-
Notifications
You must be signed in to change notification settings - Fork 9k
143 lines (120 loc) · 4.51 KB
/
docker-build-push.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
# inspired by https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
name: Build & Push SwaggerUI multi platform Docker image
on:
workflow_dispatch:
inputs:
git_ref:
description: Git branch, tag or SHA to checkout.
type: string
required: true
docker_tag:
description: Docker tag associated with the `git_ref`
type: string
required: true
repository_dispatch:
type: [docker_build_push]
env:
REGISTRY_IMAGE: swaggerapi/swagger-ui
jobs:
inputs:
name: Normalize inputs
runs-on: ubuntu-latest
outputs:
git_ref: ${{ steps.workflow_dispatch.outputs.git_ref || steps.repository_dispatch.outputs.git_ref }}
docker_tag: ${{ steps.workflow_dispatch.outputs.docker_tag || steps.repository_dispatch.outputs.docker_tag }}
steps:
- name: Normalize inputs of `workflow_dispatch` event
id: workflow_dispatch
if: ${{ github.event_name == 'workflow_dispatch' }}
run: |
echo "git_ref=${{ inputs.git_ref }}" >> "$GITHUB_OUTPUT"
echo "docker_tag=${{ inputs.docker_tag }}" >> "$GITHUB_OUTPUT"
- name: Normalize inputs of `repository_dispatch` event
id: repository_dispatch
if: ${{ github.event_name == 'repository_dispatch' }}
run: |
echo "git_ref=${{ github.event.client_payload.git_ref }}" >> "$GITHUB_OUTPUT"
echo "docker_tag=${{ github.event.client_payload.docker_tag }}" >> "$GITHUB_OUTPUT"
build:
name: Build & Push SwaggerUI platform specific Docker images
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
platform:
# linux/amd64 is already built by Jenkins
- linux/arm/v6
- linux/arm64
- linux/386
- linux/ppc64le
needs:
- inputs
steps:
- uses: actions/checkout@v4
with:
ref: ${{ needs.inputs.outputs.git_ref }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_SB_USERNAME }}
password: ${{ secrets.DOCKERHUB_SB_PASSWORD }}
- name: Build and push by digest
id: build
uses: docker/build-push-action@v5
with:
context: .
platforms: ${{ matrix.platform }}
provenance: false
outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true
- name: Export digest
run: |
mkdir -p /tmp/digests
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
- name: Sanitize platform variable
id: sanitize_platform
run: |
SANITIZED_PLATFORM="${{ matrix.platform }}" # Assuming direct usage for simplicity
SANITIZED_PLATFORM="${SANITIZED_PLATFORM//[^a-zA-Z0-9_-]/}" # Remove special chars
echo "SANITIZED_PLATFORM=${SANITIZED_PLATFORM}" # Echo for debug
echo "::set-output name=sanitized_platform::${SANITIZED_PLATFORM}"
- name: Upload digest
uses: actions/upload-artifact@v4
with:
name: digest-${{ steps.sanitize_platform.outputs.sanitized_platform }}
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1
merge:
name: Merge platform specific Docker image into multi platform image
runs-on: ubuntu-latest
needs:
- inputs
- build
steps:
- name: Download digests
uses: actions/download-artifact@v4
with:
pattern: digest-*
path: /tmp/digests
merge-multiple: true
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_SB_USERNAME }}
password: ${{ secrets.DOCKERHUB_SB_PASSWORD }}
- name: Create manifest list and push
working-directory: /tmp/digests
run: |
docker buildx imagetools create -t ${{ env.REGISTRY_IMAGE }}:${{ needs.inputs.outputs.docker_tag }} \
${{ env.REGISTRY_IMAGE }}:${{ needs.inputs.outputs.docker_tag }} \
$(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)
- name: Inspect image
run: |
docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ needs.inputs.outputs.docker_tag }}