apify-actor-docker/.github/workflows/release-python-playwright.yaml at master · apify/apify-actor-docker · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
name: Python + Playwright images

on:
  workflow_dispatch:
    inputs:
      release_tag:
        description: 'Tag for the images (e.g.: "latest" or "beta")'
        required: true
      rebuild_images:
        description: "Rebuilds images even if the cache state matches the current state."
        required: false
        type: boolean
      trigger_templates_pr:
        description: "When set to true, always triggers the workflow on actor-templates."
        required: false
        type: boolean

  repository_dispatch:
    types: [build-python-images]

  pull_request:
    paths:
      - "python-playwright/**"
      - "python-playwright-chrome/**"
      - "python-playwright-firefox/**"
      - "python-playwright-webkit/**"
      - "python-playwright-camoufox/**"
      - "certificates/**"
      - ".github/workflows/release-python-playwright.yaml"
      - ".github/actions/version-matrix/**"
      - ".github/scripts/prepare-python-image-tags.js"
      - "Makefile"

  schedule:
    - cron: 0 */2 * * *

env:
  RELEASE_TAG: ${{ github.event.inputs.release_tag || github.event.client_payload.release_tag }}
  SHOULD_USE_LAST_FIVE: ${{ github.event_name != 'pull_request' }}
  SKIP_CACHE_CHECK: ${{ github.event_name == 'pull_request' || github.event.inputs.rebuild_images == 'true' }}

jobs:
  matrix:
    runs-on: ubuntu-latest
    outputs:
      matrix: ${{ steps.set-matrix.outputs.matrix }}

    steps:
      - uses: actions/checkout@v6
        with:
          token: ${{ secrets.APIFY_SERVICE_ACCOUNT_GITHUB_TOKEN }}
          fetch-depth: 0

      - name: Set up Node.js
        uses: actions/setup-node@v6
        with:
          node-version-file: .github/actions/version-matrix/package.json
          cache: yarn
          cache-dependency-path: .github/actions/version-matrix/yarn.lock

      - run: yarn
        working-directory: ./.github/actions/version-matrix

      - name: Generate matrix
        id: set-matrix
        run: echo "matrix=$(yarn python:playwright)" >> $GITHUB_OUTPUT
        working-directory: ./.github/actions/version-matrix

      - name: Print matrix
        run: |
          echo "Matrix:"
          echo '${{ steps.set-matrix.outputs.matrix }}' | jq -r '.include[] | "python-version=\(.["python-version"]) playwright-version=\(.["playwright-version"]) camoufox-version=\(.["camoufox-version"]) is-latest=\(.["is-latest"]) image-name=\(.["image-name"])"'
          echo ""
          echo "Raw matrix:"
          echo ""
          echo '${{ steps.set-matrix.outputs.matrix }}' | jq -e

      - name: Push updated matrix
        id: push-matrix
        if: github.event_name != 'pull_request'
        run: |
          # Setup git user
          git config --global user.email "noreply@apify.com"
          git config --global user.name "Apify CI Bot"
          git config pull.rebase true

          # Add and commit if there are changes
          git add ./.github/actions/version-matrix/data/*.json
          if git diff-index --quiet HEAD; then
            echo "No changes to commit"
          else
            git commit -m "chore(docker): update ${{ env.RELEASE_TAG || 'latest' }} python:playwright cache"
            echo "should-trigger=true" >> $GITHUB_OUTPUT
          fi

          # Try to push 5 times, with pulls between retries
          for i in {1..5}; do
            git push && break || echo "Failed to push, retrying in 5 seconds..." && sleep 5 && git pull
          done

      - name: Trigger workflow on actor-templates
        if: (steps.push-matrix.outputs.should-trigger == 'true' || github.event.inputs.trigger_templates_pr == 'true') && steps.set-matrix.outputs.latest-runtime-version != ''
        uses: peter-evans/repository-dispatch@v4
        with:
          token: ${{ secrets.APIFY_SERVICE_ACCOUNT_GITHUB_TOKEN }}
          repository: apify/actor-templates
          event-type: update-templates
          client-payload: |-
            {
              "base_image": "apify/actor-python-playwright,apify/actor-python-playwright-chrome,apify/actor-python-playwright-firefox,apify/actor-python-playwright-webkit,apify/actor-python-playwright-camoufox",
              "module_version": "${{ steps.set-matrix.outputs.latest-module-version }}",
              "default_runtime_version": "${{ steps.set-matrix.outputs.latest-runtime-version }}"
            }

