Skip to content

Commit

Permalink
Add attestation and fix image README push to Docker Hub
Browse files Browse the repository at this point in the history
mcornella committed Sep 15, 2024

Verified

This commit was signed with the committer’s verified signature.
mcornella Marc Cornellà
1 parent ee1a706 commit d78333a
Showing 2 changed files with 39 additions and 11 deletions.
43 changes: 35 additions & 8 deletions .github/workflows/main.yml
Original file line number Diff line number Diff line change
@@ -9,9 +9,10 @@ on:
- cron: "46 2 * * 1"

env:
LATEST_ZSH: "5.9"
REGISTRY: "docker.io"
DOCKERHUB_ORG: "ohmyzsh"
MAIN_OMZ_BRANCH: "master" # TODO: we need to change master with main when migrating the branch
LATEST_ZSH: "5.9"
LATEST_OMZ: "master" # TODO: we need to change master with main when migrating the branch

jobs:
get-omz-versions:
@@ -23,12 +24,14 @@ jobs:
- name: Get Oh My Zsh versions
id: versions
run: |
OMZ_VERSIONS=$(curl -sL https://api.github.com/repos/ohmyzsh/ohmyzsh/tags | jq -c '["${{ env.MAIN_OMZ_BRANCH }}",.[].name]')
OMZ_VERSIONS=$(curl -sL https://api.github.com/repos/ohmyzsh/ohmyzsh/tags | jq -c '["${{ env.LATEST_OMZ }}",.[].name]')
echo "versions=$OMZ_VERSIONS" >> $GITHUB_OUTPUT
build-omz:
name: Build Oh My Zsh Docker image
runs-on: ubuntu-latest
env:
IMAGE_NAME: "ohmyzsh/ohmyzsh"
needs:
- get-omz-versions
strategy:
@@ -53,23 +56,35 @@ jobs:
- name: Get tags and versions
id: tags
run: |
tags=${{ env.DOCKERHUB_ORG }}/ohmyzsh:${{ matrix.omz-version }}
if [ ${{matrix.omz-version }} = ${{ env.MAIN_OMZ_BRANCH }} ]; then
tags="${tags},${{ env.DOCKERHUB_ORG }}/ohmyzsh:latest"
tags="${{ env.IMAGE_NAME }}:${{ matrix.omz-version }}"
tags="${tags},${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.omz-version }}"
if [ ${{matrix.omz-version }} = ${{ env.LATEST_OMZ }} ]; then
tags="${tags},${{ env.IMAGE_NAME }}:latest"
tags="${tags},${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest"
fi
echo "tags=$tags" >> $GITHUB_OUTPUT
- name: Build and push images
id: push
uses: docker/build-push-action@v5
with:
context: ohmyzsh
platforms: linux/amd64,linux/arm64
push: ${{ github.event_name != 'pull_request' }}
build-args: "OMZ_VERSION=${{ matrix.omz-version }}"
tags: ${{ steps.tags.outputs.tags }}
- name: Attest
uses: actions/attest-build-provenance@v1
id: attest
with:
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true

build-zsh:
name: Build Zsh Docker images
runs-on: ubuntu-latest
env:
IMAGE_NAME: "ohmyzsh/zsh"
strategy:
matrix:
zsh-version:
@@ -127,19 +142,29 @@ jobs:
- name: Get tags and versions
id: tags
run: |
tags=${{ env.DOCKERHUB_ORG }}/zsh:${{ matrix.zsh-version }}
tags="${{ env.IMAGE_NAME }}:${{ matrix.zsh-version }}"
tags="${tags},${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.zsh-version }}"
if [ ${{matrix.zsh-version }} = ${{ env.LATEST_ZSH }} ]; then
tags="${tags},${{ env.DOCKERHUB_ORG }}/zsh:latest"
tags="${tags},${{ env.IMAGE_NAME }}:latest"
tags="${tags},${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest"
fi
echo "tags=$tags" >> $GITHUB_OUTPUT
- name: Build and push images
id: push
uses: docker/build-push-action@v5
with:
context: zsh
platforms: linux/amd64,linux/arm64
push: ${{ github.event_name != 'pull_request' }}
build-args: "ZSH_VERSION=${{ matrix.zsh-version }}"
tags: ${{ steps.tags.outputs.tags }}
- name: Attest
uses: actions/attest-build-provenance@v1
id: attest
with:
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true

update-image-readme:
needs:
@@ -148,6 +173,8 @@ jobs:
runs-on: ubuntu-latest
if: ${{ github.event_name != 'pull_request' }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Update image READMEs
env:
DH_USERNAME: ${{ secrets.DOCKERHUB_USER }}
7 changes: 4 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
# Oh My Zsh docker images

[![Publish workflow](https://github.com/ohmyzsh/docker/actions/workflows/main.yml/badge.svg)](https://github.com/ohmyzsh/docker/actions/workflows/main.yml)

This repository holds the Dockerfile files for the various docker images hosted in the
[ohmyzsh organization at Docker Hub](https://hub.docker.com/u/ohmyzsh).

@@ -12,8 +14,7 @@ Inside this folder there needs to be:
- `Dockerfile` for building the Docker image. See [`ohmyzsh/ohmyzsh`](ohmyzsh/Dockerfile) for
an example of how to set it up, including metadata `LABEL`s.

- `build.sh` file which receives the Docker Hub organization name as the first argument,
and builds all the tags for the given image.

- `README.md` which provides information regarding the Docker image. If the image has a README.md
file, this will be used to automatically update the README in Docker Hub.

There also needs to be a separate build job for each image in the [`.github/workflows/main.yml`](https://github.com/ohmyzsh/docker/actions/workflows/main.yml) file.

0 comments on commit d78333a

Please sign in to comment.