From 7458db237824a11113092d8d6d65dbb8c3713dce Mon Sep 17 00:00:00 2001 From: Max Leske Date: Mon, 29 Jan 2024 13:09:53 +0100 Subject: [PATCH] feat: publish images to ghcr.io as well --- .github/workflows/buildimage.yml | 63 -------------------------------- .github/workflows/publish.yml | 54 +++++++++++++++++++++++++++ docker-bake.hcl | 19 ++++++---- 3 files changed, 65 insertions(+), 71 deletions(-) delete mode 100644 .github/workflows/buildimage.yml create mode 100644 .github/workflows/publish.yml diff --git a/.github/workflows/buildimage.yml b/.github/workflows/buildimage.yml deleted file mode 100644 index 8c880c4e..00000000 --- a/.github/workflows/buildimage.yml +++ /dev/null @@ -1,63 +0,0 @@ -name: Build images for Docker Hub -on: - push: - branches: - - master - repository_dispatch: - types: [base-container-updated] - -env: - REPO: "owasp/modsecurity-crs" - -jobs: - build: - runs-on: ubuntu-latest - strategy: - matrix: - crs_version: ["3.3.5"] - image: [apache, nginx] - variant: ["", "-alpine"] - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - # https://github.com/docker/setup-qemu-action - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - - # https://github.com/docker/setup-buildx-action - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - with: - driver-opts: image=moby/buildkit:master - - - name: Login to DockerHub - uses: docker/login-action@v2 - with: - username: ${{ secrets.dockerhub_user }} - password: ${{ secrets.dockerhub_token }} - - - name: Docker meta ${{ matrix.crs_version }}-${{ matrix.image }}${{ matrix.variant }} - id: meta - uses: docker/metadata-action@v4 - with: - images: | - ${{ env.REPO }} - flavor: | - latest=false - tags: | - type=raw,value=${{ matrix.image }}${{ matrix.variant }} - type=semver,pattern={{major}},value=v${{ matrix.crs_version }},suffix=${{ matrix.image }}${{ matrix.variant }}-{{date 'YYYYMMDDHHMM'}} - type=semver,pattern={{major}}.{{minor}},value=v${{ matrix.crs_version }},suffix=${{ matrix.image }}${{ matrix.variant }}-{{date 'YYYYMMDDHHMM'}} - type=semver,pattern={{version}},value=v${{ matrix.crs_version }},suffix=${{ matrix.image }}${{ matrix.variant }}-{{date 'YYYYMMDDHHMM'}} - - - name: Build and push ${{ matrix.crs_version }}-${{ matrix.image }}${{ matrix.variant }} - uses: docker/bake-action@v2.3.0 - with: - targets: ${{ matrix.image }}${{ matrix.variant }} - files: | - ./docker-bake.hcl - ${{ steps.meta.outputs.bake-file }} - push: true diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 00000000..2f1d0b4a --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,54 @@ +name: Build and publish images for container registries +on: + push: + branches: + - master + +jobs: + build: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + strategy: + matrix: + repo: ["owasp/modsecurity-crs", "ghcr.io/coreruleset/modsecurity-crs"] + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 1 + + # https://github.com/docker/setup-qemu-action + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + # https://github.com/docker/setup-buildx-action + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3.0.0 + with: + driver-opts: image=moby/buildkit:master + + - name: Login to DockerHub + if: ${{ startsWith(matrix.repo, 'owasp')}} + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + username: ${{ secrets.dockerhub_user }} + password: ${{ secrets.dockerhub_token }} + + - name: Login to GitHub Container Registry + if: ${{ startsWith(matrix.repo, 'ghcr.io')}} + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push + uses: docker/bake-action@v4.1.0 + with: + files: | + ./docker-bake.hcl + push: true + env: + REPO: ${{ matrix.repo }} diff --git a/docker-bake.hcl b/docker-bake.hcl index 47c62326..8a0f84ec 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -58,9 +58,9 @@ function "tag" { function "vtag" { params = [semver, variant] result = concat( - tag("${major(semver)}${variant}-${formatdate("YYYYMMDDHHMM", timestamp())}"), - tag("${minor(semver)}${variant}-${formatdate("YYYYMMDDHHMM", timestamp())}"), - tag("${patch(semver)}${variant}-${formatdate("YYYYMMDDHHMM", timestamp())}") + tag("${major(semver)}-${variant}-${formatdate("YYYYMMDDHHMM", timestamp())}"), + tag("${minor(semver)}-${variant}-${formatdate("YYYYMMDDHHMM", timestamp())}"), + tag("${patch(semver)}-${variant}-${formatdate("YYYYMMDDHHMM", timestamp())}") ) } @@ -80,6 +80,9 @@ target "platforms-base" { inherits = ["docker-metadata-action"] context="." platforms = ["linux/amd64", "linux/arm64/v8", "linux/arm/v7", "linux/i386"] + labels = { + "org.opencontainers.image.source" = "https://github.com/coreruleset/modsecurity-crs-docker" + } args = { CRS_RELEASE = "${crs-version}" MODSEC2_VERSION = "${modsec2-version}" @@ -96,7 +99,7 @@ target "apache" { HTTPD_VERSION = "${httpd-version}" } tags = concat(tag("apache"), - vtag("${crs-version}", "-apache") + vtag("${crs-version}", "apache") ) } @@ -107,7 +110,7 @@ target "apache-alpine" { HTTPD_VERSION = "${httpd-version}" } tags = concat(tag("apache-alpine"), - vtag("${crs-version}", "-apache-alpine") + vtag("${crs-version}", "apache-alpine") ) } @@ -118,7 +121,7 @@ target "nginx" { NGINX_VERSION = "${nginx-version}" } tags = concat(tag("nginx"), - vtag("${crs-version}", "-nginx") + vtag("${crs-version}", "nginx") ) } @@ -129,7 +132,7 @@ target "nginx-alpine" { NGINX_VERSION = "${nginx-version}" } tags = concat(tag("nginx-alpine"), - vtag("${crs-version}", "-nginx-alpine") + vtag("${crs-version}", "nginx-alpine") ) } @@ -142,6 +145,6 @@ target "openresty-alpine-fat" { NGINX_VERSION = "${nginx-version}" } tags = concat(tag("openresty-alpine-fat"), - vtag("${crs-version}", "-openresty-alpine-fat") + vtag("${crs-version}", "openresty-alpine-fat") ) }