Bump caddy from 2.8.0-alpine to 2.8.1-alpine #26

Workflow file for this run

	name: Build and push container images

	on:
	workflow_dispatch:
	push:
	branches: [main]
	paths:
	- Dockerfile
	pull_request:
	branches: [main]
	paths:
	- Dockerfile

	env:
	DOCKER_BUILDKIT: 1
	COSIGN_EXPERIMENTAL: 1

	jobs:
	metadata:
	name: Get image and repo details
	runs-on: ubuntu-latest

	outputs:
	name: ${{ steps.name.outputs.name }}
	title: ${{ steps.title.outputs.title }}
	version: ${{ steps.version.outputs.version }}
	branch: ${{ steps.branch.outputs.branch }}
	labels: ${{ steps.metadata.outputs.labels }}
	tags: ${{ steps.metadata.outputs.tags }}
	platforms: linux/amd64,linux/arm64

	steps:
	- name: Checkout repo
	uses: actions/checkout@v4

	- name: Generate docker-compliant image name
	id: name
	run: echo "name=$(echo ${GITHUB_REPOSITORY,,} \| sed 's/docker-//')" \| tee -a $GITHUB_OUTPUT

	- name: Generate OCI image title
	id: title
	run:
	echo "title=$(echo ${GITHUB_REPOSITORY#*/} \| sed 's/docker-//')" \| tee -a $GITHUB_OUTPUT

	- name: Parse Caddy version
	id: version
	run:
	echo "version=$(grep -Eo 'caddy:[0-9]+\.[0-9]+\.[0-9]+-alpine$' Dockerfile \| cut -d ':'
	-f2 \| cut -d '-' -f1)" \| tee -a $GITHUB_OUTPUT

	- name: Generate build tag from head
	id: branch
	run: \|
	export GIT_REF=${GITHUB_HEAD_REF:-$GITHUB_REF_NAME}
	echo "branch=$(echo ${GIT_REF,,} \| sed 's/[^a-zA-Z0-9]/-/g')" \| tee -a $GITHUB_OUTPUT

	- name: Generate Docker metadata with Caddy version
	uses: docker/metadata-action@v5
	id: metadata
	with:
	images: \|
	docker.io/${{ steps.name.outputs.name }}
	ghcr.io/${{ steps.name.outputs.name }}
	tags: \|
	type=semver,pattern={{version}},value=v${{ steps.version.outputs.version }}
	type=semver,pattern={{major}}.{{minor}},value=v${{ steps.version.outputs.version }}
	type=semver,pattern={{major}},value=v${{ steps.version.outputs.version }}
	labels: \|
	org.opencontainers.image.title=${{ steps.title.outputs.title }}

	build:
	name: Build container image
	runs-on: ubuntu-latest
	needs: [metadata]

	permissions:
	id-token: write # keyless Cosign signatures
	pull-requests: write # PR comments

	outputs:
	digest: ${{ steps.build.outputs.digest }}
	image-ref: ttl.sh/${{ needs.metadata.outputs.name }}:${{ github.sha }}

	steps:
	- name: Checkout repo
	uses: actions/checkout@v4

	- name: Install Cosign
	uses: sigstore/[email protected]

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Build Docker image
	uses: docker/build-push-action@v5
	id: build
	with:
	context: .
	push: true # to ttl.sh
	tags: ttl.sh/${{ needs.metadata.outputs.name }}:${{ github.sha }}
	labels: ${{ needs.metadata.outputs.labels }}
	platforms: ${{ needs.metadata.outputs.platforms }}
	cache-from: type=gha
	cache-to: type=gha,mode=max

	- name: Sign container images
	run: \|
	cosign sign --yes --recursive \
	"ttl.sh/$IMAGE_NAME@$IMAGE_DIGEST"
	env:
	IMAGE_NAME: ${{ needs.metadata.outputs.name }}
	IMAGE_DIGEST: ${{ steps.build.outputs.digest }}

	trivy:
	name: Run Trivy scanner
	needs: [build]
	uses: ./.github/workflows/trivy.yml
	with:
	image-ref: ${{ needs.build.outputs.image-ref }}

	publish:
	name: Publish container image
	needs: [metadata, build, trivy]
	runs-on: ubuntu-latest

	permissions:
	id-token: write # keyless Cosign signatures
	packages: write # GHCR
	contents: write # git tags

	if: github.event_name == 'push' \|\| github.event_name == 'workflow_dispatch'
	steps:
	- name: Checkout repo
	uses: actions/checkout@v4

	- name: Install Cosign
	uses: sigstore/[email protected]

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Login to Docker Hub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKER_HUB_USER }}
	password: ${{ secrets.DOCKER_HUB_PASSWORD }}

	- name: Login to GitHub Container Repository
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ github.token }}

	- name: Verify container images
	run: \|
	cosign verify \
	--certificate-oidc-issuer https://token.actions.githubusercontent.com \
	--certificate-identity-regexp https://github.com/$GITHUB_REPOSITORY/.github/workflows/ \
	${{ needs.build.outputs.image-ref }}

	- name: Publish container image
	uses: docker/build-push-action@v5
	id: publish
	with:
	context: .
	push: true
	tags: ${{ needs.metadata.outputs.tags }}
	labels: ${{ needs.metadata.outputs.labels }}
	platforms: ${{ needs.metadata.outputs.platforms }}
	cache-from: type=gha
	cache-to: type=gha,mode=max

	- name: Sign container images
	run: \|
	cosign sign --yes --recursive "docker.io/$IMAGE_NAME@$IMAGE_DIGEST"
	cosign sign --yes --recursive "ghcr.io/$IMAGE_NAME@$IMAGE_DIGEST"
	env:
	IMAGE_NAME: ${{ needs.metadata.outputs.name }}
	IMAGE_DIGEST: ${{ steps.publish.outputs.digest }}

	- name: Push version tags
	run: \|
	MAJOR=$(echo $CADDY_VERSION \| cut -d . -f 1)
	MINOR=$(echo $CADDY_VERSION \| cut -d . -f 2)
	git tag -f "v$MAJOR"
	git tag -f "v$MAJOR.$MINOR"
	git tag -f "v$CADDY_VERSION"
	git push -f -u origin "v$MAJOR"
	git push -f -u origin "v$MAJOR.$MINOR"
	git push -f -u origin "v$CADDY_VERSION"
	env:
	CADDY_VERSION: ${{ needs.metadata.outputs.version }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump caddy from 2.8.0-alpine to 2.8.1-alpine #26

Workflow file

Bump caddy from 2.8.0-alpine to 2.8.1-alpine #26

Jobs

Run details

Workflow file for this run