Docker Image Builds #451
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker Image Builds | |
| on: | |
| schedule: | |
| - cron: '30 */12 * * *' | |
| workflow_dispatch: | |
| push: | |
| paths: | |
| - docker/** | |
| - .github/workflows/docker-buildops.yml | |
| env: | |
| IMAGE_NAME_PREFIX: ${{ github.repository }} | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| attestations: write | |
| jobs: | |
| mkdocs-material: | |
| name: Custom image on Material for Mkdocs | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Remove cached images | |
| run: docker system prune -a --force | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Load secrets with dotenvx | |
| uses: andreijiroh-dev/[email protected] | |
| if: github.event_name != 'pull_request' | |
| id: dotenvx | |
| with: | |
| path: .env.ci | |
| key: ${{ secrets.DOTENV_PRIVATE_KEY_CI }} | |
| # Workaround: https://github.com/docker/build-push-action/issues/461 | |
| - name: Setup Docker buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| buildkitd-flags: --debug | |
| # Login against a Docker registry except on PR | |
| # https://github.com/docker/login-action | |
| - name: Sign in to GitLab Dependency Proxy | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: mau.dev | |
| username: ${{ steps.dotenvx.outputs.GLCR_MAUDEV_BOT_USERNAME }} | |
| password: ${{ steps.dotenvx.outputs.GLCR_MAUDEV_BOT_PASSWORD }} | |
| - name: Log into Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ steps.dotenvx.outputs.DOCKER_USERNAME }} | |
| password: ${{ steps.dotenvx.outputs.DOCKER_PASSWORD }} | |
| - name: Log into GHCR | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ steps.dotenvx.outputs.GHCR_BOT_USERNAME }} | |
| password: ${{ steps.dotenvx.outputs.GHCR_BOT_PASSWORD }} | |
| - name: Log into RHQCR | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: quay.io | |
| username: ${{ steps.dotenvx.outputs.RHQCR_BOT_USERNAME }} | |
| password: ${{ steps.dotenvx.outputs.RHQCR_BOT_PASSWORD }} | |
| - name: Login into GLCR on mau.dev | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: dock.mau.dev | |
| username: ${{ steps.dotenvx.outputs.GLCR_MAUDEV_BOT_USERNAME }} | |
| password: ${{ steps.dotenvx.outputs.GLCR_MAUDEV_BOT_PASSWORD }} | |
| # Extract metadata (tags, labels) for Docker | |
| # https://github.com/docker/metadata-action | |
| - name: Extract Docker metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ghcr.io/${{ env.IMAGE_NAME_PREFIX }}/mkdocs-material | |
| dock.mau.dev/${{ env.IMAGE_NAME_PREFIX }}/mkdocs-material | |
| quay.io/andreijiroh-dev/mkdocs-material | |
| index.docker.io/ajhalili2006/mkdocs-material | |
| tags: | | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| type=sha,enable=true,priority=100,prefix=commit-,suffix=,format=long | |
| type=schedule,pattern=nightly | |
| type=schedule,prefix=nightly-,pattern={{date 'YYYYMMDDhhmmss'}} | |
| type=raw,prefix=branch-,value={{branch}} | |
| # Build and push Docker image with Buildx (don't push on PR) | |
| # https://github.com/docker/build-push-action | |
| - name: Build and push Docker image | |
| id: build | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: docker/mkdocs-material | |
| # workaround: https://github.com/moby/buildkit/issues/2713#issuecomment-1068540101 | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| pull: true | |
| provenance: mode=max | |
| sbom: true | |
| - name: Generate image attestation for GHCR | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-name: ghcr.io/${{ env.IMAGE_NAME_PREFIX }}/mkdocs-material | |
| subject-digest: ${{ steps.build.outputs.digest }} | |
| push-to-registry: true | |
| #- name: Generate image attestation for GitLab Container Registry | |
