Docker #163
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Docker | |
on: | |
push: | |
branches: | |
- 'main' | |
- 'feature/**' | |
tags: | |
- 'v*.*.*' | |
schedule: | |
- cron: '0 06 * * *' | |
jobs: | |
docker: | |
name: Docker | |
runs-on: ubuntu-latest | |
permissions: | |
# id-token is used by cosign's OIDC based signing | |
# https://blog.chainguard.dev/zero-friction-keyless-signing-with-github-actions/ | |
id-token: 'write' | |
strategy: | |
matrix: | |
type: ["scratch", "alpine"] | |
env: | |
DOCKERHUB_USERNAME: "sudobmitch" | |
GHCR_USERNAME: "sudo-bmitch" | |
steps: | |
- name: Prepare | |
id: prep | |
run: | | |
EXT="" | |
if [ "${{ matrix.type }}" != "scratch" ]; then | |
EXT="-${{ matrix.type }}" | |
fi | |
HUB_IMAGE=sudobmitch/version-bump | |
GHCR_IMAGE=ghcr.io/sudo-bmitch/version-bump | |
VERSION=noop | |
if [ "${{ github.event_name }}" = "schedule" ]; then | |
VERSION=edge | |
elif [[ $GITHUB_REF == refs/tags/* ]]; then | |
VERSION="${GITHUB_REF#refs/tags/}" | |
elif [[ $GITHUB_REF == refs/heads/* ]]; then | |
VERSION="${GITHUB_REF#refs/heads/}" | |
if [ "${{ github.event.repository.default_branch }}" = "$VERSION" ]; then | |
VERSION=edge | |
fi | |
elif [[ $GITHUB_REF == refs/pull/* ]]; then | |
VERSION="pr-${{ github.event.number }}" | |
fi | |
VERSION="$(echo "${VERSION}" | sed -r 's#/+#-#g')" | |
TAGS="${HUB_IMAGE}:${VERSION}${EXT},${GHCR_IMAGE}:${VERSION}${EXT}" | |
if [[ $VERSION =~ ^v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then | |
MINOR="${VERSION%.*}" | |
MAJOR="${MINOR%.*}" | |
TAGS="${TAGS},${HUB_IMAGE}:${MINOR}${EXT},${HUB_IMAGE}:${MAJOR}${EXT}" | |
TAGS="${TAGS},${GHCR_IMAGE}:${MINOR}${EXT},${GHCR_IMAGE}:${MAJOR}${EXT}" | |
if [ "${{ matrix.type }}" == "scratch" ]; then | |
TAGS="${TAGS},${HUB_IMAGE}:latest" | |
TAGS="${TAGS},${GHCR_IMAGE}:latest" | |
else | |
TAGS="${TAGS},${HUB_IMAGE}:${{ matrix.type }}" | |
TAGS="${TAGS},${GHCR_IMAGE}:${{ matrix.type }}" | |
fi | |
fi | |
echo "version=${VERSION}" >>$GITHUB_OUTPUT | |
echo "cache=${GHCR_IMAGE}:buildcache${EXT}" >>$GITHUB_OUTPUT | |
echo "image_hub=${HUB_IMAGE}" >>$GITHUB_OUTPUT | |
echo "image_ghcr=${GHCR_IMAGE}" >>$GITHUB_OUTPUT | |
echo "tags=${TAGS}" >>$GITHUB_OUTPUT | |
echo "created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >>$GITHUB_OUTPUT | |
- name: Check out code | |
uses: actions/checkout@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Install cosign | |
uses: sigstore/cosign-installer@main | |
- name: Login to DockerHub | |
if: github.repository_owner == 'sudo-bmitch' | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ env.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Login to GHCR | |
if: github.repository_owner == 'sudo-bmitch' | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ env.GHCR_USERNAME }} | |
password: ${{ secrets.GHCR_TOKEN }} | |
- name: Build and push | |
uses: docker/build-push-action@v4 | |
id: build | |
with: | |
context: . | |
file: ./Dockerfile.buildkit | |
platforms: linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x | |
push: ${{ github.event_name != 'pull_request' && github.repository_owner == 'sudo-bmitch' }} | |
target: release-${{ matrix.type }} | |
tags: ${{ steps.prep.outputs.tags }} | |
cache-from: type=registry,ref=${{ steps.prep.outputs.cache }} | |
cache-to: ${{ github.repository_owner == 'sudo-bmitch' && format('type=registry,ref={0},mode=max', steps.prep.outputs.cache) || 'type=inline'}} | |
labels: | | |
org.opencontainers.image.created=${{ steps.prep.outputs.created }} | |
org.opencontainers.image.source=${{ github.repositoryUrl }} | |
org.opencontainers.image.version=${{ steps.prep.outputs.version }} | |
org.opencontainers.image.revision=${{ github.sha }} |