-
Notifications
You must be signed in to change notification settings - Fork 14
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
8 changed files
with
340 additions
and
186 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
name: build-push-info | ||
|
||
description: Get docker tags and other version related infos | ||
|
||
inputs: | ||
qbt_tag: | ||
description: "qBittorrent release tag" | ||
required: false | ||
docker_tag: | ||
description: "docker tag" | ||
required: false | ||
|
||
outputs: | ||
qbt_release_tag: | ||
description: "The qBittorrent release tag" | ||
value: ${{ steps.qbt-release.outputs.release_tag }} | ||
qbt_version_number: | ||
description: "The extracted version number from the release tag" | ||
value: ${{ steps.qbt-release.outputs.version_number }} | ||
date: | ||
description: "Current UTC date in YYYYMMDD format" | ||
value: ${{ steps.env-info.outputs.date }} | ||
short_sha: | ||
description: "Short SHA of the current commit" | ||
value: ${{ steps.env-info.outputs.short_sha }} | ||
tags: | ||
description: "Docker tags to publish" | ||
value: ${{ steps.docker-tags.outputs.tags }} | ||
|
||
runs: | ||
using: "composite" | ||
steps: | ||
- name: Get latest release or use provided tag | ||
id: qbt-release | ||
uses: ./.github/actions/get-qbt-release | ||
with: | ||
qbt_tag: ${{ inputs.qbt_tag }} | ||
|
||
- name: Setup additional environment variables | ||
id: env-info | ||
shell: bash | ||
run: | | ||
echo "date=$(date -u +%Y%m%d)" | tee -a $GITHUB_OUTPUT | ||
echo "short_sha=$(git rev-parse --short HEAD)" | tee -a $GITHUB_OUTPUT | ||
- name: Set up Docker Tags | ||
id: docker-tags | ||
shell: bash | ||
run: | | ||
GHCR_REPO="ghcr.io/trigus42/alpine-qbittorrentvpn" | ||
DOCKERHUB_REPO="trigus42/qbittorrentvpn" | ||
if [[ -n "${{ inputs.docker_tag }}" ]]; then | ||
TAGS_NAMES=( | ||
${{ inputs.docker_tag }} | ||
) | ||
elif [ "${{ github.ref_name }}" == "master" ]; then | ||
TAGS_NAMES=( | ||
"latest" | ||
"qbt${{ steps.qbt-release.outputs.version_number }}" | ||
"qbt${{ steps.qbt-release.outputs.version_number }}-${{ steps.env-info.outputs.date }}" | ||
) | ||
fi | ||
TAGS_NAMES+=( | ||
"${{ github.head_ref || github.ref_name }}" | ||
"${{ github.sha }}" | ||
"${{ github.sha }}-qbt${{ steps.qbt-release.outputs.version_number }}" | ||
) | ||
# Prepare the tags for both repositories | ||
DOCKER_TAGS=() | ||
for tag in "${TAGS_NAMES[@]}"; do | ||
DOCKER_TAGS+=("$GHCR_REPO:$tag") | ||
DOCKER_TAGS+=("$DOCKERHUB_REPO:$tag") | ||
done | ||
bash .github/helper/setOutput.sh "tags" "$(IFS=$'\n'; echo "${DOCKER_TAGS[*]}")" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
name: docker-setup | ||
|
||
description: Setup Docker environment for QEMU, Buildx, and registry logins | ||
|
||
inputs: | ||
login_enabled: | ||
type: boolean | ||
description: "Enable or disable all logins" | ||
default: true | ||
required: false | ||
github_token: | ||
type: string | ||
description: "Set to enable GitHub Container Registry login" | ||
required: false | ||
dockerhub_username: | ||
type: string | ||
description: "Set to enable DockerHub login" | ||
required: false | ||
dockerhub_token: | ||
type: string | ||
description: "Set to enable DockerHub login" | ||
required: false | ||
|
||
runs: | ||
using: "composite" | ||
steps: | ||
- name: Set up QEMU | ||
uses: docker/setup-qemu-action@v3 | ||
|
||
- name: Setup Docker buildx | ||
uses: docker/setup-buildx-action@v3 | ||
|
||
- name: Login to GitHub Container Registry | ||
