Merge pull request #10 from ApplauseOSS/ci/fix-docker-publish #36
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Builds checks | |
on: | |
push: | |
branches: | |
- master | |
tags: ['v*.*.*'] | |
env: | |
IMAGE_NAME: applause/strongdm-gateway | |
jobs: | |
build-amd64: | |
runs-on: ubuntu-22.04 | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: docker/setup-qemu-action@v2 | |
# TEMP workaround | |
# https://github.com/actions-runner-controller/actions-runner-controller/issues/893 | |
- name: Create context | |
run: docker context create builders | |
- uses: docker/setup-buildx-action@v2 | |
with: | |
endpoint: builders | |
- name: Login to Docker Hub | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
password: ${{ secrets.DOCKER_HUB_PASSWORD }} | |
- uses: actions/cache@v3 | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-${{ runner.arch }}-buildx-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-${{ runner.arch }}-buildx- | |
- id: meta | |
uses: docker/metadata-action@v4 | |
with: | |
images: | | |
${{ env.IMAGE_NAME }} | |
flavor: | | |
latest=false | |
suffix=-amd64 | |
tags: | | |
# Only version, no revision | |
type=match,pattern=v(.*)-(.*),group=1 | |
# Semantic versioning from our tags | |
type=semver,pattern={{version}} | |
# branch | |
type=ref,event=branch | |
# semver | |
type=semver,pattern={{version}} | |
- name: push | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
push: true | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max | |
platforms: linux/amd64 | |
# These are needed to prevent the creation of a manifest list | |
provenance: false | |
sbom: false | |
# TEMP fix | |
# https://github.com/docker/build-push-action/issues/252 | |
# https://github.com/moby/buildkit/issues/1896 | |
- name: cache | |
run: | | |
rm -rf /tmp/.buildx-cache | |
mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
build-arm64: | |
runs-on: ubuntu-22.04 | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: docker/setup-qemu-action@v2 | |
# TEMP workaround | |
# https://github.com/actions-runner-controller/actions-runner-controller/issues/893 | |
- name: Create context | |
run: docker context create builders | |
- uses: docker/setup-buildx-action@v2 | |
with: | |
endpoint: builders | |
- name: Login to Docker Hub | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
password: ${{ secrets.DOCKER_HUB_PASSWORD }} | |
- uses: actions/cache@v3 | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-${{ runner.arch }}-buildx-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-${{ runner.arch }}-buildx- | |
- id: meta | |
uses: docker/metadata-action@v4 | |
with: | |
images: | | |
${{ env.IMAGE_NAME }} | |
flavor: | | |
latest=false | |
suffix=-arm64v8 | |
tags: | | |
# Only version, no revision | |
type=match,pattern=v(.*)-(.*),group=1 | |
# Semantic versioning from our tags | |
type=semver,pattern={{version}} | |
# branch | |
type=ref,event=branch | |
# semver | |
type=semver,pattern={{version}} | |
- name: push | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
push: true | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max | |
platforms: linux/arm64 | |
# These are needed to prevent the creation of a manifest list | |
provenance: false | |
sbom: false | |
# TEMP fix | |
# https://github.com/docker/build-push-action/issues/252 | |
# https://github.com/moby/buildkit/issues/1896 | |
- name: cache | |
run: | | |
rm -rf /tmp/.buildx-cache | |
mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
multi-arch-manifest: | |
runs-on: ubuntu-22.04 | |
needs: [build-amd64, build-arm64] | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: docker/setup-qemu-action@v2 | |
# TEMP workaround | |
# https://github.com/actions-runner-controller/actions-runner-controller/issues/893 | |
- name: Create context | |
run: docker context create builders | |
- uses: docker/setup-buildx-action@v2 | |
with: | |
endpoint: builders | |
- name: Login to Docker Hub | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
password: ${{ secrets.DOCKER_HUB_PASSWORD }} | |
- id: meta-dockerhub | |
name: Metadata - Docker Hub | |
uses: docker/metadata-action@v4 | |
with: | |
images: ${{ env.IMAGE_NAME }} | |
flavor: | | |
latest=false | |
tags: | | |
# branch | |
type=ref,event=branch | |
# semver | |
type=semver,pattern={{version}} | |
- id: meta-dockerhub-tag | |
name: Metadata - Docker Hub (Tags) | |
uses: docker/metadata-action@v4 | |
with: | |
images: | | |
${{ env.IMAGE_NAME }} | |
flavor: | | |
latest=false | |
tags: | | |
# Only version, no revision | |
type=match,pattern=v(.*)-(.*),group=1 | |
# Semantic versioning from our tags | |
type=semver,pattern={{version}} | |
# Manifest for either branch or semver | |
- name: manifest-dockerhub | |
run: docker manifest create ${{ steps.meta-dockerhub.outputs.tags }} --amend ${{ steps.meta-dockerhub.outputs.tags }}-amd64 --amend ${{ steps.meta-dockerhub.outputs.tags }}-arm64v8 | |
# Optional manifest for latest | |
- name: manifest-dockerhub-latest | |
run: docker manifest create ${{ env.IMAGE_NAME }}:latest --amend ${{ steps.meta-dockerhub.outputs.tags }}-amd64 --amend ${{ steps.meta-dockerhub.outputs.tags }}-arm64v8 | |
if: startsWith(github.ref, 'refs/tags/') | |
# Optional manifest for tag versions (includes revisions) | |
- name: manifest-dockerhub-tags | |
run: docker manifest create ${{ steps.meta-dockerhub-tag.outputs.tags }} --amend ${{ steps.meta-dockerhub-tag.outputs.tags }}-amd64 --amend ${{ steps.meta-dockerhub-tag.outputs.tags }}-arm64v8 | |
if: startsWith(github.ref, 'refs/tags/') | |
# Push various manifests | |
- name: push-dockerhub | |
run: docker manifest push ${{ steps.meta-dockerhub.outputs.tags }} | |
- name: push-dockerhub-latest | |
run: docker manifest push ${{ env.IMAGE_NAME }}:latest | |
if: startsWith(github.ref, 'refs/tags/') | |
- name: push-dockerhub-tags | |
run: docker manifest push ${{ steps.meta-dockerhub-tag.outputs.tags }} | |
if: startsWith(github.ref, 'refs/tags/') | |
# Update Docker Hub from README | |
- name: Docker Hub Description | |
uses: peter-evans/dockerhub-description@v3 | |
with: | |
username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
password: ${{ secrets.DOCKER_HUB_PASSWORD }} | |
repository: ${{ env.IMAGE_NAME }} | |
readme-filepath: ./README.md | |
short-description: "A container image which will automatically register itself as a strongDM gateway." | |
github-release: | |
runs-on: ubuntu-22.04 | |
needs: [multi-arch-manifest] | |
steps: | |
- run: "echo \"RELEASE_TAG=${GITHUB_REF#refs/tags/}\" >> $GITHUB_ENV" | |
- uses: actions/github-script@v5 | |
if: startsWith(github.ref, 'refs/tags/') | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
script: | | |
try { | |
await github.rest.repos.createRelease({ | |
draft: false, | |
generate_release_notes: true, | |
name: process.env.RELEASE_TAG, | |
owner: context.repo.owner, | |
prerelease: false, | |
repo: context.repo.repo, | |
tag_name: process.env.RELEASE_TAG, | |
}); | |
} catch (error) { | |
core.setFailed(error.message); | |
} |