Skip to content

Commit

Permalink
Add support for Quay.io and GHCR.io as registries
Browse files Browse the repository at this point in the history 
- Added support for Quay.io
- Added support for GHCR.io

To enable support for these container image registries the following needs to be added.

As `Actions secrets and variables` - `Secrets`
- `DOCKERHUB_TOKEN` and `DOCKERHUB_USERNAME`
- `QUAY_TOKEN` and `QUAY_USERNAME`

As `Actions secrets and variables` - `Variables` - `Repository Variables`
- `DOCKERHUB_REPO`
- `GHCR_REPO`
- `QUAY_REPO`

The `DOCKERHUB_REPO` currently configured in `Secrets` can be removed if wanted, probably best after this PR has been merged.

If one of the vars/secrets are not configured it will skip that specific registry!
  • Loading branch information
@BlackDex
BlackDex committed Mar 23, 2023
1 parent 5800ace commit 847b4d4
Show file tree
Hide file tree
Showing 24 changed files with 174 additions and 54 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/build.yml
View file
Expand Up @@ -43,7 +43,7 @@ jobs:
steps:
# Checkout the repo
- name: "Checkout"
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
# End Checkout the repo


Expand Down Expand Up @@ -71,7 +71,7 @@ jobs:

# Only install the clippy and rustfmt components on the default rust-toolchain
- name: "Install rust-toolchain version"
uses: dtolnay/rust-toolchain@e12eda571dc9a5ee5d58eecf4738ec291c66f295 # master @ 2023-02-19 - 02:23 GMT+1
uses: dtolnay/rust-toolchain@fc3253060d0c959bea12a59f10f8391454a0b02d # master @ 2023-03-21 - 06:36 GMT+1
if: ${{ matrix.channel == 'rust-toolchain' }}
with:
toolchain: "${{steps.toolchain.outputs.RUST_TOOLCHAIN}}"
Expand All @@ -81,7 +81,7 @@ jobs:

# Install the any other channel to be used for which we do not execute clippy and rustfmt
- name: "Install MSRV version"
uses: dtolnay/rust-toolchain@e12eda571dc9a5ee5d58eecf4738ec291c66f295 # master @ 2023-02-19 - 02:23 GMT+1
uses: dtolnay/rust-toolchain@fc3253060d0c959bea12a59f10f8391454a0b02d # master @ 2023-03-21 - 06:36 GMT+1
if: ${{ matrix.channel != 'rust-toolchain' }}
with:
toolchain: "${{steps.toolchain.outputs.RUST_TOOLCHAIN}}"
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/hadolint.yml
View file
Expand Up @@ -13,7 +13,7 @@ jobs:
steps:
# Checkout the repo
- name: Checkout
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
# End Checkout the repo


Expand Down
150 changes: 132 additions & 18 deletions .github/workflows/release.yml
View file
Expand Up @@ -52,10 +52,19 @@ jobs:
# build performance and the ability to copy extended file attributes
# (e.g., for executable capabilities) across build phases.
DOCKER_BUILDKIT: 1
# DOCKER_REPO/secrets.DOCKERHUB_REPO needs to be 'index.docker.io/<user>/<repo>'
DOCKER_REPO: ${{ secrets.DOCKERHUB_REPO }}
SOURCE_COMMIT: ${{ github.sha }}
SOURCE_REPOSITORY_URL: "https://github.com/${{ github.repository }}"
# The *_REPO variables need to be configured as repository variables
# Append `/settings/variables/actions` to your repo url
# DOCKERHUB_REPO needs to be 'index.docker.io/<user>/<repo>'
# Check for Docker hub credentials in secrets
HAVE_DOCKERHUB_LOGIN: ${{ vars.DOCKERHUB_REPO != '' && secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }}
# GHCR_REPO needs to be 'ghcr.io/<user>/<repo>'
# Check for Github credentials in secrets
HAVE_GHCR_LOGIN: ${{ vars.GHCR_REPO != '' && github.repository_owner != '' && secrets.GITHUB_TOKEN != '' }}
# QUAY_REPO needs to be 'quay.io/<user>/<repo>'
# Check for Quay.io credentials in secrets
HAVE_QUAY_LOGIN: ${{ vars.QUAY_REPO != '' && secrets.QUAY_USERNAME != '' && secrets.QUAY_TOKEN != '' }}
if: ${{ needs.skip_check.outputs.should_skip != 'true' && github.repository == 'dani-garcia/vaultwarden' }}
strategy:
matrix:
Expand All @@ -64,17 +73,10 @@ jobs:
steps:
# Checkout the repo
- name: Checkout
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
with:
fetch-depth: 0