if: ${{ inputs.login_enabled && inputs.github_token }} | ||
uses: docker/login-action@v3 | ||
with: | ||
registry: ghcr.io | ||
username: ${{ github.actor }} | ||
password: ${{ inputs.github_token }} | ||
|
||
- name: Login to Docker Hub | ||
if: ${{ inputs.login_enabled && inputs.dockerhub_username && inputs.dockerhub_token }} | ||
uses: docker/login-action@v3 | ||
with: | ||
username: ${{ inputs.dockerhub_username }} | ||
password: ${{ inputs.dockerhub_token }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
name: get-qbt-release | ||
|
||
description: Get latest qbt release tag | ||
|
||
inputs: | ||
qbt_tag: | ||
description: "qBittorrent release tag" | ||
required: false | ||
|
||
outputs: | ||
release_tag: | ||
description: "The qBittorrent release tag" | ||
value: ${{ steps.qbt-release.outputs.release_tag }} | ||
version_number: | ||
description: "The extracted version number from the release tag" | ||
value: ${{ steps.qbt-release.outputs.version_number }} | ||
|
||
runs: | ||
using: "composite" | ||
steps: | ||
- name: Get latest release or use provided tag | ||
id: qbt-release | ||
shell: bash | ||
run: | | ||
if [ -z "${{ inputs.qbt_tag }}"]; then | ||
echo "No qBittorrent tag provided, fetching latest release..." | ||
RELEASE_TAG=$(curl -s https://api.github.com/repos/userdocs/qbittorrent-nox-static/releases/latest | jq -r '.tag_name') | ||
else | ||
RELEASE_TAG=${{ inputs.qbt_tag }} | ||
fi | ||
echo "release_tag=$RELEASE_TAG" | tee -a $GITHUB_OUTPUT | ||
echo "version_number=$(echo $RELEASE_TAG | grep -P "\d(\.\d+)+" -o | head -n 1)" | tee -a $GITHUB_OUTPUT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
name: sign-docker-image | ||
|
||
description: Sign the Docker image using cosign | ||
|
||
inputs: | ||
digest: | ||
type: string | ||
description: "The image digest to sign" | ||
required: true | ||
tags: | ||
type: string | ||
description: "The image tags to sign" | ||
required: true | ||
|
||
runs: | ||
using: "composite" | ||
steps: | ||
- name: Install cosign | ||
uses: sigstore/cosign-installer@v3 | ||
with: | ||
cosign-release: 'v2.2.4' | ||
|
||
- name: Sign Docker image | ||
env: | ||
COSIGN_EXPERIMENTAL: "true" | ||
shell: bash | ||
run: | | ||
echo "${{ inputs.tags }}" | xargs -I {} cosign sign --yes {}@${{ inputs.digest }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
#!/bin/bash | ||
|
||
# Description: This script is used to set the output for the GitHub action. | ||
# It writes the output to the file specified by the GITHUB_OUTPUT environment variable. | ||
# The output is formatted as name<<delimiter followed by the value and then the delimiter. | ||
# This allows for arrays to be passed as output. However they must be joined to a string | ||
# using newline characters before like so: "$(IFS=$'\n'; echo "${ARRAY[*]}")"" | ||
|
||
# Arguments: | ||
# $1: name of the output | ||
# $2: value of the output | ||
|
||
name=$1 | ||
value=$2 | ||
|
||
filePath="${GITHUB_OUTPUT}" | ||
delimiter="ghadelimiter_$(uuidgen)" | ||
|
||
# Shouldn't happen, but just in case | ||
if [[ "$name" == *"$delimiter"* ]]; then | ||
echo "Error: name contains the delimiter $delimiter" | ||
return 1 | ||
fi | ||
|
||
# Write to the output file with the formatted message | ||
echo "${name}<<${delimiter}" >> "$filePath" | ||
echo "${value}" >> "$filePath" | ||
echo "${delimiter}" >> "$filePath" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,117 @@ | ||
name: Build Docker Image | ||
|
||
on: | ||