| # uses: actions/attest-build-provenance@v1 | |
| # with: | |
| # subject-name: dock.mau.dev/${{ env.IMAGE_NAME_PREFIX }}/mkdocs-material | |
| # subject-digest: ${{ steps.build.outputs.digest }} | |
| # push-to-registry: true | |
| - name: Generate image attestation for RHQCR | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-name: quay.io/andreijiroh-dev/mkdocs-material | |
| subject-digest: ${{ steps.build.outputs.digest }} | |
| push-to-registry: true | |
| - name: Generate image attestation for Docker Hub | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-name: index.docker.io/ajhalili2006/mkdocs-material | |
| subject-digest: ${{ steps.build.outputs.digest }} | |
| push-to-registry: true | |
| devenv-base: | |
| name: "base devenv image" | |
| runs-on: ubuntu-latest | |
| outputs: | |
| baseImageTags: ${{steps.meta.outputs.tags}} | |
| steps: | |
| - name: Remove cached images | |
| run: docker system prune -a --force | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Load secrets with dotenvx | |
| uses: andreijiroh-dev/[email protected] | |
| if: github.event_name != 'pull_request' | |
| id: dotenvx | |
| with: | |
| path: .env.ci | |
| key: ${{ secrets.DOTENV_PRIVATE_KEY_CI }} | |
| # Workaround: https://github.com/docker/build-push-action/issues/461 | |
| - name: Setup Docker buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| buildkitd-flags: --debug | |
| # Login against a Docker registry except on PR | |
| # https://github.com/docker/login-action | |
| - name: Sign in to GitLab Dependency Proxy | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: mau.dev | |
| username: ${{ steps.dotenvx.outputs.GLCR_MAUDEV_BOT_USERNAME }} | |
| password: ${{ steps.dotenvx.outputs.GLCR_MAUDEV_BOT_PASSWORD }} | |
| - name: Log into Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ steps.dotenvx.outputs.DOCKER_USERNAME }} | |
| password: ${{ steps.dotenvx.outputs.DOCKER_PASSWORD }} | |
| - name: Log into GHCR | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ steps.dotenvx.outputs.GHCR_BOT_USERNAME }} | |
| password: ${{ steps.dotenvx.outputs.GHCR_BOT_PASSWORD }} | |
| - name: Log into RHQCR | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: quay.io | |
| username: ${{ steps.dotenvx.outputs.RHQCR_BOT_USERNAME }} | |
| password: ${{ steps.dotenvx.outputs.RHQCR_BOT_PASSWORD }} | |
| - name: Login into GLCR on mau.dev | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: dock.mau.dev | |
| username: ${{ steps.dotenvx.outputs.GLCR_MAUDEV_BOT_USERNAME }} | |
| password: ${{ steps.dotenvx.outputs.GLCR_MAUDEV_BOT_PASSWORD }} | |
| # Extract metadata (tags, labels) for Docker | |
| # https://github.com/docker/metadata-action | |
| - name: Extract Docker metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ghcr.io/${{ env.IMAGE_NAME_PREFIX }}/devenv/base | |
| dock.mau.dev/${{ env.IMAGE_NAME_PREFIX }}/devenv/base | |
| quay.io/andreijiroh-dev/devenv-base | |
| index.docker.io/ajhalili2006/devenv-base | |
| tags: | | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| type=sha,enable=true,priority=100,prefix=commit-,suffix=,format=long | |
| type=schedule,pattern=nightly | |
| type=schedule,prefix=nightly-,pattern={{date 'YYYYMMDDhhmmss'}} | |
| type=raw,prefix=branch-,value={{branch}} | |
| # Build and push Docker image with Buildx (don't push on PR) | |
| # https://github.com/docker/build-push-action | |
| - name: Build and push Docker image | |
| id: build | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: docker/devenv/base | |
| # workaround: https://github.com/moby/buildkit/issues/2713#issuecomment-1068540101 | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| pull: true | |
| provenance: mode=max | |
| sbom: true | |
