feat: publish images to ghcr.io as well

.github/workflows/publish.yml

@@ -0,0 +1,54 @@
+name: Build and publish images for container registries
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    strategy:
+      matrix:
+        repo: ["owasp/modsecurity-crs", "ghcr.io/coreruleset/modsecurity-crs"]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      # https://github.com/docker/setup-qemu-action
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      # https://github.com/docker/setup-buildx-action
+      - name: Set up Docker Buildx
+        uses: docker/[email protected]
+        with:
+          driver-opts: image=moby/buildkit:master
+
+      - name: Login to DockerHub
+        if: ${{ startsWith(matrix.repo, 'owasp')}}
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          username: ${{ secrets.dockerhub_user }}
+          password: ${{ secrets.dockerhub_token }}
+
+      - name: Login to GitHub Container Registry
+        if: ${{ startsWith(matrix.repo, 'ghcr.io')}}
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/[email protected]
+        with:
+          files: |
+            ./docker-bake.hcl
+          push: true
+        env:
+          REPO: ${{ matrix.repo }}

docker-bake.hcl

@@ -58,9 +58,9 @@ function "tag" {
 function "vtag" {
     params = [semver, variant]
     result = concat(
-        tag("${major(semver)}${variant}-${formatdate("YYYYMMDDHHMM", timestamp())}"),
-        tag("${minor(semver)}${variant}-${formatdate("YYYYMMDDHHMM", timestamp())}"),
-        tag("${patch(semver)}${variant}-${formatdate("YYYYMMDDHHMM", timestamp())}")
+        tag("${major(semver)}-${variant}-${formatdate("YYYYMMDDHHMM", timestamp())}"),
+        tag("${minor(semver)}-${variant}-${formatdate("YYYYMMDDHHMM", timestamp())}"),
+        tag("${patch(semver)}-${variant}-${formatdate("YYYYMMDDHHMM", timestamp())}")
     )
 }
 
@@ -80,6 +80,9 @@ target "platforms-base" {
     inherits = ["docker-metadata-action"]
     context="."    
     platforms = ["linux/amd64", "linux/arm64/v8", "linux/arm/v7", "linux/i386"]
+    labels = {
+        "org.opencontainers.image.source" = "https://github.com/coreruleset/modsecurity-crs-docker"
+    }
     args = {
         CRS_RELEASE = "${crs-version}"
         MODSEC2_VERSION = "${modsec2-version}"
@@ -96,7 +99,7 @@ target "apache" {
         HTTPD_VERSION = "${httpd-version}"
     }
     tags = concat(tag("apache"),
-        vtag("${crs-version}", "-apache")
+        vtag("${crs-version}", "apache")
     )
 }
 
@@ -107,7 +110,7 @@ target "apache-alpine" {
         HTTPD_VERSION = "${httpd-version}"
     }
     tags = concat(tag("apache-alpine"),
-        vtag("${crs-version}", "-apache-alpine")
+        vtag("${crs-version}", "apache-alpine")
     )
 }
 
@@ -118,7 +121,7 @@ target "nginx" {
         NGINX_VERSION = "${nginx-version}"
     }
     tags = concat(tag("nginx"),
-        vtag("${crs-version}", "-nginx")
+        vtag("${crs-version}", "nginx")
     )
 }
 
@@ -129,7 +132,7 @@ target "nginx-alpine" {
         NGINX_VERSION = "${nginx-version}"
     }
     tags = concat(tag("nginx-alpine"),
-        vtag("${crs-version}", "-nginx-alpine")
+        vtag("${crs-version}", "nginx-alpine")
     )
 }
 
@@ -142,6 +145,6 @@ target "openresty-alpine-fat" {
         NGINX_VERSION = "${nginx-version}"
     }
     tags = concat(tag("openresty-alpine-fat"),
-        vtag("${crs-version}", "-openresty-alpine-fat")
+        vtag("${crs-version}", "openresty-alpine-fat")
     )
 }