Skip to content

Build and push container images for Specific Ruby Version #23

Build and push container images for Specific Ruby Version

Build and push container images for Specific Ruby Version #23

Workflow file for this run

name: Build and push container images
on:
workflow_dispatch:
schedule:
- cron: '0 1 * * 0' # weekly refresh on Sunday at 1am
push:
branches: [main]
paths:
- 'Dockerfile'
env:
DOCKER_BUILDKIT: 1
COSIGN_EXPERIMENTAL: 1
jobs:
build:
name: Build and publish image
runs-on:
group: bare-metal
strategy:
fail-fast: false
matrix:
ruby: ['2.6', '2.7', '3.0', '3.1', '3.2']
debian: ['bullseye']
permissions:
id-token: write # keyless Cosign signatures
packages: write # GHCR
contents: write # git tags
steps:
- name: Checkout repo
uses: actions/checkout@v3
- name: Generate docker-compliant image name
id: name
run: echo "name=zenjoy/ruby" | tee -a $GITHUB_OUTPUT
- name: Parse ruby version
id: version
run: |
RUBY_VERSION=$(grep -Eo 'RUBY_VERSION ${{ matrix.ruby }}.[0-9]+$' Dockerfile | cut -d ' ' -f2)
MAJOR=$(echo $RUBY_VERSION | cut -d . -f 1)
MINOR=$(echo $RUBY_VERSION | cut -d . -f 2)
PATCH=$(echo $RUBY_VERSION | cut -d . -f 3)
echo "major=$MAJOR" | tee -a $GITHUB_OUTPUT
echo "minor=$MINOR" | tee -a $GITHUB_OUTPUT
echo "patch=$PATCH" | tee -a $GITHUB_OUTPUT
echo "version=$RUBY_VERSION" | tee -a $GITHUB_OUTPUT
- name: Generate build tag from head
id: branch
run: |
export GIT_REF=${GITHUB_HEAD_REF:-$GITHUB_REF_NAME}
echo "branch=$(echo ${GIT_REF,,} | sed 's/[^a-zA-Z0-9]/-/g')" | tee -a $GITHUB_OUTPUT
- name: Generate Docker metadata with ruby version
uses: docker/metadata-action@v4
id: metadata
with:
flavor: |
latest=${{ matrix.ruby == '3.2' }}
images: |
docker.io/${{ steps.name.outputs.name }}
ghcr.io/${{ steps.name.outputs.name }}
tags: |
type=semver,pattern={{version}},value=v${{ steps.version.outputs.version }}
type=semver,pattern={{major}}.{{minor}},value=v${{ steps.version.outputs.version }}
labels: |
org.opencontainers.image.title=ruby
- name: Install Cosign
uses: sigstore/[email protected]
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_HUB_USER }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: Login to GitHub Container Repository
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ github.token }}
- name: Publish container image
uses: docker/build-push-action@v4
id: publish
with:
push: true
tags: ${{ steps.metadata.outputs.tags }}
labels: ${{ steps.metadata.outputs.labels }}
build-args: |
BUILD_AT=${{ steps.prepare.outputs.today }}
RUBY=${{ matrix.ruby }}
DEBIAN=${{ matrix.debian }}
platforms: linux/amd64,linux/arm64
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Sign container images
run: |
cosign sign --yes --recursive "docker.io/$IMAGE_NAME@$IMAGE_DIGEST"
cosign sign --yes --recursive "ghcr.io/$IMAGE_NAME@$IMAGE_DIGEST"
env:
IMAGE_NAME: ${{ steps.name.outputs.name }}
IMAGE_DIGEST: ${{ steps.publish.outputs.digest }}