netdata/.github/workflows/docker.yml

---
# Handle building docker images both for CI checks and for eleases.
#
# The case of releaases is unfortunately rather complicated, as Docker
# tooling does not have great support for handling of multiarch images
# published to multiple registries. As a result, we have to build the
# images, export the cache, and then _rebuild_ the images using the exported
# cache but with different output parameters for buildx. We also need to
# do the second build step as a separate job for each registry so that a
# failure to publish one place won’t break publishing elsewhere.
name: Docker
on:
  push:
    branches:
      - master
  pull_request: null
  workflow_dispatch:
    inputs:
      version:
        description: Version Tag
        default: nightly
        required: true
env:
  DISABLE_TELEMETRY: 1
concurrency:
  group: docker-${{ github.ref }}-${{ github.event_name }}
  cancel-in-progress: true
jobs:
  file-check: # Check what files changed if we’re being run in a PR or on a push.
    name: Check Modified Files
    runs-on: ubuntu-latest
    outputs:
      run: ${{ steps.check-run.outputs.run }}
      skip-go: ${{ steps.check-go.outputs.skip-go }}
    steps:
      - name: Checkout
        id: checkout
        if: github.event_name != 'workflow_dispatch'
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          submodules: recursive
      - name: Check source files
        id: check-source-files
        if: github.event_name != 'workflow_dispatch'
        uses: tj-actions/changed-files@v45
        with:
          since_last_remote_commit: ${{ github.event_name != 'pull_request' }}
          files: |
            **/*.c
            **/*.cc
            **/*.h
            **/*.hh
            **/*.in
            **/*.patch
            src/aclk/aclk-schemas/
            src/ml/dlib/
            src/fluent-bit/
            src/web/server/h2o/libh2o/
          files_ignore: |
            netdata.spec.in
            **/*.md
      - name: Check build system files
        id: check-build-files
        if: github.event_name != 'workflow_dispatch'
        uses: tj-actions/changed-files@v45
        with:
          since_last_remote_commit: ${{ github.event_name != 'pull_request' }}
          files: |
            .dockerignore
            CMakeLists.txt
            netdata-installer.sh
            .github/workflows/docker.yml
            .github/scripts/docker-test.sh
            .github/scripts/gen-docker-tags.py
            .github/scripts/gen-docker-imagetool-args.py
            packaging/cmake/
            packaging/docker/
            packaging/installer/
            packaging/runtime-check.sh
            packaging/*.version
            packaging/*.checksums
          files_ignore: |
            **/*.md
            packaging/repoconfig/
      - name: List all changed files in pattern
        continue-on-error: true
        if: github.event_name != 'workflow_dispatch'
        env:
          CHANGED_SOURCE_FILES: ${{ steps.check-source-files.outputs.all_changed_files }}
          CHANGED_BUILD_FILES: ${{ steps.check-build-files.outputs.all_changed_files }}
        run: |
          for file in ${CHANGED_SOURCE_FILES} ${CHANGED_BUILD_FILES} ; do
            echo "$file was changed"
          done
      - name: Check Run
        id: check-run
        run: |
          if [ "${{ steps.check-source-files.outputs.any_modified }}" == "true" ] || [ "${{ steps.check-build-files.outputs.any_modified }}" == "true" ] || [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
            echo 'run=true' >> "${GITHUB_OUTPUT}"
          else
            echo 'run=false' >> "${GITHUB_OUTPUT}"
          fi
      - name: Check Go
        id: check-go
        env:
          OTHER_CHANGED_FILES: ${{ steps.check-source-files.outputs.other_changed_files }}
        run: |
          if [ '${{ github.event_name }}' == 'pull_request' ]; then
            if echo "${OTHER_CHANGED_FILES}" | grep -q '.*/(.*\.go|go\.mod|go\.sum)$' || [ "${{ steps.check-build-files.outputs.any_modified }}" == "true" ]; then
              echo 'skip-go=' >> "${GITHUB_OUTPUT}"
            else
              echo 'skip-go=--disable-go' >> "${GITHUB_OUTPUT}"
            fi
          else
            echo 'skip-go=' >> "${GITHUB_OUTPUT}"
          fi

  build-images:
    name: Build Docker Images
    needs:
      - file-check
    runs-on: ubuntu-latest
    strategy:
      matrix:
        platform:
