-
Notifications
You must be signed in to change notification settings - Fork 0
148 lines (130 loc) · 4.52 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
name: CI
on:
schedule:
- cron: "0 12 * * *"
push:
branches: ["main", "renovate/*"]
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
packages: write
id-token: write
env:
REGISTRY: ghcr.io
jobs:
build:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- owner: DakaraProject
repo: dakara-client-web
branch: master
plateforms: linux/amd64,linux/arm64
- owner: DakaraProject
repo: dakara-server
branch: master
plateforms: linux/amd64,linux/arm64
- owner: odrling
repo: filestash
branch: subs
plateforms: linux/amd64
dockerfile: docker/Dockerfile
- owner: odrling
repo: syncplay
branch: master
plateforms: linux/amd64,linux/arm64
- owner: mesosphere
repo: traefik-forward-auth
branch: master
plateforms: linux/amd64,linux/arm64
env:
REPOSITORY: ${{ matrix.owner }}/${{ matrix.repo }}
IMAGE_NAME: ${{ github.repository_owner }}/${{ matrix.repo }}
steps:
- name: Checkout project repository
uses: actions/checkout@v4
with:
repository: ${{ env.REPOSITORY }}
ref: ${{ matrix.branch }}
- name: Check if image already exists
id: check
if: (github.event_name == 'schedule') && (env.REGISTRY == 'ghcr.io')
continue-on-error: true
run: |
GHCR_TOKEN=$(echo ${{ secrets.GITHUB_TOKEN }} | base64)
RESP=$(curl -H "Authorization: Bearer $GHCR_TOKEN" https://ghcr.io/v2/${{ env.IMAGE_NAME }}/tags/list)
echo $RESP | jq .tags | grep sha-$(git rev-parse --short HEAD)
- name: Checkout containers repository
if: steps.check.outcome != 'success'
uses: actions/checkout@v4
with:
path: containers
- name: Apply .diff and set Dockerfile
if: steps.check.outcome != 'success'
id: prepare
run: |
DIFF="containers/${{ matrix.repo }}.diff"
if [ -f $DIFF ]; then
echo Applying $DIFF
git apply $DIFF
fi
CUSTOM_DOCKERFILE="containers/${{ matrix.repo }}.Dockerfile"
if [ -f "$CUSTOM_DOCKERFILE" ]; then
DOCKERFILE=$CUSTOM_DOCKERFILE
elif [ -n "${{ matrix.dockerfile }}" ]; then
DOCKERFILE=${{ matrix.dockerfile }}
else
DOCKERFILE=Dockerfile
fi
echo Will use $DOCKERFILE
echo DOCKERFILE=$DOCKERFILE >> $GITHUB_OUTPUT
- name: Install cosign
if: (steps.check.outcome != 'success') && (github.ref == 'refs/heads/main')
uses: sigstore/cosign-installer@v3
- name: Set up QEMU
if: steps.check.outcome != 'success'
uses: docker/setup-qemu-action@v3
- name: Setup Docker buildx
if: steps.check.outcome != 'success'
uses: docker/setup-buildx-action@v3
- name: Log into registry ${{ env.REGISTRY }}
if: (steps.check.outcome != 'success') && (github.ref == 'refs/heads/main')
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract Docker metadata
if: steps.check.outcome != 'success'
id: meta
uses: docker/metadata-action@v5
with:
context: git
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=raw,value=${{ matrix.branch }}
type=sha
- name: Build and push Docker image
if: steps.check.outcome != 'success'
id: build-and-push
uses: docker/build-push-action@v5
with:
context: .
file: ${{ steps.prepare.outputs.DOCKERFILE }}
platforms: ${{ matrix.plateforms }}
push: ${{ github.ref == 'refs/heads/main' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Sign the published Docker image
if: (steps.check.outcome != 'success') && (github.ref == 'refs/heads/main')
env:
TAGS: ${{ steps.meta.outputs.tags }}
DIGEST: ${{ steps.build-and-push.outputs.digest }}
run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}