Skip to content

Commit

Permalink
ci: refactor GitHub Actions and Docker build-push-action settings
Browse files Browse the repository at this point in the history 
- Add a new GitHub Actions workflow `docker-reused-setup-steps/action.yml` for setting up docker, which allows logging into DockerHub and GitHub Container Registry
- The new workflow needs DockerHub organization name, DockerHub username, DockerHub token, and a tag as inputs and provides tags and labels as outputs
- In the existing `docker_publish.yml` workflow, update the permissions provided to the GITHUB_TOKEN
- Remove individual `Docker meta`, `Set up QEMU`, `Set up Docker Buildx`, and docker hub/registry login steps, and replace them with the newly created reusable docker setup action
- Update the `Build and push` step to include build arguments for assigning the version and release number
- Add caching to registry to avoid the GitHub Actions capacity limit, along with enabling of Software Bill of Materials (sbom) and Provenance
- Extend the target platforms to include both linux/amd64 and linux/arm64.

Signed-off-by: 陳鈞 <[email protected]>
  • Loading branch information
@jim60105
jim60105 committed May 24, 2024
1 parent 61d4707 commit d67838f
Show file tree
Hide file tree
Showing 2 changed files with 83 additions and 43 deletions.
58 changes: 58 additions & 0 deletions .github/workflows/docker-reused-setup-steps/action.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
name: Setup docker

description: Configure the docker workflow.

inputs:
DOCKERHUB_ORGANIZATION_NAME :
required: true
DOCKERHUB_USERNAME:
required: true
DOCKERHUB_TOKEN:
required: true
tag:
required: true

outputs:
tags:
description: "tags"
value: ${{ steps.meta.outputs.tags }}
labels:
description: "labels"
value: ${{ steps.meta.outputs.labels }}

runs:
using: composite
steps:
- name: Docker meta:${{ inputs.tag }}
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ inputs.DOCKERHUB_ORGANIZATION_NAME }}/azure-uploader,ghcr.io/${{ github.repository_owner }}/azure-uploader
flavor: |
latest=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
prefix=
suffix=
- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

# Create a Access Token and save it as as Actions secret
# https://hub.docker.com/settings/security
# DOCKERHUB_USERNAME
# DOCKERHUB_TOKEN
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ inputs.DOCKERHUB_USERNAME }}
password: ${{ inputs.DOCKERHUB_TOKEN }}

# You may need to manage write and read access of GitHub Actions for repositories in the container settings.
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ github.token }}
68 changes: 25 additions & 43 deletions .github/workflows/docker_publish.yml
View file
Original file line number Diff line number Diff line change
@@ -1,63 +1,37 @@
name: docker_publish

# Controls when the action will run.
on:
# Triggers the workflow on push or pull request events but only for the master branch
push:
branches:
- 'master'
tags:
- '*'

# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
# Sets the permissions granted to the GITHUB_TOKEN for the actions in this job.
permissions:
contents: read
packages: write

jobs:
# This workflow contains a single job called "build"
build-and-push:
# The type of runner that the job will run on
docker-latest:
runs-on: ubuntu-latest

# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ secrets.DOCKERHUB_ORGANIZATION_NAME }}/${{ github.event.repository.name }},ghcr.io/${{ github.repository }}
flavor: |
latest=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
prefix=
suffix=
- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

# Create a Access Token and save it as as Actions secret
# https://hub.docker.com/settings/security
# DOCKERHUB_USERNAME
# DOCKERHUB_TOKEN
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
submodules: 'true'

# Create a Access Token with `read:packages` and `write:packages` scopes
# CR_PAT
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
- name: Setup docker
id: setup
uses: ./.github/workflows/docker-reused-setup-steps
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.CR_PAT }}
DOCKERHUB_ORGANIZATION_NAME : ${{ secrets.DOCKERHUB_ORGANIZATION_NAME }}
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
tag: latest

- name: Build and push
uses: docker/build-push-action@v5
Expand All @@ -66,6 +40,14 @@ jobs:
file: ./Dockerfile
push: true
target: final
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
platforms: linux/amd64
tags: ${{ steps.setup.outputs.tags }}
labels: ${{ steps.setup.outputs.labels }}
build-args: |
VERSION=latest
RELEASE=${{ github.run_number }}
platforms: linux/amd64,linux/arm64
# Cache to regietry instead of gha to avoid the capacity limit.
cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/azure-uploader:cache
cache-to: type=registry,ref=ghcr.io/${{ github.repository_owner }}/azure-uploader:cache,mode=max
sbom: true
provenance: true

0 comments on commit d67838f

Please sign in to comment.