2022-10-28 01:51:24 +00:00
|
|
|
---
|
|
|
|
# This action is centrally managed in https://github.com/<organization>/.github/
|
|
|
|
# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in
|
|
|
|
# the above-mentioned repo.
|
|
|
|
|
|
|
|
name: CI Docker
|
|
|
|
|
|
|
|
on:
|
|
|
|
pull_request:
|
|
|
|
branches: [master, nightly]
|
|
|
|
types: [opened, synchronize, reopened]
|
|
|
|
push:
|
|
|
|
branches: [master, nightly]
|
|
|
|
workflow_dispatch:
|
|
|
|
|
|
|
|
jobs:
|
|
|
|
check_dockerfile:
|
|
|
|
name: Check Dockerfile
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
|
|
- name: Checkout
|
|
|
|
uses: actions/checkout@v3
|
|
|
|
|
|
|
|
- name: Check
|
|
|
|
id: check
|
|
|
|
run: |
|
|
|
|
if [ -f "./Dockerfile" ]
|
|
|
|
then
|
|
|
|
FOUND=true
|
|
|
|
else
|
|
|
|
FOUND=false
|
|
|
|
fi
|
|
|
|
|
|
|
|
echo "dockerfile=${FOUND}" >> $GITHUB_OUTPUT
|
|
|
|
|
|
|
|
outputs:
|
|
|
|
dockerfile: ${{ steps.check.outputs.dockerfile }}
|
|
|
|
|
|
|
|
lint_dockerfile:
|
|
|
|
name: Lint Dockerfile
|
|
|
|
needs: [check_dockerfile]
|
|
|
|
if: ${{ needs.check_dockerfile.outputs.dockerfile == 'true' }}
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
|
|
- name: Checkout
|
|
|
|
uses: actions/checkout@v3
|
|
|
|
|
|
|
|
- name: Hadolint
|
|
|
|
id: hadolint
|
2022-11-18 17:30:39 +00:00
|
|
|
uses: hadolint/hadolint-action@v3.0.0
|
2022-10-28 01:51:24 +00:00
|
|
|
with:
|
|
|
|
dockerfile: ./Dockerfile
|
|
|
|
ignore: DL3008,DL3013,DL3016,DL3018,DL3028,DL3059
|
|
|
|
output-file: ./hadolint.log
|
|
|
|
verbose: true
|
|
|
|
|
|
|
|
- name: Log
|
|
|
|
if: failure()
|
|
|
|
run: |
|
|
|
|
echo "Hadolint outcome: ${{ steps.hadolint.outcome }}" >> $GITHUB_STEP_SUMMARY
|
|
|
|
cat "./hadolint.log" >> $GITHUB_STEP_SUMMARY
|
|
|
|
|
|
|
|
check_changelog:
|
|
|
|
name: Check Changelog
|
|
|
|
needs: [check_dockerfile]
|
|
|
|
if: ${{ needs.check_dockerfile.outputs.dockerfile == 'true' }}
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
|
|
- name: Checkout
|
|
|
|
if: ${{ github.ref == 'refs/heads/master' || github.base_ref == 'master' }}
|
|
|
|
uses: actions/checkout@v3
|
|
|
|
|
|
|
|
- name: Verify Changelog
|
|
|
|
id: verify_changelog
|
|
|
|
if: ${{ github.ref == 'refs/heads/master' || github.base_ref == 'master' }}
|
|
|
|
# base_ref for pull request check, ref for push
|
|
|
|
uses: LizardByte/.github/actions/verify_changelog@master
|
|
|
|
with:
|
|
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
outputs:
|
|
|
|
next_version: ${{ steps.verify_changelog.outputs.changelog_parser_version }}
|
|
|
|
|
|
|
|
docker:
|
|
|
|
name: Docker
|
|
|
|
needs: [check_dockerfile, check_changelog]
|
|
|
|
if: ${{ needs.check_dockerfile.outputs.dockerfile == 'true' }}
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
permissions:
|
|
|
|
packages: write
|
|
|
|
contents: write
|
|
|
|
|
|
|
|
steps:
|
|
|
|
- name: Checkout
|
|
|
|
uses: actions/checkout@v3
|
|
|
|
with:
|
|
|
|
submodules: recursive
|
|
|
|
|
|
|
|
- name: Prepare
|
|
|
|
id: prepare
|
|
|
|
env:
|
|
|
|
NEXT_VERSION: ${{ needs.check_changelog.outputs.next_version }}
|
|
|
|
run: |
|
|
|
|
# get branch name
|
|
|
|
BRANCH=${GITHUB_HEAD_REF}
|
|
|
|
|
|
|
|
if [ -z "$BRANCH" ]
|
|
|
|
then
|
|
|
|
echo "This is a PUSH event"
|
|
|
|
BRANCH=${{ github.ref_name }}
|
|
|
|
fi
|
|
|
|
|
|
|
|
# determine to push image to dockerhub and ghcr or not
|
|
|
|
if [[ $GITHUB_EVENT_NAME == "push" ]]; then
|
|
|
|
PUSH=true
|
|
|
|
else
|
|
|
|
PUSH=false
