-
Notifications
You must be signed in to change notification settings - Fork 0
129 lines (129 loc) · 5.32 KB
/
docker-push.yml
File metadata and controls
129 lines (129 loc) · 5.32 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
---
name: Docker Push (Manual)
on:
workflow_dispatch:
inputs:
tag:
description: Tag to build and push (e.g., v0.1.0)
required: true
type: string
permissions:
contents: read
packages: write
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
DOCKER_BUILD_SUMMARY: true
DOCKER_BUILD_CHECKS_ANNOTATIONS: true
PYTHON_VERSION: 3.13.11
SHA_PREFIX_LENGTH: 7
VALIDATE_TIMEOUT_MINUTES: 10
BUILD_TIMEOUT_MINUTES: 15
DOCKER_IMAGE_TITLE: Tux
DOCKER_IMAGE_DESCRIPTION: Tux - The all in one discord bot for the All Things Linux
Community
DOCKER_IMAGE_SOURCE: https://github.com/allthingslinux/tux
DOCKER_IMAGE_LICENSE: GPL-3.0
DOCKER_IMAGE_AUTHORS: All Things Linux
DOCKER_IMAGE_VENDOR: All Things Linux
DOCKER_IMAGE_DOCS: https://github.com/allthingslinux/tux/blob/main/README.md
jobs:
build:
name: Build & Push
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
# Required for BuildKit provenance signing (provenance: mode=max) via OIDC
id-token: write
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
ref: refs/tags/${{ inputs.tag }}
- name: Setup Buildx
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
- name: Login to Registry
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract version from tag
id: version
run: |
# Remove 'v' prefix if present (v0.1.0 -> 0.1.0)
VERSION="${INPUT_TAG#v}"
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
# Extract major.minor (0.1.0 -> 0.1)
MAJOR_MINOR=$(echo "$VERSION" | cut -d. -f1,2)
echo "major_minor=$MAJOR_MINOR" >> "$GITHUB_OUTPUT"
echo "Extracted version: $VERSION (major.minor: $MAJOR_MINOR)"
env:
INPUT_TAG: ${{ inputs.tag }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=${{ steps.version.outputs.major_minor }}
type=raw,value=latest
labels: |
org.opencontainers.image.title=${{ env.DOCKER_IMAGE_TITLE }}
org.opencontainers.image.description=${{ env.DOCKER_IMAGE_DESCRIPTION }}
org.opencontainers.image.source=${{ env.DOCKER_IMAGE_SOURCE }}
org.opencontainers.image.licenses=${{ env.DOCKER_IMAGE_LICENSE }}
org.opencontainers.image.authors=${{ env.DOCKER_IMAGE_AUTHORS }}
org.opencontainers.image.vendor=${{ env.DOCKER_IMAGE_VENDOR }}
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.documentation=${{ env.DOCKER_IMAGE_DOCS }}
annotations: |
org.opencontainers.image.title=${{ env.DOCKER_IMAGE_TITLE }}
org.opencontainers.image.description=${{ env.DOCKER_IMAGE_DESCRIPTION }}
org.opencontainers.image.source=${{ env.DOCKER_IMAGE_SOURCE }}
org.opencontainers.image.licenses=${{ env.DOCKER_IMAGE_LICENSE }}
org.opencontainers.image.authors=${{ env.DOCKER_IMAGE_AUTHORS }}
org.opencontainers.image.vendor=${{ env.DOCKER_IMAGE_VENDOR }}
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.documentation=${{ env.DOCKER_IMAGE_DOCS }}
context: workflow
env:
DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
- name: Validate Build Configuration
run: ./.github/scripts/docker.sh validate-build-config "${{ github.sha }}"
- name: Calculate SOURCE_DATE_EPOCH
id: source_date
run: ./.github/scripts/docker.sh calculate-source-date-epoch \ "$(git log
-1 --format=%ci ${{ github.sha }})" \ "${{ github.event.repository.created_at }}"
- name: Generate Build Date
id: build_date
run: echo "date=$(./.github/scripts/docker.sh generate-build-date)" >> "$GITHUB_OUTPUT"
- name: Build and Push
uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6
timeout-minutes: 15
env:
SOURCE_DATE_EPOCH: ${{ steps.source_date.outputs.epoch }}
with:
context: .
file: Containerfile
target: production
push: true
load: false
cache-from: |
type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache
type=gha
cache-to: |
type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache,mode=max
type=gha,mode=max
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
annotations: ${{ steps.meta.outputs.annotations }}
provenance: mode=max
sbom: true
pull: true
build-args: |-
VERSION=${{ steps.version.outputs.version }}
GIT_SHA=${{ github.sha }}
BUILD_DATE=${{ steps.build_date.outputs.date }}