From 8a164c416ff2ac2a020944fb91111ecbf9069930 Mon Sep 17 00:00:00 2001 From: Amruth Pillai Date: Mon, 19 Jan 2026 22:40:54 +0100 Subject: [PATCH] test new publish docker image flow --- .github/workflows/publish-docker-image.yml | 178 +++++++++++---------- 1 file changed, 91 insertions(+), 87 deletions(-) diff --git a/.github/workflows/publish-docker-image.yml b/.github/workflows/publish-docker-image.yml index c44bb40d0..610d5f502 100644 --- a/.github/workflows/publish-docker-image.yml +++ b/.github/workflows/publish-docker-image.yml @@ -3,165 +3,169 @@ name: Publish Docker Image on: workflow_dispatch: push: - tags: - - "*" + branches: ["main"] + tags: ["v*.*.*"] concurrency: - group: "${{ github.workflow }}-${{ github.ref }}" + group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true env: - IMAGE: amruthpillai/reactive-resume + IMAGE: ${{ github.repository }} jobs: build: - runs-on: ubuntu-latest - - outputs: - version: ${{ steps.version.outputs.version }} - strategy: + fail-fast: false matrix: - platform: - - linux/amd64 - - linux/arm64 + include: + - platform: linux/amd64 + runner: ubuntu-latest + arch: amd64 + - platform: linux/arm64 + runner: ubuntu-24.04-arm + arch: arm64 + + runs-on: ${{ matrix.runner }} + timeout-minutes: 30 + + permissions: + contents: read + packages: write + id-token: write + attestations: write steps: - name: Checkout Repository - uses: actions/checkout@v4.1.4 + uses: actions/checkout@v6 - - name: Extract version from package.json + - name: Get version from package.json id: version - run: echo "version=$(jq -r '.version' package.json)" >> "$GITHUB_OUTPUT" + run: echo "version=$(jq -r .version package.json)" >> "$GITHUB_OUTPUT" - - name: Set up QEMU - uses: docker/setup-qemu-action@v3.0.0 + - name: Setup Docker Buildx + uses: docker/setup-buildx-action@v3 - name: Login to Docker Hub - uses: docker/login-action@v3.1.0 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - - name: Login to GitHub Container Registery - uses: docker/login-action@v3.1.0 + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 with: registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ github.token }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3.3.0 - - - name: Extract Docker Metadata + - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@v5.5.1 + uses: docker/metadata-action@v5 with: - tags: type=semver,pattern={{version}},prefix=v,value=${{ steps.version.outputs.version }} images: | - ${{ env.IMAGE }} ghcr.io/${{ env.IMAGE }} - - - name: Prepare a unique name for Artifacts - id: artifact_name - run: | - name=$(echo -n "${{ matrix.platform }}" | sed -e 's/[ \t:\/\\"<>|*?]/-/g' -e 's/--*/-/g') - echo "name=$name" >> "$GITHUB_OUTPUT" + docker.io/${{ env.IMAGE }} + tags: | + type=sha,format=short,suffix=-${{ matrix.arch }} + type=raw,value=v${{ steps.version.outputs.version }}-${{ matrix.arch }} - name: Build and Push by Digest - uses: docker/build-push-action@v5.3.0 id: build + uses: docker/build-push-action@v6 with: context: . + sbom: true + push: true + provenance: mode=max platforms: ${{ matrix.platform }} + tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - outputs: type=image,name=${{ env.IMAGE }},push-by-digest=true,name-canonical=true,push=true - build-args: | - NX_CLOUD_ACCESS_TOKEN=${{ secrets.NX_CLOUD_ACCESS_TOKEN }} + cache-from: type=gha,scope=${{ env.IMAGE }}-${{ matrix.arch }} + cache-to: type=gha,mode=max,scope=${{ env.IMAGE }}-${{ matrix.arch }} - - name: Export Digest + - name: Export digest run: | mkdir -p /tmp/digests digest="${{ steps.build.outputs.digest }}" touch "/tmp/digests/${digest#sha256:}" - - name: Upload Digest - uses: actions/upload-artifact@v4.3.3 + - name: Upload digest + uses: actions/upload-artifact@v6 with: - name: digests-${{ steps.artifact_name.outputs.name }} + name: digests-${{ matrix.arch }} path: /tmp/digests/* if-no-files-found: error retention-days: 1 merge: + needs: build + timeout-minutes: 30 runs-on: ubuntu-latest - needs: - - build + permissions: + contents: read + packages: write + id-token: write + attestations: write steps: - name: Checkout Repository - uses: actions/checkout@v4.1.4 + uses: actions/checkout@v4 + with: + sparse-checkout: package.json + sparse-checkout-cone-mode: false - - name: Download Digest - uses: actions/download-artifact@v4.1.7 + - name: Get version from package.json + id: version + run: echo "version=$(jq -r .version package.json)" >> "$GITHUB_OUTPUT" + + - name: Download digests + uses: actions/download-artifact@v7 with: path: /tmp/digests pattern: digests-* merge-multiple: true + - name: Setup Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Login to Docker Hub - uses: docker/login-action@v3.1.0 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_TOKEN }} + password: ${{ secrets.DOCKER_PASSWORD }} - - name: Login to GitHub Container Registery - uses: docker/login-action@v3.1.0 + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 with: registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ github.token }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3.3.0 - - - name: Extract Docker Metadata + - name: Extract metadata for Docker id: meta - uses: docker/metadata-action@v5.5.1 + uses: docker/metadata-action@v5 with: - tags: type=semver,pattern={{version}},prefix=v,value=${{ needs.build.outputs.version }} images: | - ${{ env.IMAGE }} ghcr.io/${{ env.IMAGE }} + docker.io/${{ env.IMAGE }} + tags: | + type=sha,format=short + type=raw,value=latest + type=raw,value=v${{ steps.version.outputs.version }} - - name: Create Docker Manifest List and Push + - name: Create manifest list and push working-directory: /tmp/digests run: | - docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ - $(printf '${{ env.IMAGE }}@sha256:%s ' *) + set -euo pipefail + run: | + docker buildx imagetools create \ + $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf 'ghcr.io/${{ env.IMAGE }}@sha256:%s ' *) \ + $(printf 'docker.io/${{ env.IMAGE }}@sha256:%s ' *) - - name: Inspect Image + - name: Inspect image run: | - docker buildx imagetools inspect ${{ env.IMAGE }}:${{ steps.meta.outputs.version }} - - - name: Update Repository Description - uses: peter-evans/dockerhub-description@v4.0.0 - with: - repository: ${{ github.repository }} - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_TOKEN }} - - - name: Deploy the latest image on rxresu.me - run: curl -kX POST ${{ secrets.SERVICE_WEBHOOK }} - - - name: Inform about the release on Discord - uses: sarisia/actions-status-discord@v1.14.3 - if: always() - with: - username: ReleaseBot - webhook: ${{ secrets.DISCORD_WEBHOOK }} - status: ${{ job.status }} - title: "Release `${{ steps.meta.outputs.version }}`" - description: "A new version of Reactive Resume just dropped! 🚀" - url: "https://github.com/AmruthPillai/Reactive-Resume" + docker buildx imagetools inspect ghcr.io/${{ env.IMAGE }}:latest + docker buildx imagetools inspect docker.io/${{ env.IMAGE }}:latest \ No newline at end of file