-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
- Loading branch information
Showing
4 changed files
with
247 additions
and
37 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
name: Login to container registries | ||
description: Login to container registries Docker Hub and GitHub Container Registry | ||
|
||
inputs: | ||
# Actions cannot access secrets so pass them in as inputs | ||
docker_username: | ||
required: true | ||
description: The username to use to login to Docker Hub | ||
docker_password: | ||
required: true | ||
description: The password to use to login to Docker Hub | ||
ghcr_username: | ||
required: true | ||
description: The username to use to login to GitHub Container Registry | ||
ghcr_password: | ||
required: true | ||
description: The password to use to login to GitHub Container Registry | ||
|
||
runs: | ||
using: "composite" | ||
steps: | ||
- | ||
name: Login to Docker Hub | ||
uses: docker/login-action@v2 | ||
with: | ||
registry: docker.io | ||
username: ${{ inputs.docker_username }} | ||
password: ${{ inputs.docker_password }} | ||
- | ||
name: Login to GitHub Container Registry | ||
uses: docker/login-action@v2 | ||
with: | ||
registry: ghcr.io | ||
username: ${{ inputs.ghcr_username }} | ||
password: ${{ inputs.ghcr_password }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
name: Merge and push | ||
description: Apply meta, create manifest, and push to container registry | ||
|
||
inputs: | ||
imagename: | ||
required: true | ||
description: The name of the image to push | ||
platform: | ||
required: true | ||
description: The platform to push the image for | ||
|
||
runs: | ||
using: "composite" | ||
steps: | ||
- | ||
name: Docker meta | ||
id: meta_docker | ||
uses: docker/metadata-action@v4 | ||
with: | ||
images: | | ||
${{ inputs.imagename }},enable=${{ github.event_name != 'pull_request' && github.event_name != 'workflow_dispatch' }} | ||
foo/bar,enable=${{ github.event_name == 'pull_request' }} | ||
# We want to tag the image with the latest tag if the workflow was triggered by a tag | ||
flavor: | | ||
latest=${{ startsWith(github.ref, 'refs/tags/') }} | ||
# tags: | ||
# type=schedule means that a tag is applied when the workflow is triggered by a schedule event | ||
# type=ref,event=branch means that a tag is applied when the workflow is triggered by a push to a branch | ||
# type=ref,event=tag means that a tag is applied when the workflow is triggered by a push to a tag | ||
tags: | | ||
type=schedule,suffix=-${{ inputs.platform }},enable=${{ github.event_name == 'schedule' }} | ||
type=ref,event=branch,suffix=-${{ inputs.platform }},enable=${{ github.event_name != 'schedule' }} | ||
type=ref,event=tag,suffix=-${{ inputs.platform }} | ||
- | ||
name: Create manifest list and push to repository | ||
working-directory: /tmp/digests/dockerhub/${{ inputs.platform }} | ||
# When using composite actions, you have to specify the shell. As you | ||
# don’t specify a runner type in composite actions, you need to specify | ||
# the shell instead for each action. | ||
shell: bash | ||
run: | | ||
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | ||
$(printf '${{ inputs.imagename }}@sha256:%s ' *) | ||
- | ||
name: Inspect image | ||
shell: bash | ||
run: | | ||
docker buildx imagetools inspect ${{ inputs.imagename }}:${{ steps.meta_docker.outputs.version }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,65 +1,192 @@ | ||
name: Build & Publish | ||
on: | ||
schedule: | ||
- cron: '0 5 * * *' | ||
- cron: "0 5 * * *" | ||
push: | ||
branches: | ||
- v6-alpine-play | ||
|
||
env: | ||
DOCKER_REGISTRY_IMAGE: ${{ secrets.DOCKERHUB_NAMESPACE }}/pihole | ||
