Skip to content

Merge pull request #10 from ApplauseOSS/ci/fix-docker-publish #34

Merge pull request #10 from ApplauseOSS/ci/fix-docker-publish

Merge pull request #10 from ApplauseOSS/ci/fix-docker-publish #34

Workflow file for this run

name: Builds checks
on:
push:
branches:
- master
tags: ['v*.*.*']
env:
IMAGE_NAME: applause/strongdm-gateway
jobs:
build-amd64:
runs-on: ubuntu-22.04
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v3
- uses: docker/setup-qemu-action@v2
# TEMP workaround
# https://github.com/actions-runner-controller/actions-runner-controller/issues/893
- name: Create context
run: docker context create builders
- uses: docker/setup-buildx-action@v2
with:
endpoint: builders
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-${{ runner.arch }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-${{ runner.arch }}-buildx-
- id: meta
uses: docker/metadata-action@v4
with:
images: |
${{ env.IMAGE_NAME }}
flavor: |
latest=false
suffix=-amd64
tags: |
# Only version, no revision
type=match,pattern=v(.*)-(.*),group=1
# Semantic versioning from our tags
type=semver,pattern={{version}}
# branch
type=ref,event=branch
# semver
type=semver,pattern={{version}}
- name: push
uses: docker/build-push-action@v3
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
platforms: linux/amd64
# These are needed to prevent the creation of a manifest list
provenance: false
sbom: false
# TEMP fix
# https://github.com/docker/build-push-action/issues/252
# https://github.com/moby/buildkit/issues/1896
- name: cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
build-arm64:
runs-on: ubuntu-22.04
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v3
- uses: docker/setup-qemu-action@v2
# TEMP workaround
# https://github.com/actions-runner-controller/actions-runner-controller/issues/893
- name: Create context
run: docker context create builders
- uses: docker/setup-buildx-action@v2
with:
endpoint: builders
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-${{ runner.arch }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-${{ runner.arch }}-buildx-
- id: meta
uses: docker/metadata-action@v4
with:
images: |
${{ env.IMAGE_NAME }}
flavor: |
latest=false
suffix=-arm64v8
tags: |
# Only version, no revision
type=match,pattern=v(.*)-(.*),group=1
# Semantic versioning from our tags
type=semver,pattern={{version}}
# branch
type=ref,event=branch
# semver
type=semver,pattern={{version}}
- name: push
uses: docker/build-push-action@v3
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
platforms: linux/arm64
# These are needed to prevent the creation of a manifest list
provenance: false
sbom: false
# TEMP fix
# https://github.com/docker/build-push-action/issues/252
# https://github.com/moby/buildkit/issues/1896
- name: cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
multi-arch-manifest:
runs-on: ubuntu-22.04
needs: [build-amd64, build-arm64]
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v3
- uses: docker/setup-qemu-action@v2
# TEMP workaround
# https://github.com/actions-runner-controller/actions-runner-controller/issues/893
- name: Create context
run: docker context create builders
- uses: docker/setup-buildx-action@v2
with:
endpoint: builders
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- id: meta-dockerhub
name: Metadata - Docker Hub
uses: docker/metadata-action@v4
with:
images: ${{ env.IMAGE_NAME }}
flavor: |
latest=false
tags: |
# branch
type=ref,event=branch
# semver
type=semver,pattern={{version}}
- id: meta-dockerhub-tag
name: Metadata - Docker Hub (Tags)
uses: docker/metadata-action@v4
with:
images: |
${{ env.IMAGE_NAME }}
flavor: |
latest=false
tags: |
# Only version, no revision
type=match,pattern=v(.*)-(.*),group=1
# Semantic versioning from our tags
type=semver,pattern={{version}}
# Manifest for either branch or semver
- name: manifest-dockerhub
run: docker manifest create ${{ steps.meta-dockerhub.outputs.tags }} --amend ${{ steps.meta-dockerhub.outputs.tags }}-amd64 --amend ${{ steps.meta-dockerhub.outputs.tags }}-arm64v8
# Optional manifest for latest
- name: manifest-dockerhub-latest
run: docker manifest create ${{ env.IMAGE_NAME }}:latest --amend ${{ steps.meta-dockerhub.outputs.tags }}-amd64 --amend ${{ steps.meta-dockerhub.outputs.tags }}-arm64v8
if: startsWith(github.ref, 'refs/tags/')
# Optional manifest for tag versions (includes revisions)
- name: manifest-dockerhub-tags
run: docker manifest create ${{ steps.meta-dockerhub-tag.outputs.tags }} --amend ${{ steps.meta-dockerhub-tag.outputs.tags }}-amd64 --amend ${{ steps.meta-dockerhub-tag.outputs.tags }}-arm64v8
if: startsWith(github.ref, 'refs/tags/')
# Push various manifests
- name: push-dockerhub
run: docker manifest push ${{ steps.meta-dockerhub.outputs.tags }}
- name: push-dockerhub-latest
run: docker manifest push ${{ env.IMAGE_NAME }}:latest
if: startsWith(github.ref, 'refs/tags/')
- name: push-dockerhub-tags
run: docker manifest push ${{ steps.meta-dockerhub-tag.outputs.tags }}
if: startsWith(github.ref, 'refs/tags/')
# Update Docker Hub from README
- name: Docker Hub Description
uses: peter-evans/dockerhub-description@v3
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
repository: ${{ env.IMAGE_NAME }}
readme-filepath: ./README.md
short-description: "A container image which will automatically register itself as a strongDM gateway."
github-release:
runs-on: ubuntu-22.04
needs: [multi-arch-manifest]
steps:
- run: "echo \"RELEASE_TAG=${GITHUB_REF#refs/tags/}\" >> $GITHUB_ENV"
- uses: actions/github-script@v5
if: startsWith(github.ref, 'refs/tags/')
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
try {
await github.rest.repos.createRelease({
draft: false,
generate_release_notes: true,
name: process.env.RELEASE_TAG,
owner: context.repo.owner,
prerelease: false,
repo: context.repo.repo,
tag_name: process.env.RELEASE_TAG,
});
} catch (error) {
core.setFailed(error.message);
}