Build and Push Docker Image #54
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Push Docker Image | |
on: | |
schedule: | |
- cron: '50 4 4 * *' | |
push: | |
branches: [ master ] | |
jobs: | |
build-push: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
packages: write | |
steps: | |
- name: Compute tag with SHA and date | |
run: | | |
echo "ncd_shadatetag=${{ github.sha }}-$(date +%Y%m%d)" >> $GITHUB_ENV | |
echo "ncd_created=$(date --rfc-3339=seconds)" >> $GITHUB_ENV | |
- name: Compute the big annotation string | |
run: | | |
echo -n ncd_annotation= >> $GITHUB_ENV | |
for i in -index [linux/amd64] [linux/arm64] [linux/arm/v7]; do | |
echo -n "annotation$i.org.opencontainers.image.source=${{ env.ncd_source }}," >> $GITHUB_ENV | |
echo -n "annotation$i.org.opencontainers.image.description=${{ env.ncd_description }}," >> $GITHUB_ENV | |
echo -n "annotation$i.org.opencontainers.image.revision=${{ github.sha }}," >> $GITHUB_ENV | |
echo -n "annotation$i.org.opencontainers.image.created=${{ env.ncd_created }}," >> $GITHUB_ENV | |
done | |
sed -i -e 's/,$//' $GITHUB_ENV | |
echo >> $GITHUB_ENV | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
# Workaround to see correct image hash: https://github.com/docker/build-push-action/issues/461 | |
- name: Setup Docker buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Login to Github Container Registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Login to Docker Hub | |
uses: docker/login-action@v2 | |
with: | |
username: errge | |
password: ${{ secrets.DOCKERHUBTOKEN }} | |
- name: Build Docker Image | |
uses: docker/build-push-action@v4 | |
with: | |
platforms: linux/amd64,linux/arm/v7,linux/arm64 | |
context: . | |
# Annotations inside the blobs: called docker labels (docker inspect) | |
labels: | | |
org.opencontainers.image.description=${{ env.ncd_description }} | |
org.opencontainers.image.source=${{ env.ncd_source }} | |
org.opencontainers.image.revision=${{ github.sha }} | |
org.opencontainers.image.created=${{ env.ncd_created }} | |
# Annotations in the registry: shows up on web UIs and in regctl | |
outputs: type=image,name=target,${{ env.ncd_annotation }} | |
tags: | | |
ghcr.io/nilcons/debian:sha-${{ env.ncd_shadatetag }} | |
ghcr.io/nilcons/debian:latest | |
docker.io/nilcons/debian:latest | |
push: true | |
# We disable attestations, as it results in an extra | |
# unknown/unknown architecture in ghcr package listing. | |
provenance: false | |
sbom: false | |
- name: Log run info to a branch | |
# This provides a branch where it's easy to see if a build | |
# succeeded for a commit hash. A happy side-effect might also | |
# be, that thanks to this branch, our automatic scheduled builds | |
# will hopefully not be deactivated after 60 days... We need | |
# that anyway, because we want to apply security updates from | |
# nilcons/debian automtaically once a month. | |
run: | | |
git fetch --no-write-fetch-head origin actions-log | |
git checkout actions-log | |
touch ${{ github.sha }} | |
git add ${{ github.sha }} | |
git config --global user.name Nilcons-Github-Action | |
git config --global user.email nilcons@users.noreply.github.com | |
git commit -m 'Pipeline finished' | |
git push | |
# We have this env section at the end, because the weird quoting that | |
# is needed inside of it is breaking emacs highlight behind it... | |
env: | |
ncd_source: https://github.com/nilcons/debian-docker | |
ncd_description: Debian with basic tools |