GITHUB_REGISTRY_IMAGE: ghcr.io/${{ github.repository_owner }}/pihole | ||
|
||
jobs: | ||
build-and-publish: | ||
build-and-test: | ||
runs-on: ubuntu-latest | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
include: | ||
- platform: linux/amd64 | ||
container: alpine:3.18 | ||
- platform: linux/386 | ||
container: alpine:3.18 | ||
# - platform: linux/arm/v5 | ||
# container: debian:stretch-slim | ||
# - platform: linux/arm/v6 | ||
# container: debian:bullseye-slim | ||
- platform: linux/arm/v6 | ||
container: alpine:3.18 | ||
- platform: linux/arm/v7 | ||
container: alpine:3.18 | ||
- platform: linux/arm64/v8 | ||
container: alpine:3.18 | ||
- platform: linux/riscv64 | ||
container: alpine:edge | ||
steps: | ||
- | ||
name: Checkout | ||
if: github.event_name != 'schedule' | ||
uses: actions/checkout@v3 | ||
- | ||
name: Checkout dev branch if we are building | ||
if: github.event_name == 'schedule' | ||
- name: Checkout Repo | ||
uses: actions/checkout@v3 | ||
with: | ||
ref: v6-alpine-play | ||
- | ||
name: Set up QEMU | ||
uses: docker/setup-qemu-action@v2 | ||
- | ||
name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v2 | ||
- | ||
name: Docker meta | ||
- name: Docker meta (Docker Hub and GitHub Container Registry) | ||
id: meta | ||
uses: docker/metadata-action@v4 | ||
with: | ||
github-token: ${{ secrets.GITHUB_TOKEN }} | ||
images: | | ||
${{ secrets.DOCKERHUB_NAMESPACE }}/pihole | ||
ghcr.io/${{ github.repository_owner }}/pihole | ||
${{ env.DOCKER_REGISTRY_IMAGE }} | ||
${{ env.GITHUB_REGISTRY_IMAGE }} | ||
flavor: | | ||
latest=false | ||
tags: | | ||
v6-alpine-play | ||
- | ||
name: Login to DockerHub | ||
uses: docker/login-action@v2 | ||
- name: Login to DockerHub and GitHub Container Registry | ||
uses: ./.github/actions/login-repo | ||
with: | ||
username: ${{ secrets.DOCKERHUB_USER }} | ||
password: ${{ secrets.DOCKERHUB_PASS }} | ||
- | ||
name: Login to GitHub Container Registry | ||
uses: docker/login-action@v2 | ||
docker_username: ${{ secrets.DOCKERHUB_USER }} | ||
docker_password: ${{ secrets.DOCKERHUB_PASS }} | ||
ghcr_username: ${{ github.repository_owner }} | ||
ghcr_password: ${{ secrets.GITHUB_TOKEN }} | ||
- # Add support for more platforms with QEMU (optional) | ||
# https://github.com/docker/setup-qemu-action | ||
name: Set up QEMU | ||
uses: docker/setup-qemu-action@v2 | ||
with: | ||
registry: ghcr.io | ||
username: ${{ github.repository_owner }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
- | ||
name: Build and push | ||
uses: docker/build-push-action@v4 | ||
platforms: all | ||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v2 | ||
- name: Build container and push by digest (Docker Hub) | ||
id: build_docker | ||
uses: docker/build-push-action@v3 | ||
with: | ||
context: ./src/ | ||
platforms: linux/amd64, linux/386, linux/arm/v6, linux/arm/v7, linux/arm64/v8, linux/riscv64 | ||
platforms: ${{ matrix.platform }} | ||
build-args: | | ||
PIHOLE_DOCKER_TAG=${{ steps.meta.outputs.version }} | ||
CONTAINER=${{ matrix.container }} | ||
push: true | ||
tags: ${{ steps.meta.outputs.tags }} | ||
labels: ${{ steps.meta.outputs.labels }} | ||
outputs: | | ||
type=image,name=${{ env.DOCKER_REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true | ||
- name: Build container and push by digest (GitHub Container Registry) | ||
id: build_ghcr | ||
uses: docker/build-push-action@v3 | ||
with: | ||
context: ./src/ | ||
platforms: ${{ matrix.platform }} | ||
build-args: | | ||
PIHOLE_DOCKER_TAG=${{ steps.meta.outputs.version }} | ||
CONTAINER=${{ matrix.container }} | ||
push: true | ||