          - linux/amd64
          - linux/i386
          - linux/arm/v7
          - linux/arm64
          - linux/ppc64le
      # Fail fast on releases, but run everything to completion on other triggers.
      fail-fast: ${{ github.event_name == 'workflow_dispatch' }}
    steps:
      - name: Skip Check
        id: skip
        if: needs.file-check.outputs.run != 'true'
        run: echo "SKIPPED"
      - name: Checkout
        id: checkout
        if: needs.file-check.outputs.run == 'true'
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          submodules: recursive
      - name: Generate Artifact Name
        id: artifact-name
        if: github.repository == 'netdata/netdata' && needs.file-check.outputs.run == 'true' && github.event_name == 'workflow_dispatch'
        run: echo "platform=$(echo ${{ matrix.platform }} | tr '/' '-' | cut -f 2- -d '-')" >> "${GITHUB_OUTPUT}"
      - name: Mark image as official
        id: env
        if: github.repository == 'netdata/netdata' && needs.file-check.outputs.run == 'true' && github.event_name == 'workflow_dispatch'
        run: echo "OFFICIAL_IMAGE=true" >> "${GITHUB_ENV}"
      - name: Setup QEMU
        id: qemu
        if: matrix.platform != 'linux/i386' && matrix.platform != 'linux/amd64' && needs.file-check.outputs.run == 'true'
        uses: docker/setup-qemu-action@v3
      - name: Setup Buildx
        id: prepare
        if: needs.file-check.outputs.run == 'true'
        uses: docker/setup-buildx-action@v3
      - name: Build Image
        id: build
        if: needs.file-check.outputs.run == 'true'
        uses: docker/build-push-action@v6
        with:
          platforms: ${{ matrix.platform }}
          tags: netdata/netdata:test
          load: true
          cache-to: type=local,dest=/tmp/build-cache,mode=max
          build-args: |
            OFFICIAL_IMAGE=${{ env.OFFICIAL_IMAGE }}
            EXTRA_INSTALL_OPTS=${{ needs.file-check.outputs.skip-go }}
      - name: Test Image
        id: test
        if: needs.file-check.outputs.run == 'true' && matrix.platform == 'linux/amd64'
        run: .github/scripts/docker-test.sh
      - name: Upload Cache
        id: upload-cache
        if: github.repository == 'netdata/netdata' && needs.file-check.outputs.run == 'true' && github.event_name == 'workflow_dispatch'
        uses: actions/upload-artifact@v4.4.2
        with:
          name: cache-${{ steps.artifact-name.outputs.platform }}
          path: /tmp/build-cache/*
          retention-days: 1
      - name: Failure Notification
        uses: rtCamp/action-slack-notify@v2
        env:
          SLACK_COLOR: 'danger'
          SLACK_FOOTER: ''
          SLACK_ICON_EMOJI: ':github-actions:'
          SLACK_TITLE: 'Docker build failed:'
          SLACK_USERNAME: 'GitHub Actions'
          SLACK_MESSAGE: |-
              ${{ github.repository }}: Building or testing Docker image for ${{ matrix.platform }} failed.
