Skip to content

Merge pull request #18800 from Homebrew/ca-certs-secure #2034

Merge pull request #18800 from Homebrew/ca-certs-secure

Merge pull request #18800 from Homebrew/ca-certs-secure #2034

Workflow file for this run

name: Docker
on:
pull_request:
push:
branches:
- master
merge_group:
release:
types:
- published
permissions:
contents: read
defaults:
run:
shell: bash -xeuo pipefail {0}
jobs:
ubuntu:
if: github.repository_owner == 'Homebrew'
name: docker (Ubuntu ${{ matrix.version }})
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
version: ["18.04", "20.04", "22.04", "24.04"]
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
fetch-depth: 0
persist-credentials: false
- name: Fetch origin/master from Git
run: git fetch origin master
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3
- name: Determine build attributes
id: attributes
run: |
date="$(date --rfc-3339=seconds --utc)"
brew_version="$(git describe --tags --dirty --abbrev=7)"
DELIMITER="END_LABELS_$(uuidgen)"
cat <<EOS | tee -a "${GITHUB_OUTPUT}"
labels<<${DELIMITER}
org.opencontainers.image.created=${date}
org.opencontainers.image.url=https://brew.sh
org.opencontainers.image.documentation=https://docs.brew.sh
org.opencontainers.image.source=https://github.com/${GITHUB_REPOSITORY}
org.opencontainers.image.version=${brew_version}
org.opencontainers.image.revision=${GITHUB_SHA}
org.opencontainers.image.vendor=${GITHUB_REPOSITORY_OWNER}
org.opencontainers.image.licenses=BSD-2-Clause
${DELIMITER}
EOS
tags=()
if [[ "${GITHUB_EVENT_NAME}" == "release" ]]; then
tags+=(
"ghcr.io/homebrew/ubuntu${{matrix.version}}:${brew_version}"
"ghcr.io/homebrew/ubuntu${{matrix.version}}:latest"
"homebrew/ubuntu${{matrix.version}}:${brew_version}"
"homebrew/ubuntu${{matrix.version}}:latest"
)
if [[ "${{ matrix.version }}" == "22.04" ]]; then
tags+=(
"ghcr.io/homebrew/brew:${brew_version}"
"ghcr.io/homebrew/brew:latest"
"homebrew/brew:${brew_version}"
"homebrew/brew:latest"
)
fi
elif [[ "${GITHUB_EVENT_NAME}" == "push" &&
"${GITHUB_REF}" == "refs/heads/master" &&
"${{ matrix.version }}" == "22.04" ]]; then
tags+=(
"ghcr.io/homebrew/brew:master"
"ghcr.io/homebrew/ubuntu${{ matrix.version }}:master"
"homebrew/brew:master"
"homebrew/ubuntu${{matrix.version}}:master"
)
fi
if [[ "${{ matrix.version }}" == "18.04" ]]; then
# odeprecated: remove this in Homebrew >=4.4
echo "The homebrew/ubuntu18.04 image is deprecated and will soon be retired. Use homebrew/ubuntu22.04 or homebrew/ubuntu24.04 or homebrew/ubuntu20.04 or homebrew/brew." > .docker-deprecate
fi
{
if [[ "${#tags[@]}" -ne 0 ]]; then
DELIMITER="END_TAGS_$(uuidgen)"
echo "tags<<${DELIMITER}"
printf "%s\n" "${tags[@]}"
echo "${DELIMITER}"
echo "push=true"
else
echo "push=false"
fi
} | tee -a "${GITHUB_OUTPUT}"
- name: Log in to GitHub Packages (github-actions[bot])
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
with:
registry: ghcr.io
username: github-actions[bot]
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build Docker image
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6
with:
context: .
load: true
tags: brew
cache-from: type=registry,ref=ghcr.io/homebrew/ubuntu${{ matrix.version }}:cache
build-args: version=${{ matrix.version }}
labels: ${{ steps.attributes.outputs.labels }}
- name: Run brew test-bot --only-setup
run: docker run --rm brew brew test-bot --only-setup
- name: Log in to GitHub Packages (BrewTestBot)
if: steps.attributes.outputs.push == 'true'
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
with:
registry: ghcr.io
username: BrewTestBot
password: ${{ secrets.HOMEBREW_BREW_GITHUB_PACKAGES_TOKEN }}
- name: Log in to Docker Hub
if: steps.attributes.outputs.push == 'true'
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
with:
username: brewtestbot
password: ${{ secrets.HOMEBREW_BREW_DOCKER_TOKEN }}
- name: Deploy the tagged Docker image
if: steps.attributes.outputs.push == 'true'
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6
with:
context: .
push: true
tags: ${{ steps.attributes.outputs.tags }}
cache-from: type=registry,ref=ghcr.io/homebrew/ubuntu${{ matrix.version }}:cache
cache-to: type=registry,ref=ghcr.io/homebrew/ubuntu${{ matrix.version }}:cache,mode=max
build-args: version=${{ matrix.version }}
labels: ${{ steps.attributes.outputs.labels }}