Docker #3942
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker | |
| permissions: read-all | |
| on: | |
| schedule: | |
| - cron: '25 12 * * *' | |
| push: | |
| branches: [ main, docker-build-fix ] | |
| tags: [ 'v*.*.*' ] # Publish semver tags as releases. | |
| pull_request: | |
| branches: [ main, docker-build-fix ] | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: warp-tech/warpgate | |
| jobs: | |
| build: | |
| runs-on: ${{matrix.os}} | |
| strategy: | |
| matrix: | |
| include: | |
| - os: ubuntu-24.04 | |
| docker-platform: linux/amd64 | |
| matrix-id: amd64 | |
| - os: ubuntu-24.04-arm | |
| docker-platform: linux/arm64 | |
| matrix-id: arm64 | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| attestations: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 | |
| with: | |
| submodules: recursive | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 | |
| - name: Log into registry ${{ env.REGISTRY }} | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| - name: Build Docker image without pushing | |
| if: github.event_name == 'pull_request' | |
| id: build-no-push | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 | |
| with: | |
| file: docker/Dockerfile | |
| context: . | |
| push: false | |
| labels: ${{ steps.meta.outputs.labels }} | |
| platforms: ${{ matrix.docker-platform }} | |
| cache-from: type=gha,scope=build-${{ matrix.docker-platform }} | |
| - name: Build and push Docker image | |
| if: github.event_name != 'pull_request' | |
| id: build | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 | |
| with: | |
| file: docker/Dockerfile | |
| context: . | |
| push: true | |
| labels: ${{ steps.meta.outputs.labels }} | |
| platforms: ${{ matrix.docker-platform }} | |
| cache-from: type=gha,scope=build-${{ matrix.docker-platform }} | |
| cache-to: type=gha,scope=build-${{ matrix.docker-platform }} | |
| outputs: type=image,"name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}",push-by-digest=true,name-canonical=true,push=true | |
| # Provenance attestations generates an unknown/unknown platform layer | |
| # that causes issues, see #1255 | |
| attests: '' | |
| provenance: false | |
| - name: Export digest | |
| if: github.event_name != 'pull_request' | |
| run: | | |
| mkdir -p ${{ runner.temp }}/digests | |
| digest="${{ steps.build.outputs.digest }}" | |
| touch "${{ runner.temp }}/digests/${digest#sha256:}" | |
| - name: Upload digest | |
| if: github.event_name != 'pull_request' | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 | |
| with: | |
| name: digests-${{ matrix.matrix-id }} | |
| path: ${{ runner.temp }}/digests/* | |
| if-no-files-found: error | |
| retention-days: 1 | |
| merge: | |
| if: github.event_name != 'pull_request' | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| attestations: write | |
| steps: | |
| - name: Download digests | |
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 | |
| with: | |
| path: ${{ runner.temp }}/digests | |
| pattern: digests-* | |
| merge-multiple: true | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 | |
| - name: Log into registry ${{ env.REGISTRY }} | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=ref,event=branch | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=schedule | |
| - name: Create manifest list and push | |
| working-directory: ${{ runner.temp }}/digests | |
| run: | | |
| docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | |
| $(printf '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s ' *) | |
| - name: Inspect image | |
| run: | | |
| docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }} |