# Login to Docker Hub
- name: Login to Docker Hub
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

# Determine Docker Tag
- name: Init Variables
id: vars
Expand All @@ -88,34 +90,146 @@ jobs:
fi
# End Determine Docker Tag

- name: Build Debian based images
# Login to Docker Hub
- name: Login to Docker Hub
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
if: ${{ env.HAVE_DOCKERHUB_LOGIN == 'true' }}

# Login to GitHub Container Registry
- name: Login to GitHub Container Registry
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
if: ${{ env.HAVE_GHCR_LOGIN == 'true' }}

# Login to Quay.io
- name: Login to Quay.io
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_TOKEN }}
if: ${{ env.HAVE_QUAY_LOGIN == 'true' }}

# Debian

# Docker Hub
- name: Build Debian based images (docker.io)
shell: bash
env:
DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}"
DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
run: |
./hooks/build
if: ${{ matrix.base_image == 'debian' && env.HAVE_DOCKERHUB_LOGIN == 'true' }}

- name: Push Debian based images (docker.io)
shell: bash
env:
DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}"
DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
run: |
./hooks/push
if: ${{ matrix.base_image == 'debian' && env.HAVE_DOCKERHUB_LOGIN == 'true' }}

# GitHub Container Registry
- name: Build Debian based images (ghcr.io)
shell: bash
env:
DOCKER_REPO: "${{ vars.GHCR_REPO }}"
DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
run: |
./hooks/build
if: ${{ matrix.base_image == 'debian' && env.HAVE_GHCR_LOGIN == 'true' }}

- name: Push Debian based images (ghcr.io)
shell: bash
env:
DOCKER_REPO: "${{ vars.GHCR_REPO }}"
DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
run: |
./hooks/push
if: ${{ matrix.base_image == 'debian' && env.HAVE_GHCR_LOGIN == 'true' }}

# Quay.io
- name: Build Debian based images (quay.io)
shell: bash
env:
DOCKER_REPO: "${{ vars.QUAY_REPO }}"
DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
run: |
./hooks/build
if: ${{ matrix.base_image == 'debian' }}
if: ${{ matrix.base_image == 'debian' && env.HAVE_QUAY_LOGIN == 'true' }}

- name: Push Debian based images
- name: Push Debian based images (quay.io)
shell: bash
env:
DOCKER_REPO: "${{ vars.QUAY_REPO }}"
DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
run: |
./hooks/push
if: ${{ matrix.base_image == 'debian' }}
if: ${{ matrix.base_image == 'debian' && env.HAVE_QUAY_LOGIN == 'true' }}

# Alpine

# Docker Hub
- name: Build Alpine based images (docker.io)
shell: bash
env:
DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}"
DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
run: |
./hooks/build
if: ${{ matrix.base_image == 'alpine' && env.HAVE_DOCKERHUB_LOGIN == 'true' }}

- name: Push Alpine based images (docker.io)
shell: bash
env:
DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}"
DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
run: |
./hooks/push
if: ${{ matrix.base_image == 'alpine' && env.HAVE_DOCKERHUB_LOGIN == 'true' }}

# GitHub Container Registry
- name: Build Alpine based images (ghcr.io)
shell: bash
env:
DOCKER_REPO: "${{ vars.GHCR_REPO }}"
DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
run: |
./hooks/build
if: ${{ matrix.base_image == 'alpine' && env.HAVE_GHCR_LOGIN == 'true' }}

- name: Push Alpine based images (ghcr.io)
shell: bash
env:
DOCKER_REPO: "${{ vars.GHCR_REPO }}"
DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
run: |
./hooks/push
if: ${{ matrix.base_image == 'alpine' && env.HAVE_GHCR_LOGIN == 'true' }}

- name: Build Alpine based images
# Quay.io
- name: Build Alpine based images (quay.io)
shell: bash
env:
DOCKER_REPO: "${{ vars.QUAY_REPO }}"
DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
run: |
./hooks/build
if: ${{ matrix.base_image == 'alpine' }}
if: ${{ matrix.base_image == 'alpine' && env.HAVE_QUAY_LOGIN == 'true' }}

- name: Push Alpine based images
- name: Push Alpine based images (quay.io)
shell: bash
env:
DOCKER_REPO: "${{ vars.QUAY_REPO }}"
DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
run: |
./hooks/push
if: ${{ matrix.base_image == 'alpine' }}
if: ${{ matrix.base_image == 'alpine' && env.HAVE_QUAY_LOGIN == 'true' }}
10 changes: 5 additions & 5 deletions docker/Dockerfile.j2
View file
Expand Up @@ -3,22 +3,22 @@
# This file was generated using a Jinja2 template.
# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.

