BanManager-WebUI/.github/workflows/deploy_docker.yaml at master · BanManagement/BanManager-WebUI · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
name: Publish Docker image

on:
  push:
    branches:
      - master

jobs:
  # Build each platform on its own native runner. Building linux/arm64 under
  # qemu-user on an amd64 runner has been broken since the Node 24 bump
  # (qemu raises SIGILL on Arm v8.x instructions emitted by V8's JIT, exit
  # 132). GitHub provides free `ubuntu-24.04-arm` runners for public repos,
  # so we can build natively on each arch and stitch the results together
  # into a manifest list in the merge job below. Pattern lifted from the
  # docker/build-push-action multi-platform docs.
  build:
    name: Build ${{ matrix.platform }}
    runs-on: ${{ matrix.runner }}
    strategy:
      fail-fast: false
      matrix:
        include:
          - platform: linux/amd64
            runner: ubuntu-latest
            arch: amd64
          - platform: linux/arm64
            runner: ubuntu-24.04-arm
            arch: arm64
    steps:
      - name: Check out the repo
        uses: actions/checkout@v6

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

      - name: Log in to Docker Hub
        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

      - name: Extract metadata (labels) for Docker
        id: meta
        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
        with:
          images: banmanagement/webui

      - name: Build and push by digest
        id: build
        uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2
        with:
          context: .
          platforms: ${{ matrix.platform }}
          labels: ${{ steps.meta.outputs.labels }}
          # push-by-digest avoids touching shared tags from per-arch jobs;
          # the merge job below produces the actual `:latest` / `:<sha>`
          # manifest list referencing both digests.
          outputs: type=image,name=banmanagement/webui,push-by-digest=true,name-canonical=true,push=true
          # Per-arch cache scope so amd64 and arm64 do not stomp on each
          # other's layer caches.
          cache-from: type=gha,scope=${{ matrix.arch }}
          cache-to: type=gha,mode=max,scope=${{ matrix.arch }}

      - name: Export digest
        run: |
          mkdir -p /tmp/digests
          digest='${{ steps.build.outputs.digest }}'
          # The digest output is `sha256:<hex>`; the merge job wants just
          # the hex (and to find the file in /tmp/digests).
          touch "/tmp/digests/${digest#sha256:}"

      - name: Upload digest artifact
        uses: actions/upload-artifact@v4
        with:
          name: digests-${{ matrix.arch }}
          path: /tmp/digests/*
          if-no-files-found: error
          retention-days: 1

  merge:
    name: Merge into manifest
    needs: [build]
    runs-on: ubuntu-latest
    steps:
      - name: Download digests
        uses: actions/download-artifact@v4
        with:
          path: /tmp/digests
          pattern: digests-*
          merge-multiple: true

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

      - name: Log in to Docker Hub
        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

      - name: Extract metadata (tags) for Docker
        id: meta
        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
        with:
          images: banmanagement/webui
          # Reproduce the previous workflow's tag set verbatim:
          #   - `latest` on default branch
          #   - the full commit SHA with no `sha-` prefix (the previous
          #     workflow used `${{ github.sha }}` directly)
          tags: |
            type=raw,value=latest,enable={{is_default_branch}}
            type=sha,format=long,prefix=

      - name: Create manifest list and push
        working-directory: /tmp/digests
        run: |
          docker buildx imagetools create \
            $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
            $(printf 'banmanagement/webui@sha256:%s ' *)

      - name: Inspect image
        run: |
          docker buildx imagetools inspect \
            "banmanagement/webui:$(jq -r '.tags[0] | split(":")[1]' <<< "$DOCKER_METADATA_OUTPUT_JSON")"