ghcr-image-main #9
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ghcr-image-main | |
on: | |
push: | |
branches: | |
- main | |
workflow_dispatch: | |
env: | |
REGISTRY: ghcr.io | |
IMAGE_NAME: ${{ github.repository }} | |
IMAGE_TAG: nightly | |
jobs: | |
meta: | |
runs-on: ubuntu-latest | |
timeout-minutes: 5 | |
outputs: | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
annotations: ${{ steps.meta.outputs.annotations }} | |
json: ${{ steps.meta.outputs.json }} | |
image-name: ${{ steps.custom-meta.outputs.image-name }} | |
steps: | |
- name: Checkout current fork HEAD | |
uses: actions/checkout@v4.1.5 | |
with: | |
fetch-depth: 0 | |
show-progress: false | |
- name: Set up upstream git remote | |
run: | | |
upstream="$(gh repo view "${{ github.repository }}" --json parent --jq '.parent.owner.login + "/" + .parent.name')" | |
echo "upstream=$upstream" | |
git remote add upstream "https://github.com/$upstream.git" | |
git fetch upstream "${{ github.event.repository.default_branch }}" | |
env: | |
GH_TOKEN: ${{ github.token }} | |
- name: Determine number of commits on top of upstream | |
id: check-extra-commits | |
run: | | |
commit_count="$(git rev-list --count "upstream/${{ github.event.repository.default_branch }}..$GITHUB_REF_NAME")" | |
echo "commit-count=$commit_count" | tee -a "$GITHUB_OUTPUT" | |
- name: Discard our commits | |
run: | | |
git reset --hard "HEAD~${{ steps.check-extra-commits.outputs.commit-count }}" | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 | |
with: | |
context: git | |
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
tags: | | |
type=raw,value=${{ env.IMAGE_TAG }} | |
type=sha,format=long,priority=899 | |
type=sha,format=short | |
- name: Extract image name | |
id: custom-meta | |
run: | | |
echo "image-name=${DOCKER_TAG%%:*}" | tee -a $GITHUB_OUTPUT | |
env: | |
DOCKER_TAG: ${{ fromJSON(steps.meta.outputs.json).tags[0] }} | |
build: | |
runs-on: ubuntu-latest | |
timeout-minutes: 15 | |
needs: | |
- meta | |
strategy: | |
fail-fast: false | |
matrix: | |
platform: | |
- linux/amd64 | |
- linux/arm64 | |
env: | |
REGISTRY_IMAGE: ${{ needs.meta.outputs.image-name }} | |
steps: | |
- name: Prepare | |
id: meta | |
run: | | |
platform=${{ matrix.platform }} | |
echo "platform-pair=${platform//\//-}" | tee -a "$GITHUB_OUTPUT" | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 | |
with: | |
platforms: arm64 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 | |
- name: Log in to GHCR | |
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.1.0 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
# We can't build directly from git, as that will prevent .git from being available during the build process. | |
# lemmy-ui's Dockerfile requires the .git folder to set the version. | |
- name: Checkout git repository | |
uses: actions/checkout@v4.1.5 | |
with: | |
fetch-depth: 0 | |
show-progress: false | |
submodules: recursive | |
- name: Build Docker image | |
id: build | |
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.3.0 | |
with: | |
context: . | |
platforms: ${{ matrix.platform }} | |
labels: ${{ needs.meta.outputs.labels }} | |
annotations: ${{ needs.meta.outputs.annotations }} | |
outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
env: | |
SOURCE_DATE_EPOCH: 0 | |
- name: Export image digest | |
run: | | |
mkdir -p /tmp/digests | |
digest="${{ steps.build.outputs.digest }}" | |
touch "/tmp/digests/${digest#sha256:}" | |
- name: Upload digest | |
uses: actions/upload-artifact@v4.3.3 | |
with: | |
name: digests-${{ steps.meta.outputs.platform-pair }} | |
path: /tmp/digests/* | |
if-no-files-found: error | |
retention-days: 1 | |
merge: | |
runs-on: ubuntu-latest | |
timeout-minutes: 5 | |
needs: | |
- meta | |
- build | |
permissions: | |
contents: read | |
packages: write | |
env: | |
REGISTRY_IMAGE: ${{ needs.meta.outputs.image-name }} | |
steps: | |
- name: Download digests | |
uses: actions/download-artifact@v4.1.7 | |
with: | |
path: /tmp/digests | |
pattern: digests-* | |
merge-multiple: true | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 | |
- name: Log in to GHCR | |
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.1.0 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Create manifest list and push | |
working-directory: /tmp/digests | |
run: | | |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | |
$(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *) | |
env: | |
DOCKER_METADATA_OUTPUT_JSON: ${{ needs.meta.outputs.json }} | |
- name: Inspect image | |
run: | | |
docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ env.IMAGE_TAG }} |