diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5cf7d58..6f7ab89 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,6 +11,7 @@ on: env: IS_PULL: ${{ github.event_name == 'pull_request' }} + HAS_SECRETS: ${{ secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' && secrets.DOCKERHUB_ACCOUNT != '' }} defaults: run: @@ -36,7 +37,7 @@ jobs: # For pushes to mainline or PRs targeting mainline, only build changed versions if [[ ("${{ github.event_name }}" == "push" && "${{ github.ref }}" == "refs/heads/mainline")]] ; then changed_files=$(git diff --name-only HEAD~1 HEAD) - if echo $changed_files | grep -qE "^(versions\.json|[0-9]+\.[0-9]+/|unstable/)"; then + if printf "%s\n" "$changed_files" | grep -qE "^(versions\.json|[0-9]+\.[0-9]+/|unstable/)"; then changed_versions=$(echo $changed_files | grep -oE "[0-9]+\.[0-9]+|unstable" | sort -u | tr '\n' '|' | sed 's/|$//') if [[ -n "$changed_versions" ]]; then strategy=$(jq -c --arg versions "$changed_versions" '{"fail-fast": .["fail-fast"],"matrix":{"include":[ .matrix.include[]|select(.meta.entries[0].directory | test($versions))]}}' <<<"$strategy") @@ -48,7 +49,6 @@ jobs: echo "strategy=$(jq -c . <<<"$strategy")" >> "$GITHUB_OUTPUT" jq . <<<"$strategy" # debugging aid to visually inspect the generated matrix - # Job to build and push Docker images individually for each architecture/platform build_and_push: needs: [generate-jobs] @@ -78,6 +78,8 @@ jobs: run: | if [[ "${{ env.IS_PULL }}" == "true" ]]; then echo "DOCKER_REPO_NAME=${{ github.actor }}/valkey-bundle" >> $GITHUB_ENV + elif [[ "${{ env.HAS_SECRETS }}" != "true" ]]; then + echo "DOCKER_REPO_NAME=${{ github.actor }}/valkey-bundle" >> $GITHUB_ENV else echo "DOCKER_REPO_NAME=${{ secrets.DOCKERHUB_ACCOUNT }}/valkey-bundle" >> $GITHUB_ENV fi @@ -89,7 +91,7 @@ jobs: uses: docker/setup-buildx-action@v3 - name: Login to Docker Hub - if: env.IS_PULL != 'true' + if: env.IS_PULL != 'true' && env.HAS_SECRETS == 'true' uses: docker/login-action@v3 with: registry: docker.io @@ -107,6 +109,7 @@ jobs: echo "$tags" > tags.txt - name: Upload Tags Artifact + if: env.HAS_SECRETS == 'true' uses: actions/upload-artifact@v4 with: name: tags-${{ matrix.version.name }} @@ -120,8 +123,8 @@ jobs: with: file: ./${{ matrix.version.meta.entries[0].directory }}/Dockerfile platforms: ${{ matrix.platform }} - # Push is true only for push events - push: ${{ env.IS_PULL != 'true' }} + # Push is true only for push events if the secrets have been created + push: ${{ env.HAS_SECRETS == 'true' && env.IS_PULL != 'true' }} outputs: type=image,push-by-digest=true,name-canonical=true tags: ${{ env.DOCKER_REPO_NAME }} provenance: false @@ -157,6 +160,7 @@ jobs: # Export digest to a file to reference it later in merging manifests - name: Export digest + if: env.HAS_SECRETS == 'true' id: export-digest run: | mkdir -p ${{ runner.temp }}/digests @@ -177,6 +181,7 @@ jobs: echo "version_major_minor=$major_minor" >> "$GITHUB_OUTPUT" - name: Upload digest for version-distro combination + if: env.HAS_SECRETS == 'true' uses: actions/upload-artifact@v4 with: name: digests-${{ steps.export-digest.outputs.version_major_minor }}-${{ steps.export-digest.outputs.linux_distro }}-${{ env.PLATFORM_PAIR }} @@ -191,13 +196,14 @@ jobs: steps: - name: Set DOCKER_REPO_NAME dynamically run: | - if [[ "${{ env.IS_PULL }}" == "true" ]]; then + if [[ "${{ env.IS_PULL }}" == "true" || "${{ env.HAS_SECRETS }}" != "true" ]]; then echo "DOCKER_REPO_NAME=${{ github.actor }}/valkey-bundle" >> $GITHUB_ENV else echo "DOCKER_REPO_NAME=${{ secrets.DOCKERHUB_ACCOUNT }}/valkey-bundle" >> $GITHUB_ENV fi - name: Download All Digests + if: env.HAS_SECRETS == 'true' uses: actions/download-artifact@v4 with: path: ${{ runner.temp }}/all-digests @@ -205,6 +211,7 @@ jobs: merge-multiple: false - name: Download All Tags + if: env.HAS_SECRETS == 'true' uses: actions/download-artifact@v4 with: path: ${{ runner.temp }}/all-tags @@ -212,18 +219,20 @@ jobs: merge-multiple: false - name: Login to Docker Hub + if: env.HAS_SECRETS == 'true' && env.IS_PULL != 'true' uses: docker/login-action@v3 - if: env.IS_PULL != 'true' with: registry: docker.io username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Set up Docker Buildx + if: env.HAS_SECRETS == 'true' uses: docker/setup-buildx-action@v3 - # Use imagetools to combine the arch-specific digests into respective multi-arch manifest + # Use imagetools to combine the arch-specific digests into respective multi-arch manifest test - name: Create Multi-Arch Manifest and Push + if: env.HAS_SECRETS == 'true' working-directory: ${{ runner.temp }} run: | declare -A combinations @@ -279,10 +288,25 @@ jobs: docker buildx imagetools create $tag_args $digest_args fi done - + + check-docker-secrets: + runs-on: ubuntu-latest + outputs: + has-secrets: ${{ steps.check_if_secrets_exist.outputs.has-secrets }} + steps: + - id: check_if_secrets_exist + run: | + if [ -n "${{ secrets.DOCKERHUB_USERNAME }}" ] && \ + [ -n "${{ secrets.DOCKERHUB_TOKEN }}" ] && \ + [ -n "${{ secrets.DOCKERHUB_REPOSITORY }}" ]; then + echo "has-secrets=true" >> $GITHUB_OUTPUT + else + echo "has-secrets=false" >> $GITHUB_OUTPUT + fi + update-dockerhub-description: - if: github.event_name == 'push' && github.ref == 'refs/heads/mainline' - needs: merge-manifest + if: github.event_name == 'push' && github.ref == 'refs/heads/mainline' && needs.check-docker-secrets.outputs.has-secrets == 'true' + needs: [merge-manifest, check-docker-secrets] name: Update DockerHub Description uses: ./.github/workflows/update-dockerhub-docs.yml secrets: