diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 1d9552f962..1e70ba6c45 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -2,19 +2,20 @@ name: Main on: push: branches: - - 'develop' - - 'feature/update**' - - 'feature/server_esm**' + - "develop" + - "feature/update**" + - "feature/server_esm**" paths-ignore: - - 'docs/**' - - 'bin/**' + - "docs/**" + - "bin/**" concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true env: - REGISTRY: ghcr.io + GHCR_REGISTRY: ghcr.io + DOCKERHUB_REGISTRY: docker.io IMAGE_NAME: ${{ github.repository }} jobs: @@ -140,7 +141,7 @@ jobs: name: TriliumNext Notes for Windows (Setup) path: out/make/squirrel.windows/x64/*.exe build_docker: - name: Build Docker image + name: Build Docker images runs-on: ubuntu-latest permissions: contents: read @@ -149,40 +150,68 @@ jobs: id-token: write steps: - uses: actions/checkout@v4 - - name: Log in to the Container registry - uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + - name: Extract metadata (tags, labels) for container GHCR image + id: ghcr-meta + uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Extract metadata (tags, labels) for Docker - id: meta + images: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Extract metadata (tags, labels) for container DockerHub image + id: dh-meta uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + images: ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME }} - name: Set up node & dependencies uses: actions/setup-node@v4 with: node-version: 20 cache: "npm" - - run: npm ci + - run: npm ci - name: Run the TypeScript build run: npx tsc - name: Create server-package.json run: cat package.json | grep -v electron > server-package.json + - name: Log in to the GHCR container registry + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ${{ env.GHCR_REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - uses: docker/setup-buildx-action@v3 - - uses: docker/build-push-action@v6 - id: push + - name: Build and push container image to GHCR + uses: docker/build-push-action@v6 + id: ghcr-push + with: + context: . + push: true + tags: ${{ steps.ghcr-meta.outputs.tags }} + labels: ${{ steps.ghcr-meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max + - name: Generate and push artifact attestation to GHCR + uses: actions/attest-build-provenance@v1 + with: + subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME}} + subject-digest: ${{ steps.ghcr-push.outputs.digest }} + push-to-registry: true + - name: Log in to the GHCR container registry + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ${{ env.GHCR_REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Build and push image to DockerHub + uses: docker/build-push-action@v6 + id: dh-push with: context: . push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} + tags: ${{ steps.dh-meta.outputs.tags }} + labels: ${{ steps.dh-meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max - - name: Generate artifact attestation + - name: Generate and push artifact attestation to DockerHub uses: actions/attest-build-provenance@v1 with: - subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} - subject-digest: ${{ steps.push.outputs.digest }} - push-to-registry: true \ No newline at end of file + subject-name: ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME}} + subject-digest: ${{ steps.dh-push.outputs.digest }} + push-to-registry: true