              Checkout: ${{ steps.checkout.outcome }}
              Determine artifact name: ${{ steps.artifact-name.outcome }}
              Setup environment: ${{ steps.env.outcome }}
              Setup QEMU: ${{ steps.qemu.outcome }}
              Setup buildx: ${{ steps.prepare.outcome }}
              Build image: ${{ steps.build.outcome }}
              Test image: ${{ steps.test.outcome }}
              Upload build cache: ${{ steps.upload-cache.outcome }}
          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
        if: >-
          ${{
            failure()
            && github.event_name != 'pull_request'
            && github.repository == 'netdata/netdata'
            && needs.file-check.outputs.run == 'true'
          }}

  gen-tags:
    name: Generate Docker Tags
    runs-on: ubuntu-latest
    if: github.event_name == 'workflow_dispatch'
    outputs:
      tags: ${{ steps.tag.outputs.tags }}
    steps:
      - name: Checkout
        id: checkout
        uses: actions/checkout@v4
      - name: Generate Tags
        id: tag
        run: |
          if [ ${{ github.event_name }} = 'workflow_dispatch' ]; then
            echo "tags=$(.github/scripts/gen-docker-tags.py ${{ github.event_name }} ${{ github.event.inputs.version }})" >> "${GITHUB_OUTPUT}"
          else
            echo "tags=$(.github/scripts/gen-docker-tags.py ${{ github.event_name }} '')" >> "${GITHUB_OUTPUT}"
          fi

  build-images-docker-hub:
    name: Push Images to Docker Hub
    if: github.event_name == 'workflow_dispatch'
    needs:
      - build-images
      - gen-tags
    strategy:
      matrix:
        platform:
          - linux/amd64
          - linux/i386
          - linux/arm/v7
          - linux/arm64
          - linux/ppc64le
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        id: checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          submodules: recursive
      - name: Generate Artifact Name
        id: artifact-name
        run: echo "platform=$(echo ${{ matrix.platform }} | tr '/' '-' | cut -f 2- -d '-')" >> "${GITHUB_OUTPUT}"
      - name: Download Cache
        id: fetch-cache
        uses: actions/download-artifact@v4
        with:
          name: cache-${{ steps.artifact-name.outputs.platform }}
          path: /tmp/build-cache
      - name: Mark image as official
        id: env
        if: github.repository == 'netdata/netdata'
        run: echo "OFFICIAL_IMAGE=true" >> "${GITHUB_ENV}"
      - name: Setup QEMU
        id: qemu
        if: matrix.platform != 'linux/i386' && matrix.platform != 'linux/amd64'
        uses: docker/setup-qemu-action@v3
      - name: Setup Buildx
        id: prepare
        uses: docker/setup-buildx-action@v3
      - name: Registry Login
        id: login
        if: github.repository == 'netdata/netdata'
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
      - name: Build Image
        id: build
        uses: docker/build-push-action@v6
        with:
          platforms: ${{ matrix.platform }}
          cache-from: type=local,src=/tmp/build-cache
          outputs: type=image,name=netdata/netdata,push-by-digest=true,name-canonical=true,push=true
          build-args: OFFICIAL_IMAGE=${{ env.OFFICIAL_IMAGE }}
      - name: Export Digest
        id: export-digest
        if: github.repository == 'netdata/netdata'
        run: |
          mkdir -p /tmp/digests
          digest="${{ steps.build.outputs.digest }}"
          touch "/tmp/digests/${digest#sha256:}"
      - name: Upload digest
        id: upload-digest
        if: github.repository == 'netdata/netdata'
        uses: actions/upload-artifact@v4.4.2
        with:
          name: docker-digests-${{ steps.artifact-name.outputs.platform }}
          path: /tmp/digests/*
          if-no-files-found: error
          retention-days: 1
      - name: Failure Notification
        uses: rtCamp/action-slack-notify@v2
        env:
          SLACK_COLOR: 'danger'
          SLACK_FOOTER: ''
          SLACK_ICON_EMOJI: ':github-actions:'
          SLACK_TITLE: 'Docker Hub upload failed:'
          SLACK_USERNAME: 'GitHub Actions'
          SLACK_MESSAGE: |-
              ${{ github.repository }}: Creating or uploading Docker image for ${{ matrix.platform }} on Docker Hub failed.
