Skip to content

Docker

Docker #671

Workflow file for this run

name: Docker
on:
push:
branches:
- 'main'
- 'feature/**'
tags:
- 'v*.*.*'
schedule:
- cron: '0 06 * * *'
jobs:
docker:
name: Docker
runs-on: ubuntu-latest
permissions:
# id-token is used by cosign's OIDC based signing
# https://blog.chainguard.dev/zero-friction-keyless-signing-with-github-actions/
id-token: 'write'
strategy:
matrix:
type: ["scratch", "alpine"]
env:
DOCKERHUB_USERNAME: "sudobmitch"
GHCR_USERNAME: "sudo-bmitch"
steps:
- name: Prepare
id: prep
run: |
EXT=""
if [ "${{ matrix.type }}" != "scratch" ]; then
EXT="-${{ matrix.type }}"
fi
HUB_IMAGE=sudobmitch/version-bump
GHCR_IMAGE=ghcr.io/sudo-bmitch/version-bump
VERSION=noop
if [ "${{ github.event_name }}" = "schedule" ]; then
VERSION=edge
elif [[ $GITHUB_REF == refs/tags/* ]]; then
VERSION="${GITHUB_REF#refs/tags/}"
elif [[ $GITHUB_REF == refs/heads/* ]]; then
VERSION="${GITHUB_REF#refs/heads/}"
if [ "${{ github.event.repository.default_branch }}" = "$VERSION" ]; then
VERSION=edge
fi
elif [[ $GITHUB_REF == refs/pull/* ]]; then
VERSION="pr-${{ github.event.number }}"
fi
VERSION="$(echo "${VERSION}" | sed -r 's#/+#-#g')"
TAGS="${HUB_IMAGE}:${VERSION}${EXT},${GHCR_IMAGE}:${VERSION}${EXT}"
if [[ $VERSION =~ ^v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
MINOR="${VERSION%.*}"
MAJOR="${MINOR%.*}"
TAGS="${TAGS},${HUB_IMAGE}:${MINOR}${EXT},${HUB_IMAGE}:${MAJOR}${EXT}"
TAGS="${TAGS},${GHCR_IMAGE}:${MINOR}${EXT},${GHCR_IMAGE}:${MAJOR}${EXT}"
if [ "${{ matrix.type }}" == "scratch" ]; then
TAGS="${TAGS},${HUB_IMAGE}:latest"
TAGS="${TAGS},${GHCR_IMAGE}:latest"
else
TAGS="${TAGS},${HUB_IMAGE}:${{ matrix.type }}"
TAGS="${TAGS},${GHCR_IMAGE}:${{ matrix.type }}"
fi
fi
echo "version=${VERSION}" >>$GITHUB_OUTPUT
echo "image_hub=${HUB_IMAGE}" >>$GITHUB_OUTPUT
echo "image_ghcr=${GHCR_IMAGE}" >>$GITHUB_OUTPUT
echo "tags=${TAGS}" >>$GITHUB_OUTPUT
echo "created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >>$GITHUB_OUTPUT
- name: Check out code
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
- name: Install cosign
uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
- name: Login to DockerHub
if: github.repository_owner == 'sudo-bmitch'
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
username: ${{ env.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GHCR
if: github.repository_owner == 'sudo-bmitch'
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ env.GHCR_USERNAME }}
password: ${{ secrets.GHCR_TOKEN }}
- name: Build and push
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
id: build
with:
context: .
file: ./Dockerfile.buildkit
platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
push: ${{ github.event_name != 'pull_request' && github.repository_owner == 'sudo-bmitch' }}
target: release-${{ matrix.type }}
tags: ${{ steps.prep.outputs.tags }}
labels: |
org.opencontainers.image.created=${{ steps.prep.outputs.created }}
org.opencontainers.image.source=${{ github.repositoryUrl }}
org.opencontainers.image.version=${{ steps.prep.outputs.version }}
org.opencontainers.image.revision=${{ github.sha }}