Release PR builds with pr-<number> tag
#25
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker Build-Push | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: '26 13 7 * *' | |
| push: | |
| branches: [ "main" ] | |
| pull_request: | |
| branches: [ "main" ] | |
| env: | |
| REGISTRY_IMAGE: ghcr.io/${{ github.repository }} | |
| jobs: | |
| prepare: | |
| name: prepare build context | |
| permissions: {} | |
| runs-on: ubuntu-latest | |
| outputs: | |
| date: ${{ steps.release-info.outputs.date }} | |
| version: ${{ steps.release-info.outputs.version }} | |
| release: ${{ steps.release-info.outputs.release }} | |
| steps: | |
| - name: Get latest crymap release | |
| id: crymap | |
| uses: pozetroninc/github-action-get-latest-release@v0.8.0 | |
| with: | |
| repository: AltSysrq/crymap | |
| excludes: prerelease, draft | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Get current date and release version | |
| id: release-info | |
| env: | |
| CRYMAP_VERSION: ${{ steps.crymap.outputs.release }} | |
| PLATFORM: ${{ matrix.platform }} | |
| run: | | |
| export DATE="$(date +'%Y%m%d')" | |
| export VERSION="$(echo "${CRYMAP_VERSION:?failed to get latest crymap version}" | grep -E -o '[0-9]+\.[0-9]+\.[0-9]+')" | |
| echo "Building '${CRYMAP_VERSION}' as:" | |
| echo "date=${DATE:?failed to get current date}" | tee -a $GITHUB_OUTPUT | |
| echo "version=${VERSION:?failed to parse crymap version}" | tee -a $GITHUB_OUTPUT | |
| echo "release=${VERSION}-${DATE}" | tee -a $GITHUB_OUTPUT | |
| echo "PLATFORM_PAIR=${PLATFORM//\//-}" | tee -a $GITHUB_ENV | |
| build: | |
| name: build ${{ matrix.platform }} container image | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| platform: | |
| - linux/amd64 | |
| - linux/arm64 | |
| permissions: | |
| contents: read # read to build | |
| packages: write # pushing container image | |
| # https://docs.github.com/en/actions/how-tos/writing-workflows/choosing-where-your-workflow-runs/choosing-the-runner-for-a-job#standard-github-hosted-runners-for-public-repositories | |
| runs-on: ${{ matrix.platform == 'linux/amd64' && 'ubuntu-latest' || matrix.platform == 'linux/arm64' && 'ubuntu-24.04-arm' }} | |
| needs: | |
| - prepare | |
| steps: | |
| - name: Prepare | |
| env: | |
| PLATFORM: ${{ matrix.platform }} | |
| run: | | |
| echo "PLATFORM_PAIR=${PLATFORM//\//-}" | tee -a $GITHUB_ENV | |
| - name: Setup iamge metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY_IMAGE }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| platforms: ${{ matrix.platform }} | |
| - name: Log into registry ghcr.io | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push by digest | |
| id: build-and-push | |
| uses: docker/build-push-action@v5 | |
| with: | |
| build-args: CRYMAP_VERSION=${{ needs.prepare.outputs.version }} | |
| platforms: ${{ matrix.platform }} | |
| tags: ${{ env.REGISTRY_IMAGE }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| annotations: ${{ steps.meta.outputs.annotations }} | |
| outputs: type=image,push-by-digest=true,name-canonical=true,push=true,oci-mediatypes=true | |
| # workaround because multiple outputs from jobs aren't supported | |
| - name: Export digest | |
| env: | |
| DIGEST: ${{ steps.build-and-push.outputs.digest }} | |
| TEMP_DIR: ${{ runner.temp }} | |
| run: | | |
| mkdir -p "${TEMP_DIR}/digests" | |
| touch "${TEMP_DIR}/digests/${DIGEST#sha256:}" | |
| - name: Upload digest | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: digests-${{ env.PLATFORM_PAIR }} | |
| path: ${{ runner.temp }}/digests/* | |
| if-no-files-found: error | |
| retention-days: 1 | |
| merge: | |
| name: Merge Docker manifests | |
| permissions: | |
| packages: write # pushing container image | |
| id-token: write # signing | |
| runs-on: ubuntu-latest | |
| needs: | |
| - prepare | |
| - build | |
| steps: | |
| - name: Download digests | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: ${{ runner.temp }}/digests | |
| pattern: digests-* | |
| merge-multiple: true | |
| - name: Install cosign | |
| uses: sigstore/cosign-installer@v3 | |
| - name: Log into registry ghcr.io | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY_IMAGE }} | |
| tags: | | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| type=raw,value=${{ needs.prepare.outputs.version }},enable={{is_default_branch}} | |
| type=raw,value=${{ needs.prepare.outputs.release }},enable=${{ github.event_name != 'pull_request' }} | |
| type-raw,value=pr-${{ github.event.number }},enable=${{ github.event_name == 'pull_request' }} | |
| type=sha,format=long | |
| - name: Create manifest list and push | |
| id: meta-push | |
| working-directory: ${{ runner.temp }}/digests | |
| run: | | |
| docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | |
| $(printf "${REGISTRY_IMAGE}@sha256:%s " *) 2>&1 | tee >(grep -F 'sha256:' | grep -F ':sha-' | sed -E 's/.*sha256:([a-z0-9]+).*/meta-digest=\1/' >> $GITHUB_OUTPUT) | |
| - name: Sign the published Docker images | |
| env: | |
| DIGEST_DIR: ${{ runner.temp }}/digests | |
| TAGS: ${{ steps.meta.outputs.tags }} | |
| META_DIGEST: ${{ steps.meta-push.outputs.meta-digest }} | |
| run: | | |
| ls -1 "${DIGEST_DIR}" | xargs -I {} cosign sign --yes ${REGISTRY_IMAGE}@sha256:{} | |
| echo "${TAGS}" | xargs -I {} cosign sign --yes {}@sha256:${META_DIGEST} | |
| - name: Inspect images | |
| env: | |
| TAGS: ${{ steps.meta.outputs.tags }} | |
| IMAGE: ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} | |
| run: | | |
| echo "${TAGS}" | xargs -I {} docker buildx imagetools inspect {} | |
| release: | |
| name: Publish release | |
| if: github.event_name != 'pull_request' | |
| permissions: | |
| contents: write # write to release | |
| runs-on: ubuntu-latest | |
| needs: | |
| - prepare | |
| - merge | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Create Release | |
| uses: elgohr/Github-Release-Action@v5 | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| title: ${{ needs.prepare.outputs.release }} | |
| tag: ${{ needs.prepare.outputs.release }} |