-
Notifications
You must be signed in to change notification settings - Fork 1
130 lines (115 loc) · 4.07 KB
/
docker_publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: docker_publish
on:
push:
tags:
- 'v*'
schedule:
- cron: '0 3 * * 1'
workflow_dispatch:
# Sets the permissions granted to the GITHUB_TOKEN for the actions in this job.
permissions:
contents: read
packages: write
jobs:
docker-alpine:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: 'true'
- name: Setup docker
id: setup
uses: ./.github/workflows/docker-reused-setup-steps
with:
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }}
QUAY_TOKEN: ${{ secrets.QUAY_TOKEN }}
tag: alpine
- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile
push: true
target: final
tags: ${{ steps.setup.outputs.tags }}
labels: ${{ steps.setup.outputs.labels }}
build-args: |
VERSION=${{ github.head_ref || github.ref_name }}
RELEASE=${{ github.run_number }}
platforms: linux/amd64,linux/arm64
# Cache to regietry instead of gha to avoid the capacity limit.
cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/ytarchive:cache
cache-to: type=registry,ref=ghcr.io/${{ github.repository_owner }}/ytarchive:cache,mode=max
sbom: true
provenance: true
docker-ubi:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: 'true'
- name: Setup docker
id: setup
uses: ./.github/workflows/docker-reused-setup-steps
with:
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }}
QUAY_TOKEN: ${{ secrets.QUAY_TOKEN }}
tag: ubi
- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
file: ./ubi.Dockerfile
push: true
target: final
tags: ${{ steps.setup.outputs.tags }}
labels: ${{ steps.setup.outputs.labels }}
build-args: |
VERSION=${{ github.head_ref || github.ref_name }}
RELEASE=${{ github.run_number }}
platforms: linux/amd64,linux/arm64
# Cache to regietry instead of gha to avoid the capacity limit.
cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/ytarchive:cache
cache-to: type=registry,ref=ghcr.io/${{ github.repository_owner }}/ytarchive:cache,mode=max
sbom: true
provenance: true
docker-distroless:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: 'true'
- name: Setup docker
id: setup
uses: ./.github/workflows/docker-reused-setup-steps
with:
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }}
QUAY_TOKEN: ${{ secrets.QUAY_TOKEN }}
tag: distroless
- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
file: ./distroless.Dockerfile
push: true
target: final
tags: ${{ steps.setup.outputs.tags }}
labels: ${{ steps.setup.outputs.labels }}
build-args: |
VERSION=${{ github.head_ref || github.ref_name }}
RELEASE=${{ github.run_number }}
platforms: linux/amd64,linux/arm64
# Cache to regietry instead of gha to avoid the capacity limit.
cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/ytarchive:cache
cache-to: type=registry,ref=ghcr.io/${{ github.repository_owner }}/ytarchive:cache,mode=max
sbom: true
provenance: true