99 - ' **'
1010
1111env :
12- DOCKER_IMAGE : ghcr.io/onekey-sec/unblob:latest
12+ DOCKER_IMAGE : ghcr.io/onekey-sec/unblob
1313
1414jobs :
15- build-and-push-image :
16- runs-on : ubuntu-20.04
15+ build-image :
16+ runs-on : ubuntu-latest
17+ strategy :
18+ fail-fast : false
19+ matrix :
20+ platform :
21+ - linux/amd64
22+ - linux/arm64
1723 steps :
1824 - name : Checkout source code
19- uses : actions/checkout@v3
25+ uses : actions/checkout@v4
2026
2127 - name : Setup git lfs
2228 uses : ./.github/actions/setup-git-lfs
@@ -27,37 +33,85 @@ jobs:
2733 - name : Poetry build
2834 run : poetry build --format wheel
2935
36+ - name : Docker meta
37+ id : meta
38+ uses : docker/metadata-action@v5
39+ with :
40+ images : ${{ env.DOCKER_IMAGE }}
41+
42+ - name : Set up QEMU
43+ uses : docker/setup-qemu-action@v3
44+
3045 - name : Set up Docker Buildx
31- uses : docker/setup-buildx-action@v2
46+ uses : docker/setup-buildx-action@v3
3247
3348 - name : Login to GitHub Container Registry
34- uses : docker/login-action@v2
49+ uses : docker/login-action@v3
3550 with :
3651 registry : ghcr.io
3752 username : ${{ github.actor }}
3853 password : ${{ secrets.GITHUB_TOKEN }}
3954
40- - name : Build and export to Docker
41- uses : docker/build-push-action@v4
55+ - name : Build and push by digest
56+ id : build
57+ uses : docker/build-push-action@v5
4258 with :
4359 context : .
44- load : true
45- push : false
46- tags : ${{ env.DOCKER_IMAGE }}
60+ platforms : ${{ matrix.platform }}
61+ labels : ${{ steps.meta.outputs.labels }}
62+ outputs : type=image,name= ${{ env.DOCKER_IMAGE }},push-by-digest=true,name-canonical=true,push=true
4763
4864 - name : Check unblob - help
49- run : docker run --rm ${{ env.DOCKER_IMAGE }} --help
65+ run : docker run --rm ${{ env.DOCKER_IMAGE }}:latest --help
5066
5167 - name : Check unblob - show-external-dependencies
52- run : docker run --rm ${{ env.DOCKER_IMAGE }} --show-external-dependencies
68+ run : docker run --rm ${{ env.DOCKER_IMAGE }}:latest --show-external-dependencies
5369
5470 - name : Check unblob - run for a file with --verbose
55- run : docker run --rm -v "$(pwd)"/tests/integration/archive/zip/regular:/test ${{ env.DOCKER_IMAGE }} -v -e /tmp /test/__input__/apple.zip
71+ run : docker run --rm -v "$(pwd)"/tests/integration/archive/zip/regular:/test ${{ env.DOCKER_IMAGE }}:latest -v -e /tmp /test/__input__/apple.zip
72+
73+ - name : Export digest
74+ run : |
75+ mkdir -p /tmp/digests
76+ digest="${{ steps.build.outputs.digest }}"
77+ touch "/tmp/digests/${digest#sha256:}"
5678
57- - name : Build and push
58- if : ${{ github.event_name == 'push' && github.ref_name == 'main' }}
59- uses : docker/build-push-action@v2
79+ name : Upload digest
80+ uses : actions/upload-artifact@v3
6081 with :
61- context : .
62- push : true
63- tags : ${{ env.DOCKER_IMAGE }}
82+ name : digests
83+ path : /tmp/digests/*
84+ if-no-files-found : error
85+ retention-days : 1
86+
87+ merge-and-push-image :
88+ runs-on : ubuntu-latest
89+ needs :
90+ - build-image
91+ steps :
92+ - name : Download digests
93+ uses : actions/download-artifact@v3
94+ with :
95+ name : digests
96+ path : /tmp/digests
97+ - name : Set up Docker Buildx
98+ uses : docker/setup-buildx-action@v3
99+ - name : Docker meta
100+ id : meta
101+ uses : docker/metadata-action@v5
102+ with :
103+ images : ${{ env.DOCKER_IMAGE }}
104+ - name : Login to GitHub Container Registry
105+ uses : docker/login-action@v2
106+ with :
107+ registry : ghcr.io
108+ username : ${{ github.actor }}
109+ password : ${{ secrets.GITHUB_TOKEN }}
110+ - name : Create manifest list and push
111+ working-directory : /tmp/digests
112+ run : |
113+ docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
114+ $(printf '${{ env.DOCKER_IMAGE }}@sha256:%s ' *)
115+ name : Inspect image
116+ run : |
117+ docker buildx imagetools inspect ${{ env.DOCKER_IMAGE }}:${{ steps.meta.outputs.version }}
0 commit comments