Merge pull request #82 from kozakura913/main #325
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker | |
| # This workflow uses actions that are not certified by GitHub. | |
| # They are provided by a third-party and are governed by | |
| # separate terms of service, privacy policy, and support | |
| # documentation. | |
| on: | |
| schedule: | |
| - cron: '00 15 * * *' | |
| push: | |
| branches: [ "main" ] | |
| # Publish semver tags as releases. | |
| tags: [ 'v*.*.*' ] | |
| pull_request: | |
| branches: [ "main" ] | |
| env: | |
| # Use docker.io for Docker Hub if empty | |
| REGISTRY: ghcr.io | |
| # github.repository as <account>/<repo> | |
| REGISTRY_IMAGE: ghcr.io/${{ github.repository }} | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| # This is used to complete the identity challenge | |
| # with sigstore/fulcio when running outside of PRs. | |
| id-token: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| platform: | |
| - linux/386 | |
| - linux/amd64 | |
| - linux/arm64 | |
| - linux/arm/v6 | |
| - linux/arm/v7 | |
| steps: | |
| - name: Prepare | |
| run: | | |
| platform=${{ matrix.platform }} | |
| echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log into registry ${{ env.REGISTRY }} | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| # Extract metadata (tags, labels) for Docker | |
| # https://github.com/docker/metadata-action | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY_IMAGE }} | |
| - name: CacheMount | |
| uses: actions/cache@v4 | |
| id: cache | |
| with: | |
| path: | | |
| cargo-home | |
| app-target | |
| key: cache-${{ matrix.platform }}-${{ hashFiles('**/Cargo.toml') }} | |
| - name: inject cache into docker | |
| uses: reproducible-containers/[email protected] | |
| with: | |
| cache-map: | | |
| { | |
| "cargo-home": "/var/cache/cargo", | |
| "app-target": "/app/target", | |
| "musl-tools": "/musl", | |
| "dav1d-libs": "/dav1d_bin" | |
| } | |
| skip-extraction: ${{ steps.cache.outputs.cache-hit }} | |
| # Build and push Docker image with Buildx (don't push on PR) | |
| # https://github.com/docker/build-push-action | |
| - name: Build and push Docker image | |
| id: build | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| platforms: ${{ matrix.platform }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=${{ github.event_name != 'pull_request' }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=min | |
| - name: Build and export to Docker | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| platforms: ${{ matrix.platform }} | |
| load: true | |
| tags: ${{ github.repository }}:latest | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=min | |
| - name: Export digest | |
| run: | | |
| mkdir -p /tmp/digests | |
| digest="${{ steps.build.outputs.digest }}" | |
| touch "/tmp/digests/${digest#sha256:}" | |
| - name: Upload digest | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: digests-${{ env.PLATFORM_PAIR }} | |
| path: /tmp/digests/* | |
| if-no-files-found: error | |
| retention-days: 1 | |
| - name: Extract Application | |
| run: | | |
| mkdir /tmp/app/ | |
| chmod o+rwx /tmp/app/ | |
| docker run --rm -t -v /tmp/app:/tmp/app ${{ github.repository }}:latest cp /media-proxy-rs/media-proxy-rs /tmp/app/ | |
| - name: Upload Application | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: media-proxy-rs_${{ env.PLATFORM_PAIR }} | |
| path: /tmp/app/media-proxy-rs | |
| if-no-files-found: error | |
| retention-days: 1 | |
| release: | |
| runs-on: ubuntu-latest | |
| if: ${{ github.event_name != 'pull_request' }} | |
| permissions: | |
| contents: write | |
| id-token: write | |
| needs: | |
| - build | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| platform: | |
| - linux/386 | |
| - linux/amd64 | |
| - linux/arm64 | |
| - linux/arm/v6 | |
| - linux/arm/v7 | |
| steps: | |
| - name: Prepare | |
| run: | | |
| platform=${{ matrix.platform }} | |
| echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV | |
| - name: Download Application | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: /tmp/app | |
| pattern: media-proxy-rs_${{ env.PLATFORM_PAIR }} | |
| merge-multiple: true | |
| - name: gzip Application | |
| working-directory: /tmp/app | |
| run: | | |
| gzip -k media-proxy-rs | |
| - name: Upload release | |
| uses: WebFreak001/[email protected] | |
| with: | |
| upload_url: https://uploads.github.com/repos/${{ github.repository }}/releases/98575220/assets{?name,label} # find out this value by opening https://api.github.com/repos/<owner>/<repo>/releases in your browser and copy the full "upload_url" value including the {?name,label} part | |
| release_id: 98575220 # same as above (id can just be taken out the upload_url, it's used to find old releases) | |
| asset_path: /tmp/app/media-proxy-rs.gz # path to archive to upload | |
| asset_name: media-proxy-rs_${{ env.PLATFORM_PAIR }}.gz # name to upload the release as, use $$ to insert date (YYYYMMDD) and 6 letter commit hash | |
| asset_content_type: application/gzip # required by GitHub API | |
| max_releases: 7 # optional, if there are more releases than this matching the asset_name, the oldest ones are going to be deleted | |
| ignore_hash: true | |
| merge: | |
| runs-on: ubuntu-latest | |
| if: ${{ github.event_name != 'pull_request' }} | |
| permissions: | |
| contents: read | |
| packages: write | |
| # This is used to complete the identity challenge | |
| # with sigstore/fulcio when running outside of PRs. | |
| id-token: write | |
| needs: | |
| - build | |
| steps: | |
| - name: Download digests | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: /tmp/digests | |
| pattern: digests-* | |
| merge-multiple: true | |
| # Install the cosign tool except on PR | |
| # https://github.com/sigstore/cosign-installer | |
| - name: Install cosign | |
| if: github.event_name != 'pull_request' | |
| uses: sigstore/cosign-installer@v3 | |
| with: | |
| cosign-release: 'v2.1.1' | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY_IMAGE }} | |
| - name: Log into registry ${{ env.REGISTRY }} | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Create manifest list and push | |
| working-directory: /tmp/digests | |
| run: | | |
| docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | |
| $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *) | |
| - name: Inspect image | |
| run: | | |
| docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} |