build(docker): use debian as base image #614
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Docker | |
on: | |
push: | |
branches: ["main"] | |
# Publish semver tags as releases. | |
tags: ["v*.*.*"] | |
pull_request: | |
branches: ["main"] | |
env: | |
# Use docker.io for Docker Hub if empty | |
REGISTRY: ghcr.io | |
# github.repository as <account>/<repo> | |
IMAGE_NAME: ${{ github.repository }} | |
jobs: | |
build-push-amd64: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
# This is used to complete the identity challenge | |
# with sigstore/fulcio when running outside of PRs. | |
id-token: write | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
# Workaround: https://github.com/docker/build-push-action/issues/461 | |
- name: Setup Docker buildx | |
uses: docker/[email protected] | |
# Login against a Docker registry except on PR | |
# https://github.com/docker/login-action | |
- name: Log into registry ${{ env.REGISTRY }} | |
if: github.event_name != 'pull_request' | |
uses: docker/[email protected] | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
# Extract metadata (tags, labels) for Docker | |
# https://github.com/docker/metadata-action | |
- name: Extract Docker metadata | |
id: meta | |
uses: docker/[email protected] | |
with: | |
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
# Build and push Docker image with Buildx (don't push on PR) | |
# https://github.com/docker/build-push-action | |
- name: Build and push Docker image (amd64) | |
id: build-and-push-amd64 | |
uses: docker/[email protected] | |
with: | |
context: . | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ${{ steps.meta.outputs.tags }} | |
provenance: false | |
# labels: ${{ steps.meta.outputs.labels }} | |
secrets: | | |
VERSION=${{ steps.meta.outputs.version }} | |
platforms: linux/amd64 | |
file: Dockerfile | |
cache-from: type=gha,scope=${{ env.IMAGE_NAME }} | |
cache-to: type=gha,scope=${{ env.IMAGE_NAME }},mode=max | |
build-push-arm64: | |
# Do not run on PRs | |
if: github.event_name != 'pull_request' | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
# This is used to complete the identity challenge | |
# with sigstore/fulcio when running outside of PRs. | |
id-token: write | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Set up QEMU | |
uses: docker/[email protected] | |
with: | |
platforms: arm64 | |
# Workaround: https://github.com/docker/build-push-action/issues/461 | |
- name: Setup Docker buildx | |
uses: docker/[email protected] | |
# Login against a Docker registry except on PR | |
# https://github.com/docker/login-action | |
- name: Log into registry ${{ env.REGISTRY }} | |
if: github.event_name != 'pull_request' | |
uses: docker/[email protected] | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
# Extract metadata (tags, labels) for Docker | |
# https://github.com/docker/metadata-action | |
- name: Extract Docker metadata | |
id: meta | |
uses: docker/[email protected] | |
with: | |
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
# Build and push Docker image with Buildx (don't push on PR) | |
# https://github.com/docker/build-push-action | |
- name: Build and push Docker image (arm64) | |
id: build-and-push-arm64 | |
uses: docker/[email protected] | |
with: | |
context: . | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ${{ steps.meta.outputs.tags }}-arm64 | |
provenance: false | |
# labels: ${{ steps.meta.outputs.labels }} | |
secrets: | | |
VERSION=${{ steps.meta.outputs.version }} | |
platforms: linux/arm64 | |
file: Dockerfile.aarch64 | |
cache-from: type=gha,scope=${{ env.IMAGE_NAME }} | |
cache-to: type=gha,scope=${{ env.IMAGE_NAME }},mode=max | |
create-manifests: | |
# Do not run on PRs | |
if: github.event_name != 'pull_request' | |
runs-on: ubuntu-latest | |
needs: [build-push-amd64, build-push-arm64] | |
permissions: | |
contents: read | |
packages: write | |
id-token: write | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Extract Docker metadata | |
id: meta | |
uses: docker/[email protected] | |
with: | |
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
- name: Log into registry ${{ env.REGISTRY }} | |
if: github.event_name != 'pull_request' | |
uses: docker/[email protected] | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set repo name | |
run: | | |
echo "IMAGE_NAME=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV | |
# Create v* tag manifests and push | |
- name: Create ref tag manifest and push | |
if: startsWith(github.ref, 'refs/tags/v') | |
run: | | |
echo "Creating manifest for: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}" | |
docker manifest create \ | |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }} \ | |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest \ | |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest-arm64 | |
docker manifest push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }} | |
# Create latest tag manifests and push | |
- name: Create latest tag manifest and push | |
if: startsWith(github.ref, 'refs/tags/v') | |
run: | | |
echo "Creating manifest for: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}" | |
docker manifest create \ | |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest \ | |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest \ | |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest-arm64 | |
docker manifest push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest | |
# Create manifest and push | |
- name: Create manifest and push | |
# Run only on main branch push | |
if: github.ref == 'refs/heads/main' | |
run: | | |
docker manifest create \ | |
${{ steps.meta.outputs.tags }} \ | |
--amend ${{ steps.meta.outputs.tags }} \ | |
--amend ${{ steps.meta.outputs.tags }}-arm64 | |
docker manifest push ${{ steps.meta.outputs.tags }} |