push: | ||
branches: [ "master" ] | ||
tags: [ 'v*.*.*' ] | ||
paths: | ||
- '.github/workflows/**' | ||
- 'rootfs/**' | ||
- 'build/**' | ||
- 'Dockerfile' | ||
pull_request: | ||
branches: [ "master" ] | ||
paths: | ||
- '.github/workflows/**' | ||
- 'rootfs/**' | ||
- 'build/**' | ||
- 'Dockerfile' | ||
workflow_dispatch: | ||
inputs: | ||
push: | ||
description: 'Push image to registry' | ||
required: false | ||
default: false | ||
type: boolean | ||
qbt_tag: | ||
description: 'qBittorrent tag' | ||
required: false | ||
type: string | ||
docker_tag: | ||
description: 'Tag for the docker image' | ||
required: false | ||
type: string | ||
commit_sha: | ||
description: 'Commit SHA to checkout. Requires docker_tag.' | ||
required: false | ||
type: string | ||
|
||
jobs: | ||
build-and-sign: | ||
runs-on: ubuntu-latest | ||
permissions: | ||
contents: read | ||
packages: write | ||
id-token: write | ||
|
||
steps: | ||
- name: Evaluate run triggers | ||
id: triggers | ||
run: | | ||
if [[ "${{ github.event_name }}" == "workflow_dispatch" && "${{ inputs.push }}" != "true" ]]; then | ||
echo "Workflow was manually triggered, but push is disabled. Skipping push." | ||
elif [[ -n "${{ inputs.commit_sha }}" && -z "${{ inputs.docker_tag }}" ]]; then | ||
echo "commit_sha is set, but docker_tag isn't. Deploying specific commit to default tag is not allowed. Please provide a docker_tag." | ||
elif [[ "${{ github.event_name }}" == "pull_request" ]]; then | ||
echo "Pull request event detected. Skipping push." | ||
else | ||
echo "do_push=true" >> $GITHUB_OUTPUT | ||
fi | ||
- name: Checkout repository | ||
uses: actions/checkout@v4 | ||
|
||
- name: Get version infos | ||
id: version_info | ||
uses: ./.github/actions/build-push-info | ||
with: | ||
qbt_tag: ${{ inputs.qbt_tag }} | ||
docker_tag: ${{ inputs.docker_tag }} | ||
|
||
- name: Setup Docker | ||
uses: ./.github/actions/docker-setup | ||
with: | ||
login_enabled: ${{ steps.triggers.outputs.do_push == 'true' }} | ||
github_token: ${{ secrets.GITHUB_TOKEN }} | ||
dockerhub_username: ${{ vars.DOCKERHUB_USERNAME }} | ||
dockerhub_token: ${{ secrets.DOCKERHUB_TOKEN }} | ||
|
||
- name: Extract Docker metadata | ||
id: meta | ||
uses: docker/metadata-action@v5 | ||
with: | ||
images: | | ||
ghcr.io/${{ github.repository }} | ||
trigus42/qbittorrentvpn | ||
- name: Checkout custom commit before building | ||
uses: actions/checkout@v4 | ||
if: ${{ inputs.commit_sha }} | ||
with: | ||
ref: ${{ inputs.commit_sha }} | ||
|
||
- name: Build and push Docker image | ||
id: build | ||
uses: docker/build-push-action@v5 | ||
with: | ||
context: . | ||
platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64 | ||
push: ${{ steps.triggers.outputs.do_push == 'true' }} | ||
build-args: | | ||
"SOURCE_COMMIT=${{ steps.version_info.outputs.short_sha }}" | ||
"QBITTORRENT_TAG=${{ steps.version_info.outputs.qbt_release_tag }}" | ||
tags: ${{ steps.version_info.outputs.tags }} | ||
labels: ${{ steps.meta.outputs.labels }} | ||
cache-from: type=gha | ||
cache-to: type=gha,mode=max | ||
|
||
- name: Checkout back to current commit | ||
if: ${{ inputs.commit_sha }} | ||
run: git checkout ${{ github.sha }} | ||
|
||
- name: Sign Docker image | ||
if: ${{ steps.triggers.outputs.do_push == 'true' }} | ||
uses: ./.github/actions/sign-docker-image | ||
with: | ||
digest: ${{ steps.build.outputs.digest }} | ||
tags: ${{ steps.version_info.outputs.tags }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.