| - name: Generate image attestation for GHCR | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-name: ghcr.io/${{ env.IMAGE_NAME_PREFIX }}/devenv/base | |
| subject-digest: ${{ steps.build.outputs.digest }} | |
| push-to-registry: true | |
| - name: Generate image attestation for RHQCR | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-name: quay.io/andreijiroh-dev/devenv-base | |
| subject-digest: ${{ steps.build.outputs.digest }} | |
| push-to-registry: true | |
| - name: Generate image attestation for Docker Hub | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-name: index.docker.io/ajhalili2006/devenv-base | |
| subject-digest: ${{ steps.build.outputs.digest }} | |
| push-to-registry: true | |
| pkgops-alpine: | |
| name: "Alpine Linux - aports package maintainer image" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Remove cached images | |
| run: docker system prune -a --force | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Load secrets with dotenvx | |
| uses: andreijiroh-dev/[email protected] | |
| if: github.event_name != 'pull_request' | |
| id: dotenvx | |
| with: | |
| path: .env.ci | |
| key: ${{ secrets.DOTENV_PRIVATE_KEY_CI }} | |
| # Workaround: https://github.com/docker/build-push-action/issues/461 | |
| - name: Setup Docker buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| buildkitd-flags: --debug | |
| # Login against a Docker registry except on PR | |
| # https://github.com/docker/login-action | |
| - name: Sign in to GitLab Dependency Proxy | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: mau.dev | |
| username: ${{ steps.dotenvx.outputs.GLCR_MAUDEV_BOT_USERNAME }} | |
| password: ${{ steps.dotenvx.outputs.GLCR_MAUDEV_BOT_PASSWORD }} | |
| - name: Log into Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ steps.dotenvx.outputs.DOCKER_USERNAME }} | |
| password: ${{ steps.dotenvx.outputs.DOCKER_PASSWORD }} | |
| - name: Log into GHCR | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ steps.dotenvx.outputs.GHCR_BOT_USERNAME }} | |
| password: ${{ steps.dotenvx.outputs.GHCR_BOT_PASSWORD }} | |
| - name: Log into RHQCR | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: quay.io | |
| username: ${{ steps.dotenvx.outputs.RHQCR_BOT_USERNAME }} | |
| password: ${{ steps.dotenvx.outputs.RHQCR_BOT_PASSWORD }} | |
| - name: Login into GLCR on mau.dev | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: dock.mau.dev | |
| username: ${{ steps.dotenvx.outputs.GLCR_MAUDEV_BOT_USERNAME }} | |
| password: ${{ steps.dotenvx.outputs.GLCR_MAUDEV_BOT_PASSWORD }} | |
| - name: Extract Docker metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ghcr.io/${{ env.IMAGE_NAME_PREFIX }}/pkgops-alpine | |
| dock.mau.dev/${{ env.IMAGE_NAME_PREFIX }}/pkgops-alpine | |
| quay.io/andreijiroh-dev/pkgops-alpine | |
| index.docker.io/ajhalili2006/pkgsops-alpine | |
| tags: | | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| type=sha,enable=true,priority=100,prefix=commit-,suffix=,format=long | |
| type=schedule,pattern=nightly | |
| type=schedule,prefix=nightly-,pattern={{date 'YYYYMMDDhhmmss'}} | |
| type=raw,prefix=branch-,value={{branch}} | |
| - name: Build and push image | |
| uses: docker/build-push-action@v6 | |
| id: build | |
| with: | |
| context: docker/pkgops-alpine | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| pull: true | |
| provenance: mode=max | |
| sbom: true | |
| - name: Generate image attestation for GHCR | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-name: ghcr.io/${{ env.IMAGE_NAME_PREFIX }}/pkgops-alpine | |
| subject-digest: ${{ steps.build.outputs.digest }} | |
| push-to-registry: true | |
| #- name: Generate image attestation for GitLab Container Registry | |
| # uses: actions/attest-build-provenance@v1 | |
