diff --git a/.github/workflows/publish-container.yml b/.github/workflows/publish-container.yml index 73d457c..c396ff2 100644 --- a/.github/workflows/publish-container.yml +++ b/.github/workflows/publish-container.yml @@ -7,7 +7,9 @@ on: push: branches: - - main + - next + tags: + - v* pull_request: @@ -23,17 +25,12 @@ jobs: runs-on: ubuntu-latest strategy: - fail-fast: false + fail-fast: true matrix: include: - - name: nginx - path: nginx - - - name: nginx-pwa - path: nginx-pwa - - - name: nginx-ws - path: nginx-ws + - path: nginx-base + - path: nginx-pwa + - path: nginx-ws permissions: contents: read @@ -42,7 +39,7 @@ jobs: steps: - name: โคต๏ธ Checkout repository - uses: actions/checkout@v4.0.0 + uses: actions/checkout@v4.1.1 - name: โ” Check Container files changed id: file_change @@ -52,17 +49,6 @@ jobs: container_folder: ./${{ matrix.path }}/* - - name: ๐Ÿ— Extract version from dockerfile - if: ${{ steps.file_change.outputs.container_folder == 'true' }} - id: version - run: | - version_full=$(grep 'cloud.alwatr.image.version.full' ./${{ matrix.path }}/Dockerfile | cut -d'"' -f2) - version_short=$(grep 'cloud.alwatr.image.version.short' ./${{ matrix.path }}/Dockerfile | cut -d'"' -f2) - echo "version_full=$version_full" >> $GITHUB_OUTPUT - echo "version_short=$version_short" >> $GITHUB_OUTPUT - echo "version_full: $version_full" - echo "version_short: $version_short" - - name: ๐Ÿ— Install cosign if: ${{ github.event_name != 'pull_request' && steps.file_change.outputs.container_folder == 'true' }} uses: sigstore/cosign-installer@v3.1.2 @@ -76,7 +62,7 @@ jobs: uses: actions/cache@v3 with: path: /tmp/.buildx-cache - key: container-${{ matrix.name }} + key: alwatr-${{ matrix.path }} - name: ๐Ÿ— Log into registry ${{env.REGISTRY}} if: ${{ github.event_name != 'pull_request' && steps.file_change.outputs.container_folder == 'true' }} @@ -86,16 +72,26 @@ jobs: username: ${{github.repository_owner}} password: ${{secrets.GITHUB_TOKEN}} + - name: ๐Ÿ— Extract metadata + id: meta + uses: docker/metadata-action@v5.0.0 + with: + github-token: ${{secrets.GITHUB_TOKEN}} + images: name=${{env.REGISTRY}}/${{env.USER}}/${{matrix.path}},enable=true + tags: | + type=semver,enable=true,pattern={{major}} + type=semver,enable=true,pattern={{major}}.{{minor}} + type=semver,enable=true,pattern={{version}} + type=ref,enable=true,event=branch + - name: ๐Ÿš€ Build and push container image if: ${{ steps.file_change.outputs.container_folder == 'true' }} id: build_and_push uses: docker/build-push-action@v5.0.0 with: context: ./${{matrix.path}} - push: ${{github.event_name != 'pull_request'}} - tags: | - ${{env.REGISTRY}}/${{env.USER}}/${{matrix.name}}:${{steps.version.outputs.version_full}} - ${{env.REGISTRY}}/${{env.USER}}/${{matrix.name}}:${{steps.version.outputs.version_short}} + push: ${{ github.event_name != 'pull_request' }} + tags: ${{steps.meta.outputs.tags}} cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache build-args: | @@ -106,6 +102,4 @@ jobs: if: ${{ github.event_name != 'pull_request' && steps.file_change.outputs.container_folder == 'true' }} env: COSIGN_EXPERIMENTAL: 'true' - run: | - cosign sign --yes "${{env.REGISTRY}}/${{env.USER}}/${{matrix.name}}:${{steps.version.outputs.version_full}}@${{steps.build_and_push.outputs.digest}}" - cosign sign --yes "${{env.REGISTRY}}/${{env.USER}}/${{matrix.name}}:${{steps.version.outputs.version_short}}@${{steps.build_and_push.outputs.digest}}" + run: echo "${{steps.meta.outputs.tags}}" | xargs -I {} cosign sign --yes {}@${{steps.build_and_push.outputs.digest}} diff --git a/README.md b/README.md index cadd0fd..24316aa 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Alwatr Accelerated Web Server -High performance Accelerated NGINX optimized for serve static content like CDN. +High-performance, accelerated NGINX, optimized for serving static content. Enhanced and accelerated by Alwatr. ## Usage diff --git a/nginx-base/Dockerfile b/nginx-base/Dockerfile index 420e6c2..ff9515f 100644 --- a/nginx-base/Dockerfile +++ b/nginx-base/Dockerfile @@ -1,5 +1,12 @@ -ARG NGINX_IMAGE=docker.io/library/nginx:1.25-alpine -FROM $NGINX_IMAGE +FROM docker.io/library/nginx:1.25.3-alpine3.18 + +RUN apk add --no-cache curl +HEALTHCHECK --interval=30s --timeout=3s --start-period=1s --retries=3 CMD curl -fso /dev/null http://localhost/server-info || exit 1 + +RUN rm -rfv /etc/nginx/conf.d/* +COPY conf/ /etc/nginx/ +COPY www/ /var/www/ +RUN chmod a+rx /etc/nginx/entrypoint.sh /etc/nginx/entrypoint.d/*.sh # Default environment for nginx template # ENV NGINX_ACCESS_LOG="/var/log/nginx/access.log json" @@ -30,15 +37,23 @@ ENV NGINX_ACCESS_LOG=off \ NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE=1 \ NGINX_ENTRYPOINT_QUIET_LOGS="" -RUN apk add --no-cache curl -HEALTHCHECK --interval=30s --timeout=3s --start-period=1s --retries=3 CMD curl -fso /dev/null http://localhost/server-info || exit 1 - -RUN rm -rfv /etc/nginx/conf.d/* -COPY conf/ /etc/nginx/ -COPY www/ /var/www/ -RUN chmod a+rx /etc/nginx/entrypoint.sh /etc/nginx/entrypoint.d/*.sh - EXPOSE 80 WORKDIR /var/www/html/ ENTRYPOINT ["/etc/nginx/entrypoint.sh"] CMD ["nginx", "-g", "daemon off;"] + +ARG BUILD_REV +ARG BUILD_DATE +LABEL org.opencontainers.image.title="alwatr/nginx" \ + org.opencontainers.image.description="High-performance, accelerated NGINX, optimized for serving static content. Enhanced and accelerated by Alwatr." \ + org.opencontainers.image.base.name="docker.io/library/nginx:1.25.3-alpine3.18" \ + org.opencontainers.image.version="1.25.3" \ + org.opencontainers.image.ref.name="1.25.3-alpine3.18" \ + org.opencontainers.image.licenses="MIT" \ + org.opencontainers.image.created=${BUILD_DATE} \ + org.opencontainers.image.revision=${BUILD_REV} \ + org.opencontainers.image.vendor="Alwatr" \ + org.opencontainers.image.source="https://github.com/Alwatr/nginx" \ + org.opencontainers.image.url="https://github.com/Alwatr/nginx" \ + org.opencontainers.image.documentation="https://github.com/Alwatr/nginx" \ + org.opencontainers.image.authors="S. Ali Mihandoost (https://ali.mihandoost.com), S. Amir Mohammad Najafi (https://njfamirm.ir/)"