hibare · hibare · Jan 19, 2024 · Jan 19, 2024
diff --git a/.github/workflows/test-build-publish.yml b/.github/workflows/test-build-publish.yml
@@ -1,83 +1,76 @@
-name: Test & Release Publish
+name: Test, Build & Publish
 
-# When its time to do a release do a full cross platform build for all supported
-# architectures and push all of them to Docker Hub and GitHub Container Registry.
-# Only trigger on semver shaped tags.
 on:
   push:
     tags:
-      - "*"
+      - "v*"
+    branches:
+      - main
 
   pull_request:
     branches:
       - "main"
       - "dev"
     paths-ignore:
       - "**/README.md"
-      - "**/.github"
+      - "**/Makefile"
+      - "**/.env.**"
+      - "**/docker-compose.*.yml"
+      - "**/.vscode"
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }}
+  cancel-in-progress: true
 
 jobs:
   docker-build-test-publish:
-    if: ${{ github.event_name == 'pull_request' || (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v'))}}
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      id-token: write # For cosign
+      packages: write # For GHCR
     steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          # list of Docker images to use as base name for tags
-          images: |
-            hibare/caddy-cf-dns
-            ghcr.io/hibare/caddy-cf-dns
-          # generate Docker tags based on the following events/attributes
-          tags: |
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-        with:
-          platforms: all
+      - name: Set Metadata
+        id: set-metadata
+        run: |          
+          DOCKER_TAGS="unknown"
+          VERSION="unknown"
+          IMAGE_NAMES="hibare/caddy-cf-dns ghcr.io/hibare/caddy-cf-dns"
 
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v3
+          if [ "${{ github.event_name }}" == "push" ]; then
+            if [ "${{ github.ref }}" == "refs/heads/main" ]; then
+              DOCKER_TAGS="next"
+              VERSION="next"
+            elif [[ "${{ github.ref }}" == "refs/tags/v"* ]]; then
+              DOCKER_TAGS="type=semver,pattern={{version}} type=semver,pattern={{major}}"
+              VERSION="${GITHUB_REF#refs/tags/v}"
+            else
+              echo "Unknown ref: ${{ github.ref }}"
+              exit 1
+            fi
+          elif [ "${{ github.event_name }}" == "pull_request" ]; then
+            DOCKER_TAGS="test"
+            VERSION="test"
+          else
+            echo "Unknown event: ${{ github.event_name }}"
+            exit 1
+          fi
 
-      - name: Cache Docker layers
-        uses: actions/cache@v4
-        with:
-          path: /tmp/.buildx-cache
-          key: ${{ runner.os }}-buildx-${{ github.sha }}
-          restore-keys: |
-            ${{ runner.os }}-buildx-
+          echo "docker_image_names=$IMAGE_NAMES" >> $GITHUB_OUTPUT
+          echo "docker_tags=$DOCKER_TAGS" >> $GITHUB_OUTPUT
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+        shell: bash
 
-      - name: Login to DockerHub
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v3
+      - name: image-build-publish
+        uses: hibare/.github/github/shared-workflows/docker-image-build-publish@afd7e905777e60f391444be841383e6147816805 # v0.3.1
         with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-
-      - name: Login to GitHub Container Registry
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build and push
-        id: docker_build
-        uses: docker/build-push-action@v5
-        with:
-          builder: ${{ steps.buildx.outputs.name }}
+          image_names: ${{ steps.set-metadata.outputs.docker_image_names }}
+          tags: ${{ steps.set-metadata.outputs.docker_tags }}
           platforms: linux/amd64,linux/arm64
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache
-
-      - name: Image digest
-        run: echo ${{ steps.docker_build.outputs.digest }}
+          push_dockerhub: ${{ github.event_name != 'pull_request' }}
+          push_ghcr: ${{ github.event_name != 'pull_request' }}
+          build_args: VERSION=${{ steps.set-metadata.outputs.version }}
+        env:
+          DOCKERHUB_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+          DOCKERHUB_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}