diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 3ef8543..aa63acd 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -8,6 +8,9 @@ on: schedule: - cron: '0 3 1,15 * *' +env: + REGISTRY_IMAGE: ghcr.io/nukib/misp-modules + jobs: build: runs-on: ${{ matrix.runner }} @@ -17,71 +20,103 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 - - - name: Set up Docker Buildx + + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - - name: Cache Docker layers + + - name: Cache Docker layers uses: actions/cache@v4 with: path: /tmp/.buildx-cache key: ${{ runner.os }}-${{ runner.arch }}-buildx-${{ github.sha }} restore-keys: | ${{ runner.os }}-${{ runner.arch }}-buildx- - - - name: Build and export to Docker + + - name: Build and export to Docker uses: docker/build-push-action@v6 with: context: . load: true - tags: | - nukib/misp-modules:latest - ghcr.io/nukib/misp-modules:latest + tags: ${{ env.REGISTRY_IMAGE }} cache-from: type=local,src=/tmp/.buildx-cache/amd64 cache-to: type=local,dest=/tmp/.buildx-cache-new/amd64,mode=max - - - name: Show image details + + - name: Show image details run: | - docker image inspect nukib/misp-modules:latest - docker image history nukib/misp-modules:latest - - - name: Test + docker image inspect ${{ env.REGISTRY_IMAGE }} + docker image history ${{ env.REGISTRY_IMAGE }} + + - name: Test run: | - docker run --name misp-modules --rm -p 127.0.0.1:6666:6666 nukib/misp-modules:latest & + docker run --name misp-modules --rm -p 127.0.0.1:6666:6666 ${{ env.REGISTRY_IMAGE }} & sleep 5 # Wait until container is ready curl --fail http://localhost:6666/modules | jq docker stop misp-modules - - - # Temp fix - # https://github.com/docker/build-push-action/issues/252 - # https://github.com/moby/buildkit/issues/1896 - name: Move cache + + # Temp fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + - name: Move cache run: | rm -rf /tmp/.buildx-cache mv /tmp/.buildx-cache-new /tmp/.buildx-cache du -sh /tmp/.buildx-cache - - - name: Login to GitHub Container Registry + + - name: Login to GitHub Container Registry if: github.event_name != 'pull_request' uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - - - name: Login to DockerHub + + - name: Push by digest if: github.event_name != 'pull_request' - uses: docker/login-action@v3 + id: build + uses: docker/build-push-action@v6 with: - username: nukib - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Push + tags: ${{ env.REGISTRY_IMAGE }} + outputs: type=image,push-by-digest=true,name-canonical=true,push=true + + - name: Export digest if: github.event_name != 'pull_request' - uses: docker/build-push-action@v6 + run: | + mkdir -p ${{ runner.temp }}/digests + digest="${{ steps.build.outputs.digest }}" + touch "${{ runner.temp }}/digests/${digest#sha256:}" + + - name: Upload digest + if: github.event_name != 'pull_request' + uses: actions/upload-artifact@v4 with: - push: true - tags: | - nukib/misp-modules:latest - ghcr.io/nukib/misp-modules:latest - + name: digests-${{ runner.arch == 'X64' && 'amd64' || 'arm64' }} + path: ${{ runner.temp }}/digests/* + if-no-files-found: error + retention-days: 1 + + push: + runs-on: ubuntu-latest + needs: build + if: github.event_name != 'pull_request' + steps: + - name: Download digests + uses: actions/download-artifact@v4 + with: + path: ${{ runner.temp }}/digests + pattern: digests-* + merge-multiple: true + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Create manifest list and push + working-directory: ${{ runner.temp }}/digests + run: | + docker buildx imagetools create --tag ${{ env.REGISTRY_IMAGE }}:latest $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *) \ No newline at end of file