ci: add container size difference as PR comment (#328)

* ci: switch to more compliant pr title validator

* ci: add container size diff to PR

* ci: update path to script

* ci: use correct output key

* ci: fix access to script from composite action

* ci: try and fix multi-line output

* ci: move container size diff to build-push workflow

* ci: try fix markdown formatting

* ci: try to fix formatting

* ci: formatting

* ci: test another way of escaping newlines

* ci: suppress bash word splitting on input

* ci: will this work?

.github/container-size-diff/action.yml

@@ -0,0 +1,34 @@
+---
+name: "Container Size Diff"
+description: "Creates a Markdown summary of the size differences between two containers"
+
+inputs:
+  from-container:
+    description: "Baseline container image for size comparison"
+    required: true
+  to-container:
+    description: "Container image to be compared to the baseline"
+    required: true
+
+outputs:
+  size-diff-markdown:
+    description: "Markdown formatted output of container size comparison"
+    value: ${{ steps.size-diff.outputs.markdown }}
+
+runs:
+  using: "composite"
+  steps:
+    - run: echo "$GITHUB_ACTION_PATH" >> $GITHUB_PATH
+      shell: bash
+      env:
+        GITHUB_ACTION_PATH: ${{ github.action_path }}
+    - run: |
+        EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
+        echo "markdown<<${EOF}" >> "${GITHUB_OUTPUT}"
+        echo "$(container-size-diff.sh ${INPUT_FROM_CONTAINER} ${INPUT_TO_CONTAINER})" >> "${GITHUB_OUTPUT}"
+        echo "${EOF}" >> "${GITHUB_OUTPUT}"
+      id: size-diff
+      shell: bash
+      env:
+        INPUT_FROM_CONTAINER: ${{ inputs.from-container }}
+        INPUT_TO_CONTAINER: ${{ inputs.to-container }}

.github/container-size-diff/container-size-diff.sh

@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+
+FROM_CONTAINER=${1:?}
+TO_CONTAINER=${2:?}
+
+get_sizes_from_manifest() {
+    local CONTAINER=${1:?}
+    declare -Ag ${2:?}
+    local -n SIZE_MAP=${2}
+
+    for MANIFEST in $(docker manifest inspect -v ${CONTAINER} | jq -c 'if type == "array" then .[] else . end' | jq -r '[ ( .Descriptor.platform | [ .os, .architecture, .variant, ."os.version" ] | del(..|nulls) | join("/") ), ( [ .OCIManifest.layers[].size ] | add ) ] | join(":")');
+    do
+        PLATFORM="${MANIFEST%%:*}"
+        SIZE="${MANIFEST#*:}"
+
+        if [[ ${PLATFORM} != "unknown/unknown" ]];
+        then
+            SIZE_MAP[${PLATFORM}]=${SIZE}
+        fi
+    done
+}
+
+get_sizes_from_manifest ${FROM_CONTAINER} FROM_CONTAINER_SIZES
+get_sizes_from_manifest ${TO_CONTAINER} TO_CONTAINER_SIZES
+
+echo "## Compressed layer size comparison"
+echo
+echo "Comparing ${FROM_CONTAINER} to ${TO_CONTAINER}"
+echo
+echo "| OS/Platform | Previous Size | Current Size | Delta |"
+echo "|-------------|---------------|--------------|-------|"
+for PLATFORM in "${!FROM_CONTAINER_SIZES[@]}";
+do
+    BASE_SIZE=${FROM_CONTAINER_SIZES[${PLATFORM}]}
+    HEAD_SIZE=${TO_CONTAINER_SIZES[${PLATFORM}]}
+
+    echo "| ${PLATFORM} | $(numfmt --to iec --format '%.2f' ${BASE_SIZE}) | $(numfmt --to iec --format '%.2f' ${HEAD_SIZE}) | $(numfmt --to iec --format '%.2f' -- $((${HEAD_SIZE} - ${BASE_SIZE}))) $(python -c "print('({:+0.2f}%)'.format(((${HEAD_SIZE} - ${BASE_SIZE}) / ${BASE_SIZE}) * 100))") |";
+done

.github/workflows/build-push.yml

@@ -103,6 +103,16 @@ jobs:
           sbom: true
           provenance: true
           cache-from: type=gha
+      - uses: ./.github/container-size-diff
+        id: container-size-diff
+        with:
+          from-container: ${{ env.REGISTRY }}/${{ github.repository }}:latest
+          to-container: ${{ env.REGISTRY }}/${{ github.repository }}@${{ steps.build-and-push-base.outputs.digest }}
+      - uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0
+        with:
+          header: container-size-diff
+          message: |
+            ${{ steps.container-size-diff.outputs.size-diff-markdown }}
       - uses: anchore/sbom-action@b6a39da80722a2cb0ef5d197531764a89b5d48c3 # v0.15.8
         if: steps.build-and-push-base.outputs.digest != '' && github.event_name != 'merge_group'
         with:

.github/workflows/ossf-scorecard.yml

@@ -1,5 +1,5 @@
 ---
-name: Supply-chain security
+name: Supply-chain Security
 
 on:
   workflow_dispatch:

.github/workflows/pr-conventional-title.yml

@@ -1,5 +1,5 @@
 ---
-name: Pull request Conventional Title
+name: Pull Request Conventional Title
 
 on:
   pull_request: