|
1 | 1 | name: Docker |
2 | 2 |
|
3 | | -on: |
4 | | - push: |
5 | | - branches: [ "master" ] |
6 | | - tags: [ 'v*.*.*' ] |
7 | | - pull_request: |
8 | | - branches: [ "master" ] |
| 3 | +on: [push, pull_request, workflow_dispatch] |
9 | 4 |
|
10 | 5 | env: |
11 | | - REGISTRY: ghcr.io |
12 | | - IMAGE_NAME: ${{ github.repository }} |
13 | 6 | ENDPOINT: "rursache/vscode-swift-linuxserver-mod" |
14 | 7 | BRANCH: "master" |
15 | 8 |
|
16 | 9 | jobs: |
17 | 10 | build: |
18 | | - |
19 | 11 | runs-on: ubuntu-latest |
20 | | - permissions: |
21 | | - contents: read |
22 | | - packages: write |
23 | | - id-token: write |
24 | | - |
25 | 12 | steps: |
26 | | - - name: Checkout repository |
27 | | - uses: actions/checkout@v3 |
28 | | - |
29 | | - - name: Install cosign |
30 | | - if: github.event_name != 'pull_request' |
31 | | - uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b #v2.8.1 |
32 | | - with: |
33 | | - cosign-release: 'v1.13.1' |
| 13 | + - uses: actions/checkout@v2.3.3 |
34 | 14 |
|
35 | | - - name: Setup Docker buildx |
36 | | - uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf |
| 15 | + - name: Build image |
| 16 | + run: | |
| 17 | + docker build --no-cache -t ${{ github.sha }} . |
37 | 18 |
|
38 | | - - name: Log into registry ${{ env.REGISTRY }} |
39 | | - if: github.event_name != 'pull_request' |
40 | | - uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c |
41 | | - with: |
42 | | - registry: ${{ env.REGISTRY }} |
43 | | - username: ${{ github.actor }} |
44 | | - password: ${{ secrets.GITHUB_TOKEN }} |
45 | | - |
46 | | - - name: Extract Docker metadata |
47 | | - id: meta |
48 | | - uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 |
49 | | - with: |
50 | | - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} |
| 19 | + - name: Tag image |
| 20 | + if: ${{ github.ref == format('refs/heads/{0}', env.BRANCH) && env.ENDPOINT != 'user/endpoint' }} |
| 21 | + run: | |
| 22 | + docker tag ${{ github.sha }} ${ENDPOINT} |
| 23 | + docker tag ${{ github.sha }} ${ENDPOINT}:${{ github.sha }} |
| 24 | + docker tag ${{ github.sha }} ghcr.io/${ENDPOINT} |
| 25 | + docker tag ${{ github.sha }} ghcr.io/${ENDPOINT}:${{ github.sha }} |
51 | 26 |
|
52 | | - - name: Build and push Docker image |
53 | | - id: build-and-push |
54 | | - uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a |
55 | | - with: |
56 | | - context: . |
57 | | - push: ${{ github.event_name != 'pull_request' }} |
58 | | - tags: ${{ steps.meta.outputs.tags }} |
59 | | - labels: ${{ steps.meta.outputs.labels }} |
60 | | - cache-from: type=gha |
61 | | - cache-to: type=gha,mode=max |
| 27 | + - name: Credential check |
| 28 | + if: ${{ github.ref == format('refs/heads/{0}', env.BRANCH) && env.ENDPOINT != 'user/endpoint' }} |
| 29 | + run: | |
| 30 | + echo "CR_USER=${{ secrets.CR_USER }}" >> $GITHUB_ENV |
| 31 | + echo "CR_PAT=${{ secrets.CR_PAT }}" >> $GITHUB_ENV |
| 32 | + echo "DOCKERUSER=${{ secrets.DOCKERUSER }}" >> $GITHUB_ENV |
| 33 | + echo "DOCKERPASS=${{ secrets.DOCKERPASS }}" >> $GITHUB_ENV |
| 34 | + if [[ "${{ secrets.CR_USER }}" == "" && "${{ secrets.CR_PAT }}" == "" && "${{ secrets.DOCKERUSER }}" == "" && "${{ secrets.DOCKERPASS }}" == "" ]]; then |
| 35 | + echo "::error::Push credential secrets missing." |
| 36 | + echo "::error::You must set either CR_USER & CR_PAT or DOCKERUSER & DOCKERPASS as secrets in your repo settings." |
| 37 | + echo "::error::See https://github.com/linuxserver/docker-mods/blob/master/README.md for more information/instructions." |
| 38 | + exit 1 |
| 39 | + fi |
| 40 | +
|
| 41 | + - name: Login to GitHub Container Registry |
| 42 | + if: ${{ github.ref == format('refs/heads/{0}', env.BRANCH) && env.CR_USER && env.CR_PAT && env.ENDPOINT != 'user/endpoint' }} |
| 43 | + run: | |
| 44 | + echo "${{ secrets.CR_PAT }}" | docker login ghcr.io -u ${{ secrets.CR_USER }} --password-stdin |
| 45 | +
|
| 46 | + - name: Push tags to GitHub Container Registry |
| 47 | + if: ${{ github.ref == format('refs/heads/{0}', env.BRANCH) && env.CR_USER && env.CR_PAT && env.ENDPOINT != 'user/endpoint' }} |
| 48 | + run: | |
| 49 | + docker push ghcr.io/${ENDPOINT}:${{ github.sha }} |
| 50 | + docker push ghcr.io/${ENDPOINT} |
62 | 51 |
|
63 | | - - name: Sign the published Docker image |
64 | | - if: ${{ github.event_name != 'pull_request' }} |
65 | | - env: |
66 | | - COSIGN_EXPERIMENTAL: "true" |
67 | | - # This step uses the identity token to provision an ephemeral certificate |
68 | | - # against the sigstore community Fulcio instance. |
69 | | - run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }} |
70 | | - |
71 | | - # Dockehub |
72 | 52 | - name: Login to DockerHub |
73 | 53 | if: ${{ github.ref == format('refs/heads/{0}', env.BRANCH) && env.DOCKERUSER && env.DOCKERPASS && env.ENDPOINT != 'user/endpoint' }} |
74 | 54 | run: | |
75 | 55 | echo ${{ secrets.DOCKERPASS }} | docker login -u ${{ secrets.DOCKERUSER }} --password-stdin |
76 | | - |
| 56 | +
|
77 | 57 | - name: Push tags to DockerHub |
78 | 58 | if: ${{ github.ref == format('refs/heads/{0}', env.BRANCH) && env.DOCKERUSER && env.DOCKERPASS && env.ENDPOINT != 'user/endpoint' }} |
79 | 59 | run: | |
|
0 commit comments