.0.0
	with:
	credentials_json: ${{ secrets.GAR_SERVICE_ACCOUNT }}
	export_environment_variables: true
	- name: Set up Cloud SDK
	uses: google-github-actions/setup-gcloud@d51b5346f85640ec2aa2fa057354d2b82c2fcbce # v1.0.1
	- name: Use gcloud CLI
	run: gcloud info
	- name: Authenticate for GAR use
	run: gcloud auth configure-docker -q us-docker.pkg.dev

	# Create the docker command
	- name: Validate Docker command
	if: ${{ inputs.command && inputs.bazel}}
	run: echo "Invalid specification of both non-Bazel and Bazel command"; exit 1
	- name: Configure Bazel caching
	# Skip bazel cache for local act runs due to issue with credential files
	# and nested docker images
	if: ${{ inputs.bazel-cache && !github.event.act_local_test }}
	run: >
	echo "BAZEL_CACHE=
	--google_credentials=/workspace/$(basename $GOOGLE_APPLICATION_CREDENTIALS)
	--remote_cache=https://storage.googleapis.com/protobuf-bazel-cache/protobuf/gha/${{ inputs.bazel-cache }}" >> $GITHUB_ENV
	- name: Configure Bazel cache updating
	# External runs should never write to our caches.
	if: ${{ inputs.bazel-cache && !inputs.safe-checkout && !github.event.act_local_test }}
	run: echo "BAZEL_CACHE=$BAZEL_CACHE --remote_upload_local_results" >> $GITHUB_ENV
	- name: Configure Bazel command
	if: ${{ inputs.bazel }}
	run: >
	echo "DOCKER_COMMAND=${{ inputs.bazel }}
	--keep_going --test_output=errors --test_timeout=600
	$BAZEL_CACHE" >> $GITHUB_ENV

	# Grab Docker image
	- name: Check docker cache
	if: ${{ inputs.docker-cache }}
	id: check-docker-cache
	uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920 # v3.2.4
	with:
	path: ci/docker/
	key: ${{ inputs.image }}
	- name: Pull and store if cache miss
	if: ${{ inputs.docker-cache && steps.check-docker-cache.outputs.cache-hit != 'true' }}
	run: >
	docker pull ${{ inputs.image }} &&
	mkdir -p ci/docker/$(dirname ${{ inputs.image }}) &&
	docker image save ${{ inputs.image }} --output ./ci/docker/${{ inputs.image }}.tar
	- name: Use the cached image on cache hit
	if: ${{ inputs.docker-cache && steps.check-docker-cache.outputs.cache-hit == 'true' }}
	run: docker image load --input ./ci/docker/${{ inputs.image }}.tar
	- name: Pull fresh docker image
	if: ${{ !inputs.docker-cache }}
	run: docker pull ${{ inputs.image }}

	- name: Run docker
	run: >
	docker run ${{ inputs.run-flags}}
	-v${{ github.workspace }}:/workspace
	${{ inputs.image }}
	${{ inputs.command \|\| '$DOCKER_COMMAND' }}