{% set build_stage_base_image = "rust:1.67.1-bullseye" %}
{% set build_stage_base_image = "rust:1.68.0-bullseye" %}
{% if "alpine" in target_file %}
{% if "amd64" in target_file %}
{% set build_stage_base_image = "blackdex/rust-musl:x86_64-musl-stable-1.67.1" %}
{% set build_stage_base_image = "blackdex/rust-musl:x86_64-musl-stable-1.68.0" %}
{% set runtime_stage_base_image = "alpine:3.17" %}
{% set package_arch_target = "x86_64-unknown-linux-musl" %}
{% elif "armv7" in target_file %}
{% set build_stage_base_image = "blackdex/rust-musl:armv7-musleabihf-stable-1.67.1" %}
{% set build_stage_base_image = "blackdex/rust-musl:armv7-musleabihf-stable-1.68.0" %}
{% set runtime_stage_base_image = "balenalib/armv7hf-alpine:3.17" %}
{% set package_arch_target = "armv7-unknown-linux-musleabihf" %}
{% elif "armv6" in target_file %}
{% set build_stage_base_image = "blackdex/rust-musl:arm-musleabi-stable-1.67.1" %}
{% set build_stage_base_image = "blackdex/rust-musl:arm-musleabi-stable-1.68.0" %}
{% set runtime_stage_base_image = "balenalib/rpi-alpine:3.17" %}
{% set package_arch_target = "arm-unknown-linux-musleabi" %}
{% elif "arm64" in target_file %}
{% set build_stage_base_image = "blackdex/rust-musl:aarch64-musl-stable-1.67.1" %}
{% set build_stage_base_image = "blackdex/rust-musl:aarch64-musl-stable-1.68.0" %}
{% set runtime_stage_base_image = "balenalib/aarch64-alpine:3.17" %}
{% set package_arch_target = "aarch64-unknown-linux-musl" %}
{% endif %}
Expand Down
2 changes: 1 addition & 1 deletion docker/amd64/Dockerfile
View file
Expand Up @@ -27,7 +27,7 @@
FROM vaultwarden/web-vault@sha256:8b658e46339dde404b6370b381422e3522a133560264266e285acdd9adf807fe as vault

########################## BUILD IMAGE ##########################
FROM rust:1.67.1-bullseye as build
FROM rust:1.68.0-bullseye as build

# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \
Expand Down
2 changes: 1 addition & 1 deletion docker/amd64/Dockerfile.alpine
View file
Expand Up @@ -27,7 +27,7 @@
FROM vaultwarden/web-vault@sha256:8b658e46339dde404b6370b381422e3522a133560264266e285acdd9adf807fe as vault

########################## BUILD IMAGE ##########################
FROM blackdex/rust-musl:x86_64-musl-stable-1.67.1 as build
FROM blackdex/rust-musl:x86_64-musl-stable-1.68.0 as build

# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \
Expand Down
2 changes: 1 addition & 1 deletion docker/amd64/Dockerfile.buildkit
View file
Expand Up @@ -27,7 +27,7 @@
FROM vaultwarden/web-vault@sha256:8b658e46339dde404b6370b381422e3522a133560264266e285acdd9adf807fe as vault

########################## BUILD IMAGE ##########################
FROM rust:1.67.1-bullseye as build
FROM rust:1.68.0-bullseye as build

# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \
Expand Down
2 changes: 1 addition & 1 deletion docker/amd64/Dockerfile.buildkit.alpine
View file
Expand Up @@ -27,7 +27,7 @@
FROM vaultwarden/web-vault@sha256:8b658e46339dde404b6370b381422e3522a133560264266e285acdd9adf807fe as vault

########################## BUILD IMAGE ##########################
FROM blackdex/rust-musl:x86_64-musl-stable-1.67.1 as build
FROM blackdex/rust-musl:x86_64-musl-stable-1.68.0 as build

# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \
Expand Down
2 changes: 1 addition & 1 deletion docker/arm64/Dockerfile
View file
Expand Up @@ -27,7 +27,7 @@
FROM vaultwarden/web-vault@sha256:8b658e46339dde404b6370b381422e3522a133560264266e285acdd9adf807fe as vault

########################## BUILD IMAGE ##########################
FROM rust:1.67.1-bullseye as build
FROM rust:1.68.0-bullseye as build

# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \
Expand Down
2 changes: 1 addition & 1 deletion docker/arm64/Dockerfile.alpine
View file
Expand Up @@ -27,7 +27,7 @@
FROM vaultwarden/web-vault@sha256:8b658e46339dde404b6370b381422e3522a133560264266e285acdd9adf807fe as vault

