Fix CI runs to still safely build docker containers, just don't push …

…them.

.github/CODEOWNERS

@@ -0,0 +1 @@
+/.github/ @unisoncomputing/share

.github/workflows/ci.yaml

@@ -32,20 +32,20 @@ jobs:
           submodules: false
       - name: Get changed files
         id: changed-files
-        uses: tj-actions/changed-files@v41
+        uses: tj-actions/changed-files@0874344d6ebbaa00a27da73276ae7162fadcaf69 # v44.3.0
         with:
           # globs copied from default settings for run-ormolu
           files: |
             **/*.hs
             **/*.hs-boot
           separator: "\n"
-      - uses: haskell-actions/run-ormolu@v15
+      - uses: haskell-actions/run-ormolu@15b0083a0ef416915994fb511652b187f6026a40 # v15.0.0
         with:
           version: ${{ env.ormolu_version }}
           mode: inplace
           pattern: ${{ steps.changed-files.outputs.all_changed_files }}
       - name: apply formatting changes
-        uses: stefanzweifel/git-auto-commit-action@v5
+        uses: stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842 # v5.0.1
         # Only try to commit formatting changes if we're running within the repo containing the PR,
         # and not on a protected branch.
         # The job doesn't have permission to push back to contributor forks on contributor PRs.
@@ -81,7 +81,7 @@ jobs:
             ${{ (env.is_published_build && '--ghc-options -O2') || '--fast' }}
 
       - name: Save exes for docker build
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: share-api-exe
           path: ${{env.share_local_bin}}
@@ -96,7 +96,6 @@ jobs:
 
   # A separate job for docker build because it requires elevated github token permissions.
   docker-build:
-    if: ${{ github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/staging') }}
     env:
       container_registry: ghcr.io
       docker_image_name: ${{ github.repository }}
@@ -119,15 +118,15 @@ jobs:
           submodules: false
 
       # Downloads the artifact that contains the share-api-exe from the previous job.
-      - uses: actions/download-artifact@v2
+      - uses: actions/download-artifact@v4
         with:
           name: share-api-exe
           path: ./docker/tmp/
 
       # Configure Docker's builder,
       # This seems necessary to support docker cache layers.
       - name: Setup Docker buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
 
 
       # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
@@ -156,7 +155,7 @@ jobs:
       # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.
       - name: Build and push Docker image
         id: push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
         with:
           context: ./docker/
           push: ${{ env.is_published_build }}
@@ -171,15 +170,15 @@ jobs:
           outputs: type=docker,dest=/tmp/share-docker-image.tar # export docker image
 
       - name: Save docker image for transcript tests
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: share-docker-image
           path: /tmp/share-docker-image.tar
 
       # NOTE: disabled until repo goes public
       # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see "[AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)."
       # - name: Generate artifact attestation
-      #   uses: actions/attest-build-provenance@v1
+      #   uses: actions/attest-build-provenance@v1.1.0
       #   with:
       #     subject-name: ${{ env.container_registry }}/${{ env.docker_image_name}}
       #     subject-digest: ${{ steps.push.outputs.digest }}
@@ -207,19 +206,19 @@ jobs:
       # Configure Docker's builder,
       # This seems necessary to support docker cache layers.
       - name: Setup Docker buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
 
       - name: Download artifact
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@v4
         with:
           name: share-docker-image
           path: /tmp
 
       # Load this before using docker and it'll cache images we use in the docker-compose
-      - name: Cache Docker images.
-        uses: ScribeMD/docker-cache@0.5.0
-        with:
-          key: docker-${{ runner.os }} }}
+      # - name: Cache Docker images.
+      #   uses: ScribeMD/docker-cache@fb28c93772363301b8d0a6072ce850224b73f74e # v0.5.0
+      #   with:
+      #     key: docker-${{ runner.os }} }}
 
       - name: Load image from last step
         run: |
@@ -229,6 +228,15 @@ jobs:
           docker tag ghcr.io/unisoncomputing/share-api:sha-${{ github.sha }} share-api
           docker image ls -a
 
+      # Pull, build, and cache all dependencies in the docker-compose file for testing.
+      # This should automatically use the github actions cache
+      - name: Build and push
+        uses: docker/bake-action@7a5dfed3550ca014665af2a27af8fc9d7284b9b3 # v4.5.0
+        with:
+          files: ./docker/docker-compose.yml
+          # Build context:
+          source: ./docker 
+
       - name: Run transcript tests
         # If it takes longer than this, it's probably stalled out.
         timeout-minutes: 10

docker/Dockerfile

@@ -9,7 +9,7 @@ ENV LANG=C.UTF-8
 COPY share-entrypoint.sh /usr/local/bin/share-entrypoint
 RUN chmod 555 /usr/local/bin/share-entrypoint
 
-COPY tmp/share-exe /usr/local/bin/share
+COPY tmp/share-api /usr/local/bin/share
 RUN chmod 555 /usr/local/bin/share
 
 ENTRYPOINT /usr/local/bin/share-entrypoint