  # Build master images that are not dependent on existing builds.
  build-main:
    needs: [matrix]

    runs-on: ubuntu-latest
    if: ${{ toJson(fromJson(needs.matrix.outputs.matrix).include) != '[]' }}

    strategy:
      fail-fast: false
      matrix: ${{ fromJson(needs.matrix.outputs.matrix) }}

    name: "img: ${{ matrix.image-name }} py: ${{ matrix.python-version }}, pw: ${{ matrix.playwright-version }}, cf: ${{ matrix.camoufox-version }}, is-latest: ${{ matrix.is-latest }}"

    steps:
      - name: Set default inputs if event is pull request
        if: github.event_name == 'pull_request'
        run: |
          if [[ -z "$RELEASE_TAG" ]]; then echo "RELEASE_TAG=CI_TEST" >> $GITHUB_ENV; fi

      - name: Set default inputs if event is schedule
        if: github.event_name == 'schedule'
        run: |
          if [[ -z "$RELEASE_TAG" ]]; then echo "RELEASE_TAG=latest" >> $GITHUB_ENV; fi

      - name: Check if inputs are set correctly
        run: |
          if [[ -z "$RELEASE_TAG" ]]; then echo "RELEASE_TAG input is empty!" >&2; exit 1; fi

      - name: Checkout
        uses: actions/checkout@v6

      - name: Copy Firefox certificates to image folder
        run: |
          if [ -f "./certificates/firefox-certificates.zip" ]; then
            mkdir -p ./${{ matrix.image-name }}/firefox-certs
            unzip -q -o ./certificates/firefox-certificates.zip -d ./${{ matrix.image-name }}/firefox-certs
            echo "Extracted $(ls -1 ./${{ matrix.image-name }}/firefox-certs/*.crt | wc -l) certificates"
          else
            mkdir -p ./${{ matrix.image-name }}/firefox-certs
            echo "No certificate archive found, created empty folder"
          fi

      - name: Set up Python ${{ matrix.python-version }}
        uses: actions/setup-python@v6
        with:
          python-version: ${{ matrix.python-version }}

      - name: Prepare image tags
        id: prepare-tags
        uses: actions/github-script@v8
        env:
          CURRENT_PYTHON: ${{ matrix.python-version }}
          LATEST_PYTHON: ${{ matrix.latest-python-version }}
          FRAMEWORK_VERSION: ${{ matrix.playwright-version }}
          RELEASE_TAG: ${{ env.RELEASE_TAG }}
          IMAGE_NAME: apify/actor-${{ matrix.image-name }}
          IS_LATEST_BROWSER_IMAGE: ${{ matrix.is-latest }}
        with:
          script: |
            const generateTags = require("./.github/scripts/prepare-python-image-tags.js");
            return generateTags()

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v4

      - name: Build and tag image for testing
        uses: docker/build-push-action@v6
        with:
          context: ./${{ matrix.image-name }}
          file: ./${{ matrix.image-name }}/Dockerfile
          build-args: |
            PYTHON_VERSION=${{ matrix.python-version }}
            PLAYWRIGHT_VERSION=${{ matrix.playwright-version }}
            CAMOUFOX_VERSION=${{ matrix.camoufox-version }}
          platforms: linux/amd64
          provenance: false
          load: true
          tags: ${{ fromJson(steps.prepare-tags.outputs.result).allTags }}
          cache-from: type=gha,scope=${{ matrix.image-name }}-${{ matrix.python-version }}-${{ matrix.playwright-version }}-${{ matrix.camoufox-version }}
          cache-to: type=gha,mode=max,scope=${{ matrix.image-name }}-${{ matrix.python-version }}-${{ matrix.playwright-version }}-${{ matrix.camoufox-version }}

      - name: Test image
        run: docker run ${{ fromJson(steps.prepare-tags.outputs.result).firstImageName }}

      - name: Login to DockerHub
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v4
        with:
          username: ${{ secrets.APIFY_SERVICE_ACCOUNT_DOCKERHUB_USERNAME }}
          password: ${{ secrets.APIFY_SERVICE_ACCOUNT_DOCKERHUB_TOKEN }}

      - name: Build and push OCI image
        if: github.event_name != 'pull_request'
        uses: docker/build-push-action@v6
        with:
          context: ./${{ matrix.image-name }}
          file: ./${{ matrix.image-name }}/Dockerfile
          build-args: |
            PYTHON_VERSION=${{ matrix.python-version }}
            PLAYWRIGHT_VERSION=${{ matrix.playwright-version }}
            CAMOUFOX_VERSION=${{ matrix.camoufox-version }}
          platforms: ${{ matrix.supports-arm64 == 'true' && 'linux/amd64,linux/arm64' || 'linux/amd64' }}
          provenance: true
          push: true
          tags: ${{ fromJson(steps.prepare-tags.outputs.result).allTags }}
          outputs: type=image,oci-mediatypes=true
          cache-from: type=gha,scope=${{ matrix.image-name }}-${{ matrix.python-version }}-${{ matrix.playwright-version }}-${{ matrix.camoufox-version }}