publish #694
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: publish | |
| on: | |
| schedule: | |
| - cron: '47 02,08,14,20 * * *' | |
| push: | |
| branches: ["main"] | |
| pull_request: | |
| workflow_dispatch: | |
| defaults: | |
| run: | |
| shell: bash -leoux pipefail {0} | |
| jobs: | |
| docker: | |
| runs-on: ubuntu-latest | |
| concurrency: ci-${{ github.ref }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login into registry | |
| uses: docker/login-action@v3 | |
| if: github.event_name != 'pull_request' | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Login into registry | |
| uses: docker/login-action@v3 | |
| if: github.event_name != 'pull_request' | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| platforms: linux/amd64 | |
| pull: true | |
| load: true | |
| tags: ghcr.io/${{ github.repository }}:test | |
| - name: Check if changed | |
| id: checkchanged | |
| run: | | |
| mkdir tmp | |
| cd tmp | |
| if docker pull --platform linux/amd64 ghcr.io/${{ github.repository }}:latest; then | |
| img=$(docker create --platform linux/amd64 ghcr.io/${{ github.repository }}:latest) | |
| docker export $img -o latest.tar | |
| docker rm $img | |
| img=$(docker create --platform linux/amd64 ghcr.io/${{ github.repository }}:test) | |
| docker export $img -o test.tar | |
| docker rm $img | |
| mkdir test | |
| mkdir latest | |
| tar xf test.tar -C test --exclude={etc/shadow{,-},lib/apk/db/scripts.tar,var/{log,cache}} | |
| tar xf latest.tar -C latest --exclude={etc/shadow{,-},lib/apk/db/scripts.tar,var/{log,cache}} | |
| if diff -q -r --no-dereference test latest; then | |
| echo "CHANGED=false" >> "$GITHUB_OUTPUT" | |
| fi | |
| fi | |
| - name: Build and push | |
| uses: docker/build-push-action@v5 | |
| if: github.event_name == 'workflow_dispatch' || (github.event_name != 'pull_request' && steps.checkchanged.outputs.CHANGED != 'false') | |
| with: | |
| context: . | |
| # Prevent "unknown" platforms: https://github.com/docker/build-push-action/issues/820 | |
| provenance: false | |
| platforms: linux/amd64,linux/arm64,linux/arm/v7 | |
| pull: true | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: | | |
| ${{ github.repository }}:latest | |
| ${{ github.repository }}:1 | |
| ghcr.io/${{ github.repository }}:latest | |
| ghcr.io/${{ github.repository }}:1 | |
| - name: Purge old images | |
| uses: actions/delete-package-versions@v4 | |
| if: github.event_name == 'workflow_dispatch' || (github.event_name != 'pull_request' && steps.checkchanged.outputs.CHANGED != 'false') | |
| with: | |
| package-name: ${{ github.event.repository.name }} | |
| package-type: 'container' | |
| min-versions-to-keep: 15 | |
| delete-only-untagged-versions: 'true' |