| # with: | |
| # subject-name: dock.mau.dev/${{ env.IMAGE_NAME_PREFIX }}/pkgops-alpine | |
| # subject-digest: ${{ steps.build.outputs.digest }} | |
| # push-to-registry: true | |
| - name: Generate image attestation for RHQCR | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-name: quay.io/andreijiroh-dev/pkgops-alpine | |
| subject-digest: ${{ steps.build.outputs.digest }} | |
| push-to-registry: true | |
| - name: Generate image attestation for Docker Hub | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-name: index.docker.io/ajhalili2006/pkgsops-alpine | |
| subject-digest: ${{ steps.build.outputs.digest }} | |
| push-to-registry: true | |
| caddy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Remove cached images | |
| run: docker system prune -a --force | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Load secrets with dotenvx | |
| uses: andreijiroh-dev/[email protected] | |
| if: github.event_name != 'pull_request' | |
| id: dotenvx | |
| with: | |
| path: .env.ci | |
| key: ${{ secrets.DOTENV_PRIVATE_KEY_CI }} | |
| # Workaround: https://github.com/docker/build-push-action/issues/461 | |
| - name: Setup Docker buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| buildkitd-flags: --debug | |
| # Login against a Docker registry except on PR | |
| # https://github.com/docker/login-action | |
| - name: Sign in to GitLab Dependency Proxy | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: mau.dev | |
| username: ${{ steps.dotenvx.outputs.GLCR_MAUDEV_BOT_USERNAME }} | |
| password: ${{ steps.dotenvx.outputs.GLCR_MAUDEV_BOT_PASSWORD }} | |
| - name: Login into GLCR on mau.dev | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: dock.mau.dev | |
| username: ${{ steps.dotenvx.outputs.GLCR_MAUDEV_BOT_USERNAME }} | |
| password: ${{ steps.dotenvx.outputs.GLCR_MAUDEV_BOT_PASSWORD }} | |
| - name: Log into GHCR | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ steps.dotenvx.outputs.GHCR_BOT_USERNAME }} | |
| password: ${{ steps.dotenvx.outputs.GHCR_BOT_PASSWORD }} | |
| - name: Extract Docker metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ghcr.io/${{ env.IMAGE_NAME_PREFIX }}/caddy | |
| dock.mau.dev/${{ env.IMAGE_NAME_PREFIX }}/caddy | |
| tags: | | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| type=sha,enable=true,priority=100,prefix=commit-,suffix=,format=long | |
| type=schedule,pattern=nightly | |
| type=schedule,prefix=nightly-,pattern={{date 'YYYYMMDDhhmmss'}} | |
| type=raw,prefix=branch-,value={{branch}} | |
| - name: Extract Docker metadata for FrankenPHP | |
| id: meta-frankenphp | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ghcr.io/${{ env.IMAGE_NAME_PREFIX }}/frankenphp | |
| dock.mau.dev/${{ env.IMAGE_NAME_PREFIX }}/franken-php | |
| tags: | | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| type=sha,enable=true,priority=100,prefix=commit-,suffix=,format=long | |
| type=schedule,pattern=nightly | |
| type=schedule,prefix=nightly-,pattern={{date 'YYYYMMDDhhmmss'}} | |
| type=raw,prefix=branch-,value={{branch}} | |
| - name: Build and push image | |
| uses: docker/build-push-action@v6 | |
| id: build-main | |
| with: | |
| context: docker/caddy | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| pull: true | |
| provenance: mode=max | |
| sbom: true | |
| - name: Build and push image for FrankenPHP | |
| uses: docker/build-push-action@v6 | |
| id: build-fphp | |
| continue-on-error: true | |
| with: | |
| context: docker/pkgops-alpine | |
| file: docker/pkgops-alpine/php.Dockerfile | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta-frankenphp.outputs.tags }} | |
| labels: ${{ steps.meta-frankenphp.outputs.labels }} | |
| pull: true | |
| provenance: mode=max | |
| sbom: true | |