              Checkout: ${{ steps.checkout.outcome }}
              Determine artifact name: ${{ steps.artifact-name.outcome }}
              Fetch build cache: ${{ steps.fetch-cache.outcome }}
              Setup environment: ${{ steps.env.outcome }}
              Setup QEMU: ${{ steps.qemu.outcome }}
              Setup buildx: ${{ steps.prepare.outcome }}
              Login to registry: ${{ steps.login.outcome }}
              Build image: ${{ steps.build.outcome }}
              Export digest: ${{ steps.export-digest.outcome }}
              Upload digest: ${{ steps.upload-digest.outcome }}
          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
        if: >-
          ${{
            failure()
            && github.repository == 'netdata/netdata'
          }}

  publish-docker-hub:
    name: Consolidate and tag images for DockerHub
    if: github.event_name == 'workflow_dispatch'
    needs:
      - build-images-docker-hub
      - gen-tags
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        id: checkout
        uses: actions/checkout@v4
      - name: Download digests
        id: fetch-digests
        uses: actions/download-artifact@v4
        with:
          path: /tmp/digests
          pattern: docker-digests-*
          merge-multiple: true
      - name: Setup Buildx
        id: prepare
        uses: docker/setup-buildx-action@v3
      - name: Registry Login
        id: login
        if: github.repository == 'netdata/netdata'
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
      - name: Create and Push Manifest
        id: manifest
        if: github.repository == 'netdata/netdata'
        run: docker buildx imagetools create $(.github/scripts/gen-docker-imagetool-args.py /tmp/digests '' "${{ needs.gen-tags.outputs.tags }}")
      - name: Failure Notification
        uses: rtCamp/action-slack-notify@v2
        env:
          SLACK_COLOR: 'danger'
          SLACK_FOOTER: ''
          SLACK_ICON_EMOJI: ':github-actions:'
          SLACK_TITLE: 'Publishing Docker images to Docker Hub failed:'
          SLACK_USERNAME: 'GitHub Actions'
          SLACK_MESSAGE: |-
              ${{ github.repository }}: Publishing Docker images to Docker Hub failed.
              Checkout: ${{ steps.checkout.outcome }}
              Download digests: ${{ steps.fetch-digests.outcome }}
              Setup buildx: ${{ steps.prepare.outcome }}
              Login to registry: ${{ steps.login.outcome }}
              Create and push manifest: ${{ steps.manifest.outcome }}
          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
        if: >-
          ${{
            failure()
            && github.repository == 'netdata/netdata'
          }}

  build-images-quay:
    name: Push Images to Quay.io
    if: github.event_name == 'workflow_dispatch'
    needs:
      - build-images
      - gen-tags
    strategy:
      matrix:
        platform:
          - linux/amd64
          - linux/i386
          - linux/arm/v7
          - linux/arm64
          - linux/ppc64le
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        id: checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          submodules: recursive
      - name: Generate Artifact Name
        id: artifact-name
        run: echo "platform=$(echo ${{ matrix.platform }} | tr '/' '-' | cut -f 2- -d '-')" >> "${GITHUB_OUTPUT}"
      - name: Download Cache
        id: fetch-cache
        uses: actions/download-artifact@v4
        with:
          name: cache-${{ steps.artifact-name.outputs.platform }}
          path: /tmp/build-cache
      - name: Mark image as official
        id: env
        if: github.repository == 'netdata/netdata'
        run: echo "OFFICIAL_IMAGE=true" >> "${GITHUB_ENV}"
      - name: Setup QEMU
        id: qemu
        if: matrix.platform != 'linux/i386' && matrix.platform != 'linux/amd64'
        uses: docker/setup-qemu-action@v3
      - name: Setup Buildx
        id: prepare
        uses: docker/setup-buildx-action@v3
      - name: Registry Login
