-
Notifications
You must be signed in to change notification settings - Fork 9
138 lines (118 loc) · 4.46 KB
/
docker-publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
name: Docker Build & Publish API and Frontend
on:
schedule:
- cron: '0 0 * * 0'
push:
branches: [ "main" ]
tags: [ 'v*.*.*' ]
pull_request:
branches: [ "main" ]
env:
REGISTRY: ghcr.io
API_IMAGE_NAME: ${{ github.repository }}/api
FRONTEND_IMAGE_NAME: ${{ github.repository }}/frontend
AGENT_SERVER_IMAGE_NAME: ${{ github.repository }}/agent-server
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
# This is used to complete the identity challenge
# with sigstore/fulcio when running outside of PRs.
id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
fetch-depth: 0
fetch-tags: true
- name: Install cosign
if: github.event_name != 'pull_request'
uses: sigstore/[email protected]
with:
cosign-release: 'v2.2.2'
- name: Setup Docker buildx
uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
- name: Log into registry ${{ env.REGISTRY }}
if: github.event_name != 'pull_request'
uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
#####
### API
#####
- name: Extract Docker API metadata
id: meta-api
uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
with:
images: ${{ env.REGISTRY }}/${{ env.API_IMAGE_NAME }}
- name: Build and push API Docker image
id: build-and-push-api
uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a
with:
context: .
file: Dockerfile.api
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta-api.outputs.tags }}
labels: ${{ steps.meta-api.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Sign the published API Docker image
if: ${{ github.event_name != 'pull_request' }}
env:
TAGS: ${{ steps.meta-api.outputs.tags }}
DIGEST: ${{ steps.build-and-push-api.outputs.digest }}
run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
#####
### Frontend
#####
- name: Extract Docker frontend metadata
id: meta-frontend
uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
with:
images: ${{ env.REGISTRY }}/${{ env.FRONTEND_IMAGE_NAME }}
- name: Build and push frontend Docker image
id: build-and-push-frontend
uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a
with:
context: .
file: Dockerfile.frontend
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta-frontend.outputs.tags }}
labels: ${{ steps.meta-frontend.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Sign the published frontend Docker image
if: ${{ github.event_name != 'pull_request' }}
env:
TAGS: ${{ steps.meta-frontend.outputs.tags }}
DIGEST: ${{ steps.build-and-push-frontend.outputs.digest }}
run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
#####
### Agent Server
#####
- name: Extract Docker agent server metadata
id: meta-agent
uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
with:
images: ${{ env.REGISTRY }}/${{ env.AGENT_SERVER_IMAGE_NAME }}
- name: Build and push agent server Docker image
id: build-and-push-agent
uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a
with:
context: .
file: Dockerfile.agent
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta-agent.outputs.tags }}
labels: ${{ steps.meta-agent.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Sign the published agent Docker image
if: ${{ github.event_name != 'pull_request' }}
env:
TAGS: ${{ steps.meta-agent.outputs.tags }}
DIGEST: ${{ steps.build-and-push-agent.outputs.digest }}
run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}