-
Notifications
You must be signed in to change notification settings - Fork 2
132 lines (118 loc) · 5.23 KB
/
docker.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
name: Docker
on:
push:
branches:
- main
tags:
- 'v[0-9]+.[0-9]+.[0-9]+'
paths-ignore:
- '**.yml'
- '**.yaml'
- '**.md'
pull_request:
branches:
- main
repository_dispatch:
types: [update]
workflow_dispatch:
env:
PLATFORMS: "linux/amd64, linux/arm64, linux/s390x"
BUILD_PLATFORMS: "linux/ppc64le"
concurrency:
group: ${{ github.ref_name }}-ci
cancel-in-progress: true
jobs:
build-docker:
name: Build Docker Image
runs-on: ubuntu-20.04
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Output Variables
id: var
run: |
nginx_v=$(grep -m1 'FROM nginx:' <Dockerfile | awk -F'[: ]' '{print $3}')
docker pull nginx:$nginx_v || exit 1
njs=$(docker run nginx:$nginx_v env | grep NJS_VERSION | cut -d= -f2)
echo "NJS_VERSION=$njs"
echo "nginx_version=${nginx_v}" >> $GITHUB_OUTPUT
echo "njs_version=${njs}" >> $GITHUB_OUTPUT
- name: Setup QEMU
uses: docker/setup-qemu-action@v3
with:
platforms: arm,arm64,ppc64le,s390x
if: github.event_name != 'pull_request'
- name: Docker Buildx
uses: docker/setup-buildx-action@v3
with:
buildkitd-flags: --debug
- name: DockerHub Login
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
if: github.event_name != 'pull_request'
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
if: github.event_name != 'pull_request'
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
nginxcontrib/nginx-ubi
ghcr.io/lucacome/nginx-ubi
tags: |
type=raw,value=${{ steps.var.outputs.nginx_version }}
- name: Build from source
uses: docker/build-push-action@v6
id: build
with:
pull: true
load: ${{ github.event_name == 'pull_request' }}
push: ${{ github.event_name != 'pull_request' }}
platforms: ${{ github.event_name != 'pull_request' && env.BUILD_PLATFORMS || '' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha,scope=source
cache-to: type=gha,scope=source,mode=max
target: final
provenance: ${{ github.event_name != 'pull_request' }}
sbom: ${{ github.event_name != 'pull_request' }}
build-args: |
NGINX=${{ steps.var.outputs.nginx_version }}
NJS=${{ steps.var.outputs.njs_version }}
- name: Build prebuilt
uses: docker/build-push-action@v6
id: build-prebuilt
with:
pull: true
load: ${{ github.event_name == 'pull_request' }}
push: ${{ github.event_name != 'pull_request' }}
platforms: ${{ github.event_name != 'pull_request' && env.PLATFORMS || '' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha,scope=prebuilt
cache-to: type=gha,scope=prebuilt,mode=max
target: final
file: Dockerfile.prebuilt
provenance: ${{ github.event_name != 'pull_request' }}
sbom: ${{ github.event_name != 'pull_request' }}
build-args: |
NGINX=${{ steps.var.outputs.nginx_version }}
NJS=${{ steps.var.outputs.njs_version }}
- name: Combine images
run: |
docker buildx imagetools create nginxcontrib/nginx-ubi@${{ steps.build.outputs.digest }} ${{ steps.build-prebuilt.outputs.digest }} --tag nginxcontrib/nginx-ubi:${{ steps.meta.outputs.version }}
docker buildx imagetools create nginxcontrib/nginx-ubi:${{ steps.meta.outputs.version }} --tag nginxcontrib/nginx-ubi:latest
docker buildx imagetools create nginxcontrib/nginx-ubi:${{ steps.meta.outputs.version }} --tag nginxcontrib/nginx:latest-ubi
docker buildx imagetools create nginxcontrib/nginx-ubi:${{ steps.meta.outputs.version }} --tag nginxcontrib/nginx:${{ steps.meta.outputs.version }}-ubi
docker buildx imagetools create ghcr.io/lucacome/nginx-ubi@${{ steps.build.outputs.digest }} ${{ steps.build-prebuilt.outputs.digest }} --tag ghcr.io/lucacome/nginx-ubi:${{ steps.meta.outputs.version }}
docker buildx imagetools create ghcr.io/lucacome/nginx-ubi:${{ steps.meta.outputs.version }} --tag ghcr.io/lucacome/nginx-ubi:latest
docker buildx imagetools create ghcr.io/lucacome/nginx-ubi:${{ steps.meta.outputs.version }} --tag ghcr.io/lucacome/nginx:latest-ubi
docker buildx imagetools create ghcr.io/lucacome/nginx-ubi:${{ steps.meta.outputs.version }} --tag ghcr.io/lucacome/nginx:${{ steps.meta.outputs.version }}-ubi
if: github.event_name != 'pull_request'