build-custom-image #142
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and push image to DockerHub and GitHub Container Registry | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| pull_request: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| inputs: | |
| manual-tag: | |
| description: 'Manual Tag' | |
| required: false | |
| default: 'main' | |
| type: string | |
| ghost_version: | |
| description: 'Ghost version' | |
| required: false | |
| default: '5.80.2' | |
| type: string | |
| jobs: | |
| docker: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write # needed for signing the images with GitHub OIDC Token | |
| steps: | |
| - | |
| name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 1 | |
| - name: Install Cosign | |
| if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' | |
| uses: sigstore/cosign-installer@v3.4.0 | |
| - | |
| name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| with: | |
| platforms: linux/amd64 | |
| - | |
| name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| driver-opts: | | |
| network=host | |
| image=moby/buildkit:master | |
| - | |
| name: Set up GHOST_VERSION and MANUAL_TAG values, depending on event type (push or workflow_dispatch) | |
| id: versions | |
| env: | |
| GITHUB_EVENT_NAME: ${{ github.event_name }} | |
| run: | | |
| if [ ${{ env.GITHUB_EVENT_NAME }} == workflow_dispatch ]; then | |
| echo "GHOST_VERSION=${{ github.event.inputs.ghost_version }}" >> $GITHUB_OUTPUT | |
| echo "MANUAL_TAG=${{ github.event.inputs.manual-tag }}" >> $GITHUB_OUTPUT | |
| else | |
| echo "GHOST_VERSION=$(curl -s https://api.github.com/repos/tryghost/ghost/releases/latest | jq '.name' | sed 's/\"//g')" >> $GITHUB_OUTPUT | |
| echo "MANUAL_TAG=main" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Show GHOST_VERSION | |
| run: | | |
| echo ${{ steps.versions.outputs.GHOST_VERSION }} && | |
| echo ${{ steps.versions.outputs.MANUAL_TAG }} | |
| - | |
| name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ghcr.io/${{ github.repository }} | |
| quay.io/${{ vars.QUAY_ORG }}/${{ github.event.repository.name }} | |
| docker.io/${{ vars.DOCKER_USER }}/${{ github.event.repository.name }} | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=raw,value=${{ steps.versions.outputs.MANUAL_TAG }} | |
| type=raw,value=v${{ steps.versions.outputs.GHOST_VERSION }} | |
| type=ref,event=branch,ref=main | |
| labels: | | |
| org.opencontainers.image.title=ghost-on-kubernetes | |
| org.opencontainers.image.vendor=https://sredevops.org | |
| org.opencontainers.image.source=https://github.com/sredevopsorg/ghost-on-kubernetes | |
| org.opencontainers.image.documentation=https://github.com/sredevopsorg/ghost-on-kubernetes/blob/main/README.md | |
| org.opencontainers.image.licenses=MIT | |
| org.opencontainers.image.url=https://github.com/sredevopsorg/ghost-on-kubernetes/pkgs/container/ghost-on-kubernetes | |
| - | |
| name: Login to DockerHub | |
| uses: docker/login-action@v3 | |
| if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' | |
| with: | |
| registry: docker.io | |
| username: ${{ vars.DOCKER_USER }} | |
| password: ${{ secrets.DOCKER_PASS }} | |
| - | |
| name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - | |
| name: Login to Quay Container Registry | |
| uses: docker/login-action@v3 | |
| continue-on-error: true | |
| if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' | |
| with: | |
| registry: quay.io | |
| username: ${{ vars.QUAY_USER }} | |
| password: ${{ secrets.QUAY_PASS }} | |
| - | |
| name: Build and push | |
| uses: docker/build-push-action@v5 | |
| id: build-and-push | |
| if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' | |
| with: | |
| context: . | |
| platforms: linux/amd64 | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| build-args: | | |
| GHOST_VERSION=${{ steps.versions.outputs.GHOST_VERSION }} | |
| - name: Sign image with a key | |
| if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' | |
| run: | | |
| images="" | |
| for tag in ${TAGS}; do | |
| images+="${tag}@${DIGEST} " | |
| done | |
| cosign sign --yes --key env://COSIGN_PRIVATE_KEY ${images} | |
| env: | |
| TAGS: ${{ steps.meta.outputs.tags }} | |
| COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} | |
| COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | |
| DIGEST: ${{ steps.build-and-push.outputs.digest }} | |
| - name: Sign the images with GitHub OIDC Token | |
| if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' | |
| env: | |
| DIGEST: ${{ steps.build-and-push.outputs.digest }} | |
| TAGS: ${{ steps.meta.outputs.tags }} | |
| run: | | |
| images="" | |
| for tag in ${TAGS}; do | |
| images+="${tag}@${DIGEST} " | |
| done | |
| cosign sign --yes ${images} | |
| - | |
| name: Build pull request | |
| uses: docker/build-push-action@v5 | |
| id: build-pr | |
| if: github.event_name == 'pull_request' | |
| with: | |
| context: . | |
| platforms: linux/amd64 | |
| push: false | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| build-args: | | |
| GHOST_VERSION=${{ steps.versions.outputs.GHOST_VERSION }} |