From 1a5ed44c3dbb975168095f36db560756211e54da Mon Sep 17 00:00:00 2001 From: Bart Geesink Date: Wed, 11 Oct 2023 11:31:36 +0200 Subject: [PATCH 1/2] GHA: Docker build: Use GITHUB token to log in to the container registry --- .github/workflows/main.yml | 99 +++++++++++++++++++++++++++----------- docker/Dockerfile | 4 +- 2 files changed, 73 insertions(+), 30 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index b9eb20eab..616a0c6ec 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -10,36 +10,77 @@ on: jobs: build: - runs-on: ubuntu-20.04 + permissions: + packages: write + contents: read steps: - - name: Check out the repo - uses: actions/checkout@v2 - - uses: actions/setup-node@v3 - with: - node-version: 14 - - name: Build the php-fpm container and push to GitHub Packages - uses: docker/build-push-action@v1 - with: - dockerfile: docker/Dockerfile - username: ${{ github.actor }} - password: ${{ secrets.GH_CONTAINER_REGISTRY_PAT }} - registry: ghcr.io - repository: surfnet/sp-dashboard/spdashboard_php-fpm - tag_with_ref: true - push: true - target: phpfpm-build - - - name: Build the Apache container and push to GitHub Packages - uses: docker/build-push-action@v1 - with: - dockerfile: docker/Dockerfile - username: ${{ github.actor }} - password: ${{ secrets.GH_CONTAINER_REGISTRY_PAT }} - registry: ghcr.io - repository: surfnet/sp-dashboard/spdashboard_web - tag_with_ref: true - push: true - target: httpd-build + - name: Check out the repo + uses: actions/checkout@v3 + + - uses: actions/setup-node@v3 + with: + node-version: 14 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + driver-opts: | + image=moby/buildkit:v0.12.0 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Set docker metadata for php fpm container + id: metaphpfpm + uses: docker/metadata-action@v5 + with: + images: | + ghcr.io/surfnet/sp-dashboard/spdashboard_php-fpm + tags: | + type=schedule + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=sha + + - name: Set docker metadata for web container + id: metahttpd + uses: docker/metadata-action@v5 + with: + images: | + ghcr.io/surfnet/sp-dashboard/spdashboard_web + tags: | + type=schedule + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=sha + + - name: Build the php-fpm container and push to GitHub Packages + uses: docker/build-push-action@v4 + with: + context: . + file: docker/Dockerfile + push: true + tags: ${{ steps.metaphpfpm.outputs.tags }} + target: phpfpm-build + + - name: Build the Apache container and push to GitHub Packages + uses: docker/build-push-action@v4 + with: + context: . + file: docker/Dockerfile + push: true + tags: ${{ steps.metahttpd.outputs.tags }} + target: httpd-build diff --git a/docker/Dockerfile b/docker/Dockerfile index 884edaa2d..36d3351e1 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -12,6 +12,7 @@ RUN yarn install && \ FROM ghcr.io/openconext/openconext-containers/openconext-httpd:latest AS httpd-build LABEL maintainer Bart Geesink (bart.geesink@surf.nl) +LABEL org.opencontainers.image.source=https://github.com/surfnet/sp-dashboard RUN mkdir -p /var/www/html/ COPY --from=node-build /var/www/html/public/. /var/www/html/public/ COPY --from=js-build /var/www/html/public/build/. /var/www/html/public/build/ @@ -37,7 +38,8 @@ COPY --from=node-build /var/www/html/composer.json /var/www/html/ COPY --from=js-build /var/www/html/public/build/. /var/www/html/public/build/ COPY --from=js-build /var/www/html/node_modules/. /var/www/html/node_modules/ -LABEL maintainer "Bart Geesink" +LABEL maintainer Bart Geesink (bart.geesink@surf.nl) +LABEL org.opencontainers.image.source=https://github.com/surfnet/sp-dashboard RUN mkdir -p /var/www/html/var/cache && \ mkdir -p /var/www/html/var/log && \ From 262369b3db9e70cfee7ce7301dbceb546eb9ff5c Mon Sep 17 00:00:00 2001 From: Bart Geesink Date: Wed, 11 Oct 2023 15:10:14 +0200 Subject: [PATCH 2/2] GHA docker: No need to tag with the SHA --- .github/workflows/main.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 616a0c6ec..c42ffb971 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -26,9 +26,6 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - with: - driver-opts: | - image=moby/buildkit:v0.12.0 - name: Login to GitHub Container Registry uses: docker/login-action@v2 @@ -50,7 +47,6 @@ jobs: type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{major}} - type=sha - name: Set docker metadata for web container id: metahttpd @@ -65,7 +61,6 @@ jobs: type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{major}} - type=sha - name: Build the php-fpm container and push to GitHub Packages uses: docker/build-push-action@v4