        id: login
        if: github.repository == 'netdata/netdata'
        uses: docker/login-action@v3
        with:
          registry: quay.io
          username: ${{ secrets.NETDATABOT_QUAY_USERNAME }}
          password: ${{ secrets.NETDATABOT_QUAY_TOKEN }}
      - name: Build Image
        id: build
        uses: docker/build-push-action@v6
        with:
          platforms: ${{ matrix.platform }}
          cache-from: type=local,src=/tmp/build-cache
          build-args: OFFICIAL_IMAGE=${{ env.OFFICIAL_IMAGE }}
          outputs: type=image,name=quay.io/netdata/netdata,push-by-digest=true,name-canonical=true,push=true
      - name: Export Digest
        id: export-digest
        if: github.repository == 'netdata/netdata'
        run: |
          mkdir -p /tmp/digests
          digest="${{ steps.build.outputs.digest }}"
          touch "/tmp/digests/${digest#sha256:}"
      - name: Upload digest
        id: upload-digest
        if: github.repository == 'netdata/netdata'
        uses: actions/upload-artifact@v4.4.2
        with:
          name: quay-digests-${{ steps.artifact-name.outputs.platform }}
          path: /tmp/digests/*
          if-no-files-found: error
          retention-days: 1
      - name: Failure Notification
        uses: rtCamp/action-slack-notify@v2
        env:
          SLACK_COLOR: 'danger'
          SLACK_FOOTER: ''
          SLACK_ICON_EMOJI: ':github-actions:'
          SLACK_TITLE: 'Quay.io upload failed:'
          SLACK_USERNAME: 'GitHub Actions'
          SLACK_MESSAGE: |-
              ${{ github.repository }}: Creating or uploading Docker image for ${{ matrix.platform }} on Quay.io failed.
              Checkout: ${{ steps.checkout.outcome }}
              Determine artifact name: ${{ steps.artifact-name.outcome }}
              Fetch build cache: ${{ steps.fetch-cache.outcome }}
              Setup environment: ${{ steps.env.outcome }}
              Setup QEMU: ${{ steps.qemu.outcome }}
              Setup buildx: ${{ steps.prepare.outcome }}
              Login to registry: ${{ steps.login.outcome }}
              Build image: ${{ steps.build.outcome }}
              Export digest: ${{ steps.export-digest.outcome }}
              Upload digest: ${{ steps.upload-digest.outcome }}
          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
        if: >-
          ${{
            failure()
            && github.repository == 'netdata/netdata'
          }}

  publish-quay:
    name: Consolidate and tag images for Quay.io
    if: github.event_name == 'workflow_dispatch'
    needs:
      - build-images-quay
      - gen-tags
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        id: checkout
        uses: actions/checkout@v4
      - name: Download digests
        id: fetch-digests
        uses: actions/download-artifact@v4
        with:
          path: /tmp/digests
          pattern: quay-digests-*
          merge-multiple: true
      - name: Setup Buildx
        id: prepare
        uses: docker/setup-buildx-action@v3
      - name: Registry Login
        id: login
        if: github.repository == 'netdata/netdata'
        uses: docker/login-action@v3
        with:
          registry: quay.io
          username: ${{ secrets.NETDATABOT_QUAY_USERNAME }}
          password: ${{ secrets.NETDATABOT_QUAY_TOKEN }}
      - name: Create and Push Manifest
        id: manifest
        if: github.repository == 'netdata/netdata'
        run: docker buildx imagetools create $(.github/scripts/gen-docker-imagetool-args.py /tmp/digests 'quay.io' "${{ needs.gen-tags.outputs.tags }}")
      - name: Failure Notification
        uses: rtCamp/action-slack-notify@v2
        env:
          SLACK_COLOR: 'danger'
          SLACK_FOOTER: ''
          SLACK_ICON_EMOJI: ':github-actions:'
          SLACK_TITLE: 'Publishing Docker images on Quay.io failed:'
          SLACK_USERNAME: 'GitHub Actions'
          SLACK_MESSAGE: |-
              ${{ github.repository }}: Publishing Docker images on Quay.io failed.
