Build and release container images #238
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Stage OCI images through GitHub Actions (GHA) to GitHub Container Registry (GHCR). | |
# | |
# - https://github.com/docker/metadata-action | |
# - https://github.com/docker/setup-qemu-action | |
# - https://github.com/docker/setup-buildx-action | |
# - https://github.com/docker/login-action | |
# - https://github.com/docker/build-push-action | |
# - https://github.com/docker/build-push-action/blob/master/docs/advanced/tags-labels.md | |
name: Build and release container images | |
on: | |
# Build images when merging to `main` and when running a release. | |
push: | |
branches: | |
- 'main' | |
tags: | |
- '*.*.*' | |
# Build images on each pull request. | |
# Remark: Activate only when needed, it will eat a lot of resources. The alternative | |
# is to build manually / on-demand, by using the `workflow_dispatch` feature, | |
# available through the GHA web UI. | |
pull_request: ~ | |
# Produce a nightly image every day at 6 a.m. CEST. | |
schedule: | |
- cron: '0 4 * * *' | |
# Allow job to be triggered manually. | |
workflow_dispatch: | |
# Cancel in-progress jobs when pushing to the same branch. | |
concurrency: | |
cancel-in-progress: true | |
group: ${{ github.workflow }}-${{ github.ref }} | |
# The name for the produced image at ghcr.io. | |
env: | |
IMAGE_NAME: "${{ github.repository }}" | |
RECIPE_PATH: "." | |
jobs: | |
oci: | |
# Fix workflow permissions to permit the recipe to upload to GHCR. | |
# https://github.com/docker/build-push-action/issues/687#issuecomment-1651816012 | |
permissions: | |
contents: read | |
packages: write | |
runs-on: ubuntu-22.04 | |
if: ${{ ! (startsWith(github.actor, 'dependabot') || github.event.pull_request.head.repo.fork ) }} | |
steps: | |
- name: Acquire sources | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Define image name and tags | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
# List of OCI images to use as base name for tags | |
images: | | |
ghcr.io/${{ env.IMAGE_NAME }} | |
# Generate OCI image tags based on the following events/attributes | |
tags: | | |
type=ref,event=branch | |
type=ref,event=pr | |
type=semver,pattern={{version}} | |
type=semver,pattern={{major}}.{{minor}} | |
type=schedule,pattern=nightly | |
- name: Inspect metadata | |
run: | | |
echo "Tags: ${{ steps.meta.outputs.tags }}" | |
echo "Labels: ${{ steps.meta.outputs.labels }}" | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Cache OCI layers | |
uses: actions/cache@v4 | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-buildx-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-buildx- | |
- name: Inspect builder | |
run: | | |
echo "Name: ${{ steps.buildx.outputs.name }}" | |
echo "Endpoint: ${{ steps.buildx.outputs.endpoint }}" | |
echo "Status: ${{ steps.buildx.outputs.status }}" | |
echo "Flags: ${{ steps.buildx.outputs.flags }}" | |
echo "Platforms: ${{ steps.buildx.outputs.platforms }}" | |
- name: Login to GHCR | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ github.token }} | |
- name: Build and push image | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
file: ${{ env.RECIPE_PATH }}/Dockerfile | |
platforms: linux/amd64,linux/arm64 | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
push: true | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache-new | |
- name: Move cache | |
run: | | |
rm -rf /tmp/.buildx-cache | |
mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
- name: Display git status | |
run: | | |
set -x | |
git describe --tags --always | |
git status |