Merge pull request #18800 from Homebrew/ca-certs-secure #2034
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Docker | |
on: | |
pull_request: | |
push: | |
branches: | |
- master | |
merge_group: | |
release: | |
types: | |
- published | |
permissions: | |
contents: read | |
defaults: | |
run: | |
shell: bash -xeuo pipefail {0} | |
jobs: | |
ubuntu: | |
if: github.repository_owner == 'Homebrew' | |
name: docker (Ubuntu ${{ matrix.version }}) | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
version: ["18.04", "20.04", "22.04", "24.04"] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
with: | |
fetch-depth: 0 | |
persist-credentials: false | |
- name: Fetch origin/master from Git | |
run: git fetch origin master | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3 | |
- name: Determine build attributes | |
id: attributes | |
run: | | |
date="$(date --rfc-3339=seconds --utc)" | |
brew_version="$(git describe --tags --dirty --abbrev=7)" | |
DELIMITER="END_LABELS_$(uuidgen)" | |
cat <<EOS | tee -a "${GITHUB_OUTPUT}" | |
labels<<${DELIMITER} | |
org.opencontainers.image.created=${date} | |
org.opencontainers.image.url=https://brew.sh | |
org.opencontainers.image.documentation=https://docs.brew.sh | |
org.opencontainers.image.source=https://github.com/${GITHUB_REPOSITORY} | |
org.opencontainers.image.version=${brew_version} | |
org.opencontainers.image.revision=${GITHUB_SHA} | |
org.opencontainers.image.vendor=${GITHUB_REPOSITORY_OWNER} | |
org.opencontainers.image.licenses=BSD-2-Clause | |
${DELIMITER} | |
EOS | |
tags=() | |
if [[ "${GITHUB_EVENT_NAME}" == "release" ]]; then | |
tags+=( | |
"ghcr.io/homebrew/ubuntu${{matrix.version}}:${brew_version}" | |
"ghcr.io/homebrew/ubuntu${{matrix.version}}:latest" | |
"homebrew/ubuntu${{matrix.version}}:${brew_version}" | |
"homebrew/ubuntu${{matrix.version}}:latest" | |
) | |
if [[ "${{ matrix.version }}" == "22.04" ]]; then | |
tags+=( | |
"ghcr.io/homebrew/brew:${brew_version}" | |
"ghcr.io/homebrew/brew:latest" | |
"homebrew/brew:${brew_version}" | |
"homebrew/brew:latest" | |
) | |
fi | |
elif [[ "${GITHUB_EVENT_NAME}" == "push" && | |
"${GITHUB_REF}" == "refs/heads/master" && | |
"${{ matrix.version }}" == "22.04" ]]; then | |
tags+=( | |
"ghcr.io/homebrew/brew:master" | |
"ghcr.io/homebrew/ubuntu${{ matrix.version }}:master" | |
"homebrew/brew:master" | |
"homebrew/ubuntu${{matrix.version}}:master" | |
) | |
fi | |
if [[ "${{ matrix.version }}" == "18.04" ]]; then | |
# odeprecated: remove this in Homebrew >=4.4 | |
echo "The homebrew/ubuntu18.04 image is deprecated and will soon be retired. Use homebrew/ubuntu22.04 or homebrew/ubuntu24.04 or homebrew/ubuntu20.04 or homebrew/brew." > .docker-deprecate | |
fi | |
{ | |
if [[ "${#tags[@]}" -ne 0 ]]; then | |
DELIMITER="END_TAGS_$(uuidgen)" | |
echo "tags<<${DELIMITER}" | |
printf "%s\n" "${tags[@]}" | |
echo "${DELIMITER}" | |
echo "push=true" | |
else | |
echo "push=false" | |
fi | |
} | tee -a "${GITHUB_OUTPUT}" | |
- name: Log in to GitHub Packages (github-actions[bot]) | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 | |
with: | |
registry: ghcr.io | |
username: github-actions[bot] | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build Docker image | |
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6 | |
with: | |
context: . | |
load: true | |
tags: brew | |
cache-from: type=registry,ref=ghcr.io/homebrew/ubuntu${{ matrix.version }}:cache | |
build-args: version=${{ matrix.version }} | |
labels: ${{ steps.attributes.outputs.labels }} | |
- name: Run brew test-bot --only-setup | |
run: docker run --rm brew brew test-bot --only-setup | |
- name: Log in to GitHub Packages (BrewTestBot) | |
if: steps.attributes.outputs.push == 'true' | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 | |
with: | |
registry: ghcr.io | |
username: BrewTestBot | |
password: ${{ secrets.HOMEBREW_BREW_GITHUB_PACKAGES_TOKEN }} | |
- name: Log in to Docker Hub | |
if: steps.attributes.outputs.push == 'true' | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 | |
with: | |
username: brewtestbot | |
password: ${{ secrets.HOMEBREW_BREW_DOCKER_TOKEN }} | |
- name: Deploy the tagged Docker image | |
if: steps.attributes.outputs.push == 'true' | |
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6 | |
with: | |
context: . | |
push: true | |
tags: ${{ steps.attributes.outputs.tags }} | |
cache-from: type=registry,ref=ghcr.io/homebrew/ubuntu${{ matrix.version }}:cache | |
cache-to: type=registry,ref=ghcr.io/homebrew/ubuntu${{ matrix.version }}:cache,mode=max | |
build-args: version=${{ matrix.version }} | |
labels: ${{ steps.attributes.outputs.labels }} |