|
|
|
|
fi
|
|
|
|
|
|
|
|
# setup the tags
|
|
|
|
REPOSITORY=${{ github.repository }}
|
|
|
|
BASE_TAG=$(echo $REPOSITORY | tr '[:upper:]' '[:lower:]')
|
|
|
|
COMMIT=${{ github.sha }}
|
|
|
|
|
|
|
|
TAGS="${BASE_TAG}:${COMMIT:0:7},ghcr.io/${BASE_TAG}:${COMMIT:0:7}"
|
|
|
|
|
|
|
|
if [[ $GITHUB_REF == refs/heads/master ]]; then
|
|
|
|
TAGS="${TAGS},${BASE_TAG}:latest,ghcr.io/${BASE_TAG}:latest"
|
|
|
|
TAGS="${TAGS},${BASE_TAG}:master,ghcr.io/${BASE_TAG}:master"
|
|
|
|
elif [[ $GITHUB_REF == refs/heads/nightly ]]; then
|
|
|
|
TAGS="${TAGS},${BASE_TAG}:nightly,ghcr.io/${BASE_TAG}:nightly"
|
|
|
|
else
|
|
|
|
TAGS="${TAGS},${BASE_TAG}:test,ghcr.io/${BASE_TAG}:test"
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [[ ${NEXT_VERSION} != "" ]]; then
|
|
|
|
TAGS="${TAGS},${BASE_TAG}:${NEXT_VERSION},ghcr.io/${BASE_TAG}:${NEXT_VERSION}"
|
|
|
|
fi
|
|
|
|
|
|
|
|
# read the platforms from `.docker_platforms`
|
|
|
|
PLATFORMS=$(<.docker_platforms)
|
|
|
|
|
|
|
|
echo "branch=${BRANCH}" >> $GITHUB_OUTPUT
|
|
|
|
echo "build_date=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
|
|
|
|
echo "commit=${COMMIT}" >> $GITHUB_OUTPUT
|
|
|
|
echo "platforms=${PLATFORMS}" >> $GITHUB_OUTPUT
|
|
|
|
echo "push=${PUSH}" >> $GITHUB_OUTPUT
|
|
|
|
echo "tags=${TAGS}" >> $GITHUB_OUTPUT
|
|
|
|
|
|
|
|
- name: Set Up QEMU
|
|
|
|
uses: docker/setup-qemu-action@v2
|
|
|
|
|
|
|
|
- name: Set up Docker Buildx
|
|
|
|
uses: docker/setup-buildx-action@v2
|
|
|
|
id: buildx
|
|
|
|
|
|
|
|
- name: Cache Docker Layers
|
|
|
|
uses: actions/cache@v3
|
|
|
|
with:
|
|
|
|
path: /tmp/.buildx-cache
|
|
|
|
key: ${{ runner.os }}-buildx-${{ github.sha }}
|
|
|
|
restore-keys: |
|
|
|
|
${{ runner.os }}-buildx-
|
|
|
|
|
|
|
|
- name: Log in to Docker Hub
|
|
|
|
if: ${{ steps.prepare.outputs.push == 'true' }} # PRs do not have access to secrets
|
|
|
|
uses: docker/login-action@v2
|
|
|
|
with:
|
|
|
|
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
|
|
|
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
|
|
|
|
|
|
|
|
- name: Log in to the Container registry
|
|
|
|
if: ${{ steps.prepare.outputs.push == 'true' }} # PRs do not have access to secrets
|
|
|
|
uses: docker/login-action@v2
|
|
|
|
with:
|
|
|
|
registry: ghcr.io
|
|
|
|
username: ${{ secrets.GH_BOT_NAME }}
|
|
|
|
password: ${{ secrets.GH_BOT_TOKEN }}
|
|
|
|
|
|
|
|
- name: Build and push
|
|
|
|
uses: docker/build-push-action@v3
|
|
|
|
with:
|
|
|
|
context: ./
|
|
|
|
file: ./Dockerfile
|
|
|
|
push: ${{ steps.prepare.outputs.push }}
|
|
|
|
platforms: ${{ steps.prepare.outputs.platforms }}
|
|
|
|
build-args: |
|
|
|
|
BRANCH=${{ steps.prepare.outputs.branch }}
|
|
|
|
BUILD_DATE=${{ steps.prepare.outputs.build_date }}
|
|
|
|
BUILD_VERSION=${{ needs.check_changelog.outputs.next_version }}
|
|
|
|
COMMIT=${{ steps.prepare.outputs.commit }}
|
|
|
|
tags: ${{ steps.prepare.outputs.tags }}
|
|
|
|
cache-from: type=local,src=/tmp/.buildx-cache
|
|
|
|
cache-to: type=local,dest=/tmp/.buildx-cache
|
|
|
|
|
|
|
|
- name: Update Docker Hub Description
|
|
|
|
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }}
|
|
|
|
uses: peter-evans/dockerhub-description@v3
|
|
|
|
with:
|
|
|
|
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
|
|
|
password: ${{ secrets.DOCKER_HUB_PASSWORD }} # token is not currently supported
|
|
|
|
repository: ${{ env.BASE_TAG }}
|
|
|
|
short-description: ${{ github.event.repository.description }}
|
|
|
|
readme-filepath: ./DOCKER_README.md
|