              Checkout: ${{ steps.checkout.outcome }}
              Download digests: ${{ steps.fetch-digests.outcome }}
              Setup buildx: ${{ steps.prepare.outcome }}
              Login to registry: ${{ steps.login.outcome }}
              Create and push manifest: ${{ steps.manifest.outcome }}
          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
        if: >-
          ${{
            failure()
            && github.repository == 'netdata/netdata'
          }}

  build-images-ghcr:
    name: Push Images to GHCR
    if: github.event_name == 'workflow_dispatch'
    needs:
      - build-images
      - gen-tags
    strategy:
      matrix:
        platform:
          - linux/amd64
          - linux/i386
          - linux/arm/v7
          - linux/arm64
          - linux/ppc64le
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        id: checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          submodules: recursive
      - name: Generate Artifact Name
        id: artifact-name
        run: echo "platform=$(echo ${{ matrix.platform }} | tr '/' '-' | cut -f 2- -d '-')" >> "${GITHUB_OUTPUT}"
      - name: Download Cache
        id: fetch-cache
        uses: actions/download-artifact@v4
        with:
          name: cache-${{ steps.artifact-name.outputs.platform }}
          path: /tmp/build-cache
      - name: Mark image as official
        id: env
        if: github.repository == 'netdata/netdata'
        run: echo "OFFICIAL_IMAGE=true" >> "${GITHUB_ENV}"
      - name: Setup QEMU
        id: qemu
        if: matrix.platform != 'linux/i386' && matrix.platform != 'linux/amd64'
        uses: docker/setup-qemu-action@v3
      - name: Setup Buildx
        id: prepare
        uses: docker/setup-buildx-action@v3
      - name: Registry Login
        id: login
        if: github.repository == 'netdata/netdata'
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Build Image
        id: build
        uses: docker/build-push-action@v6
        with:
          platforms: ${{ matrix.platform }}
          cache-from: type=local,src=/tmp/build-cache
          build-args: OFFICIAL_IMAGE=${{ env.OFFICIAL_IMAGE }}
          outputs: type=image,name=ghcr.io/netdata/netdata,push-by-digest=true,name-canonical=true,push=true
      - name: Export Digest
        id: export-digest
        if: github.repository == 'netdata/netdata'
        run: |
          mkdir -p /tmp/digests
          digest="${{ steps.build.outputs.digest }}"
          touch "/tmp/digests/${digest#sha256:}"
      - name: Upload digest
        id: upload-digest
        if: github.repository == 'netdata/netdata'
        uses: actions/upload-artifact@v4.4.2
        with:
          name: ghcr-digests-${{ steps.artifact-name.outputs.platform }}
          path: /tmp/digests/*
          if-no-files-found: error
          retention-days: 1
      - name: Failure Notification
        uses: rtCamp/action-slack-notify@v2
        env:
          SLACK_COLOR: 'danger'
          SLACK_FOOTER: ''
          SLACK_ICON_EMOJI: ':github-actions:'
          SLACK_TITLE: 'GHCR upload failed:'
          SLACK_USERNAME: 'GitHub Actions'
          SLACK_MESSAGE: |-
              ${{ github.repository }}: Creating or uploading Docker image for ${{ matrix.platform }} on GHCR failed.
