diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml deleted file mode 100644 index 5fcc7c4..0000000 --- a/.github/workflows/deploy.yml +++ /dev/null @@ -1,48 +0,0 @@ -name: Build - -on: - push: - branches: [master] - pull_request: - branches: [master] - -jobs: - build: - if: "!contains(github.event.head_commit.message, 'skip ci')" - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@v2 - - name: "Automated Version Bump" - uses: "phips28/gh-action-bump-version@master" - with: - tag-prefix: "" - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Read package.json - uses: tyankatsu0105/read-package-version-actions@v1 - id: package-version - - name: Set up QEMU - uses: docker/setup-qemu-action@v1 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - name: Build and push - uses: docker/build-push-action@v2 - with: - context: . - file: ./Dockerfile - platforms: linux/amd64,linux/arm64,linux/arm/v7 - push: true - tags: | - zibbp/radium:latest - zibbp/radium:${{ steps.package-version.outputs.version }} - - name: Bump version - uses: stefanzweifel/git-auto-commit-action@v4.4.0 - with: - commit_message: "Updated version to ${{ steps.bump_version.outputs.next-version }}" diff --git a/.github/workflows/develop.yml b/.github/workflows/develop.yml deleted file mode 100644 index 4cce0ee..0000000 --- a/.github/workflows/develop.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: Build - -on: - push: - branches: [develop] - -jobs: - build: - if: "!contains(github.event.head_commit.message, 'skip ci')" - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - name: Build the Docker image - run: docker build . --file Dockerfile --tag my-image-name:$(date +%s) - - name: Publish to Docker Hub - uses: elgohr/Publish-Docker-Github-Action@master - with: - name: zibbp/radium - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - dockerfile: ./Dockerfile - context: "." - tags: "dev" diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml new file mode 100644 index 0000000..e8b4045 --- /dev/null +++ b/.github/workflows/docker-publish.yml @@ -0,0 +1,90 @@ +name: Docker + +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +on: + # schedule: + # - cron: '31 11 * * *' + push: + branches: [master] + # Publish semver tags as releases. + tags: ["v*.*.*"] + pull_request: + branches: [master] + +env: + # Use docker.io for Docker Hub if empty + REGISTRY: ghcr.io + # github.repository as / + IMAGE_NAME: ${{ github.repository }} + +jobs: + build: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + # This is used to complete the identity challenge + # with sigstore/fulcio when running outside of PRs. + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + # Install the cosign tool except on PR + # https://github.com/sigstore/cosign-installer + - name: Install cosign + if: github.event_name != 'pull_request' + uses: sigstore/cosign-installer@1e95c1de343b5b0c23352d6417ee3e48d5bcd422 + with: + cosign-release: "v1.4.0" + + # Workaround: https://github.com/docker/build-push-action/issues/461 + - name: Setup Docker buildx + uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf + + # Login against a Docker registry except on PR + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + # Build and push Docker image with Buildx (don't push on PR) + # https://github.com/docker/build-push-action + - name: Build and push Docker image + id: build-and-push + uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc + with: + context: . + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + # Sign the resulting Docker image digest except on PRs. + # This will only write to the public Rekor transparency log when the Docker + # repository is public to avoid leaking data. If you would like to publish + # transparency data even for private images, pass --force to cosign below. + # https://github.com/sigstore/cosign + # - name: Sign the published Docker image + # if: ${{ github.event_name != 'pull_request' }} + # env: + # COSIGN_EXPERIMENTAL: 'true' + # # This step uses the identity token to provision an ephemeral certificate + # # against the sigstore community Fulcio instance. + # run: cosign sign ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}