########################## BUILD IMAGE ##########################
FROM blackdex/rust-musl:aarch64-musl-stable-1.67.1 as build
FROM blackdex/rust-musl:aarch64-musl-stable-1.68.0 as build

# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \
Expand Down
2 changes: 1 addition & 1 deletion docker/arm64/Dockerfile.buildkit
View file
Expand Up @@ -27,7 +27,7 @@
FROM vaultwarden/web-vault@sha256:8b658e46339dde404b6370b381422e3522a133560264266e285acdd9adf807fe as vault

########################## BUILD IMAGE ##########################
FROM rust:1.67.1-bullseye as build
FROM rust:1.68.0-bullseye as build

# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \
Expand Down
2 changes: 1 addition & 1 deletion docker/arm64/Dockerfile.buildkit.alpine
View file
Expand Up @@ -27,7 +27,7 @@
FROM vaultwarden/web-vault@sha256:8b658e46339dde404b6370b381422e3522a133560264266e285acdd9adf807fe as vault

########################## BUILD IMAGE ##########################
FROM blackdex/rust-musl:aarch64-musl-stable-1.67.1 as build
FROM blackdex/rust-musl:aarch64-musl-stable-1.68.0 as build

# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \
Expand Down
2 changes: 1 addition & 1 deletion docker/armv6/Dockerfile
View file
Expand Up @@ -27,7 +27,7 @@
FROM vaultwarden/web-vault@sha256:8b658e46339dde404b6370b381422e3522a133560264266e285acdd9adf807fe as vault

########################## BUILD IMAGE ##########################
FROM rust:1.67.1-bullseye as build
FROM rust:1.68.0-bullseye as build

# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \
Expand Down
2 changes: 1 addition & 1 deletion docker/armv6/Dockerfile.alpine
View file
Expand Up @@ -27,7 +27,7 @@
FROM vaultwarden/web-vault@sha256:8b658e46339dde404b6370b381422e3522a133560264266e285acdd9adf807fe as vault

########################## BUILD IMAGE ##########################
FROM blackdex/rust-musl:arm-musleabi-stable-1.67.1 as build
FROM blackdex/rust-musl:arm-musleabi-stable-1.68.0 as build

# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \
Expand Down
2 changes: 1 addition & 1 deletion docker/armv6/Dockerfile.buildkit
View file
Expand Up @@ -27,7 +27,7 @@
FROM vaultwarden/web-vault@sha256:8b658e46339dde404b6370b381422e3522a133560264266e285acdd9adf807fe as vault

########################## BUILD IMAGE ##########################
FROM rust:1.67.1-bullseye as build
FROM rust:1.68.0-bullseye as build

# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \
Expand Down
2 changes: 1 addition & 1 deletion docker/armv6/Dockerfile.buildkit.alpine
View file
Expand Up @@ -27,7 +27,7 @@
FROM vaultwarden/web-vault@sha256:8b658e46339dde404b6370b381422e3522a133560264266e285acdd9adf807fe as vault

########################## BUILD IMAGE ##########################
FROM blackdex/rust-musl:arm-musleabi-stable-1.67.1 as build
FROM blackdex/rust-musl:arm-musleabi-stable-1.68.0 as build

# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \
Expand Down
2 changes: 1 addition & 1 deletion docker/armv7/Dockerfile
View file
Expand Up @@ -27,7 +27,7 @@
FROM vaultwarden/web-vault@sha256:8b658e46339dde404b6370b381422e3522a133560264266e285acdd9adf807fe as vault

########################## BUILD IMAGE ##########################
FROM rust:1.67.1-bullseye as build
FROM rust:1.68.0-bullseye as build

# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \
Expand Down
2 changes: 1 addition & 1 deletion docker/armv7/Dockerfile.alpine
View file
Expand Up @@ -27,7 +27,7 @@
FROM vaultwarden/web-vault@sha256:8b658e46339dde404b6370b381422e3522a133560264266e285acdd9adf807fe as vault

########################## BUILD IMAGE ##########################
FROM blackdex/rust-musl:armv7-musleabihf-stable-1.67.1 as build
FROM blackdex/rust-musl:armv7-musleabihf-stable-1.68.0 as build

# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \
Expand Down
2 changes: 1 addition & 1 deletion docker/armv7/Dockerfile.buildkit
View file
Expand Up @@ -27,7 +27,7 @@
FROM vaultwarden/web-vault@sha256:8b658e46339dde404b6370b381422e3522a133560264266e285acdd9adf807fe as vault

########################## BUILD IMAGE ##########################
FROM rust:1.67.1-bullseye as build
FROM rust:1.68.0-bullseye as build

# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \
Expand Down

0 comments on commit 847b4d4

Please sign in to comment.