              Checkout: ${{ steps.checkout.outcome }}
              Determine artifact name: ${{ steps.artifact-name.outcome }}
              Fetch build cache: ${{ steps.fetch-cache.outcome }}
              Setup environment: ${{ steps.env.outcome }}
              Setup QEMU: ${{ steps.qemu.outcome }}
              Setup buildx: ${{ steps.prepare.outcome }}
              Login to registry: ${{ steps.login.outcome }}
              Build image: ${{ steps.build.outcome }}
              Export digest: ${{ steps.export-digest.outcome }}
              Upload digest: ${{ steps.upload-digest.outcome }}
          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
        if: >-
          ${{
            failure()
            && github.repository == 'netdata/netdata'
          }}

  publish-ghcr:
    name: Consolidate and tag images for GHCR
    if: github.event_name == 'workflow_dispatch'
    needs:
      - build-images-ghcr
      - gen-tags
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        id: checkout
        uses: actions/checkout@v4
      - name: Download digests
        id: fetch-digests
        uses: actions/download-artifact@v4
        with:
          path: /tmp/digests
          pattern: ghcr-digests-*
          merge-multiple: true
      - name: Setup Buildx
        id: prepare
        uses: docker/setup-buildx-action@v3
      - name: Registry Login
        id: login
        if: github.repository == 'netdata/netdata'
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Create and Push Manifest
        id: manifest
        if: github.repository == 'netdata/netdata'
        run: docker buildx imagetools create $(.github/scripts/gen-docker-imagetool-args.py /tmp/digests 'ghcr.io' "${{ needs.gen-tags.outputs.tags }}")
      - name: Failure Notification
        uses: rtCamp/action-slack-notify@v2
        env:
          SLACK_COLOR: 'danger'
          SLACK_FOOTER: ''
          SLACK_ICON_EMOJI: ':github-actions:'
          SLACK_TITLE: 'Publishing Docker images on GHCR failed:'
          SLACK_USERNAME: 'GitHub Actions'
          SLACK_MESSAGE: |-
              ${{ github.repository }}: Publishing Docker images on GHCR failed.
              Checkout: ${{ steps.checkout.outcome }}
              Download digests: ${{ steps.fetch-digests.outcome }}
              Setup buildx: ${{ steps.prepare.outcome }}
              Login to registry: ${{ steps.login.outcome }}
              Create and push manifest: ${{ steps.manifest.outcome }}
          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
        if: >-
          ${{
            failure()
            && github.repository == 'netdata/netdata'
          }}

  trigger-subsequent-workflows:
    if: github.event_name == 'workflow_dispatch'
    name: Trigger subsquent workflows for newly added versions
    needs:
      - publish-docker-hub
      - gen-tags
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        id: checkout
        uses: actions/checkout@v4
        with:
          submodules: recursive
      - name: Trigger Helmchart PR
        if: github.event_name == 'workflow_dispatch' && github.event.inputs.version != 'nightly' && github.repository == 'netdata/netdata'
        id: trigger-helmchart
        uses: benc-uk/workflow-dispatch@v1
        with:
          token: ${{ secrets.NETDATABOT_GITHUB_TOKEN }}
          repo: netdata/helmchart
          workflow: Agent Version PR
          ref: refs/heads/master
          inputs: '{"agent_version": "v${{ inputs.version }}"}'
      - name: Trigger MSI build
        if: github.event_name == 'workflow_dispatch' && github.event.inputs.version != 'nightly' && github.repository == 'netdata/netdata'
        id: trigger-msi
        uses: benc-uk/workflow-dispatch@v1
        with:
          token: ${{ secrets.NETDATABOT_GITHUB_TOKEN }}
          repo: netdata/msi-installer
          workflow: Build
          ref: refs/heads/master
          inputs: '{"tag": "stable", "pwd": "${{ secrets.MSI_CODE_SIGNING_PASSWORD }}"}'
      - name: Failure Notification
        uses: rtCamp/action-slack-notify@v2
        env:
          SLACK_COLOR: 'danger'
          SLACK_FOOTER: ''
          SLACK_ICON_EMOJI: ':github-actions:'
          SLACK_TITLE: ':'
          SLACK_USERNAME: 'GitHub Actions'
          SLACK_MESSAGE: |-
              ${{ github.repository }}: Version cascade failed
              Checkout: ${{ steps.checkout.outcome }}
              Trigger Helmchart PR: ${{ steps.trigger-helmchart.outcome }}
              Trigger MSI build: ${{ steps.trigger-msi.outcome }}
          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
        if: >-
          ${{
            failure()
            && github.event_name != 'pull_request'
            && startsWith(github.ref, 'refs/heads/master')
            && github.repository == 'netdata/netdata'
          }}