labels: ${{ steps.meta.outputs.labels }} | ||
outputs: | | ||
type=image,name=${{ env.GITHUB_REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true | ||
- name: Export digests | ||
run: | | ||
mkdir -p /tmp/digests/dockerhub/${{ env.context }} | ||
mkdir -p /tmp/digests/ghcr/${{ env.context }} | ||
digest_docker="${{ steps.build_docker.outputs.digest }}" | ||
touch "/tmp/digests/dockerhub/${{ env.context }}/${digest_docker#sha256:}" | ||
digest_ghcr="${{ steps.build_ghcr.outputs.digest }}" | ||
touch "/tmp/digests/ghcr/${{ env.context }}/${digest_ghcr#sha256:}" | ||
- name: Upload digest | ||
uses: actions/upload-artifact@v3 | ||
with: | ||
name: digests | ||
path: /tmp/digests/* | ||
if-no-files-found: error | ||
retention-days: 1 | ||
|
||
# Merge all the digests into a single file | ||
# If we would push immediately above, the individual runners would overwrite each other's images | ||
# https://docs.docker.com/build/ci/github-actions/multi-platform/#distribute-build-across-multiple-runners | ||
merge-and-deploy: | ||
runs-on: ubuntu-latest | ||
needs: | ||
- build-and-test | ||
steps: | ||
- name: Checkout Repo | ||
uses: actions/checkout@v3 | ||
- name: Download digests | ||
uses: actions/download-artifact@v3 | ||
with: | ||
name: digests | ||
path: /tmp/digests | ||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v2 | ||
- name: Login to DockerHub and GitHub Container Registry | ||
uses: ./.github/actions/login-repo | ||
with: | ||
docker_username: ${{ secrets.DOCKERHUB_USER }} | ||
docker_password: ${{ secrets.DOCKERHUB_PASS }} | ||
ghcr_username: ${{ github.repository_owner }} | ||
ghcr_password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Docker meta (Docker Hub and GitHub Container Registry) | ||
id: meta | ||
uses: docker/metadata-action@v4 | ||
with: | ||
github-token: ${{ secrets.GITHUB_TOKEN }} | ||
images: | | ||
${{ env.DOCKER_REGISTRY_IMAGE }} | ||
flavor: | | ||
latest=false | ||
tags: | | ||
v6-alpine-play | ||
- name: Create manifest list and push | ||
working-directory: /tmp/digests/dockerhub | ||
run: | | ||
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | ||
$(printf '${{ env.DOCKER_REGISTRY_IMAGE }}@sha256:%s ' *) | ||
- name: Inspect image | ||
run: | | ||
docker buildx imagetools inspect ${{ env.DOCKER_REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} | ||
- name: Create manifest list and push | ||
working-directory: /tmp/digests/ghcr | ||
run: | | ||
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | ||
$(printf '${{ env.GITHUB_REGISTRY_IMAGE }}@sha256:%s ' *) | ||
- name: Inspect image | ||
run: | | ||
docker buildx imagetools inspect ${{ env.GITHUB_REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} | ||
# Push the digests to Docker Hub and GitHub Container Registry | ||
|
||
# - | ||
# name: Collect and push (Alpine, Docker Hub) | ||
# uses: ./.github/actions/merge-and-push | ||
# with: | ||
# imagename: ${{ env.DOCKER_REGISTRY_IMAGE }} | ||
# platform: alpine | ||
# # - | ||
# # name: Collect and push (Debian, Docker Hub) | ||
# # uses: ./.github/actions/merge-and-push | ||
# # with: | ||
# # imagename: ${{ env.DOCKER_REGISTRY_IMAGE }} | ||
# # platform: debian | ||
# - | ||
# name: Collect and push (Alpine, GitHub Container Registry) | ||
# uses: ./.github/actions/merge-and-push | ||
# with: | ||
# imagename: ${{ env.GITHUB_REGISTRY_IMAGE }} | ||
# platform: alpine | ||
# - | ||
# name: Collect and push (Debian, GitHub Container Registry) | ||
# uses: ./.github/actions/merge-and-push | ||
# with: | ||
# imagename: ${{ env.GITHUB_REGISTRY_IMAGE }} | ||
# platform: debian |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters