errors/.github/workflows/docker.yml at master · webhippie/errors · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
---
# yaml-language-server: $schema=https://www.schemastore.org/github-workflow.json
name: docker

"on":
  workflow_dispatch:
  push:
    branches:
      - master
    tags:
      - v*
  pull_request:
    branches:
      - master

permissions:
  contents: write
  packages: write

jobs:
  docker:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout source
        uses: actions/checkout@v6

      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          images: |
            webhippie/errors
            quay.io/webhippie/errors
            ghcr.io/webhippie/errors
          labels: |
            org.opencontainers.image.vendor=Webhippie
            maintainer=Thomas Boerger <thomas@webhippie.de>
          tags: |
            type=ref,event=pr
            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/master' }}
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}
            type=semver,pattern={{major}}

      - name: Setup qemu
        uses: docker/setup-qemu-action@v4

      - name: Setup buildx
        id: buildx
        uses: docker/setup-buildx-action@v3

      - name: Setup cosign
        if: github.event_name != 'pull_request'
        uses: sigstore/cosign-installer@v3

      - name: Hub login
        uses: docker/login-action@v4
        if: github.event_name != 'pull_request'
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

      - name: Quay login
        uses: docker/login-action@v4
        if: github.event_name != 'pull_request'
        with:
          registry: quay.io
          username: ${{ secrets.QUAY_USERNAME }}
          password: ${{ secrets.QUAY_PASSWORD }}

      - name: Ghcr login
        uses: docker/login-action@v4
        if: github.event_name != 'pull_request'
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build image
        uses: docker/build-push-action@v6
        with:
          builder: ${{ steps.buildx.outputs.name }}
          context: .
          file: cmd/errors/Dockerfile
          platforms: linux/amd64,linux/386,linux/arm64,linux/arm/v6
          push: ${{ github.event_name != 'pull_request' }}
          labels: ${{ steps.meta.outputs.labels }}
          tags: ${{ steps.meta.outputs.tags }}
          cache-from: type=gha
          cache-to: type=gha,mode=max

      - name: Sign images
        if: github.event_name != 'pull_request'
        env:
          COSIGN_KEY: ${{ secrets.COSIGN_KEY }}
          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
        run: |
          echo "${{ steps.meta.outputs.tags }}" | while read -r TAG; do
            cosign sign --yes --key env://COSIGN_KEY ${TAG}
          done

  readme:
    runs-on: ubuntu-latest
    needs: docker
    if: github.event_name != 'pull_request'

    steps:
      - name: Checkout source
        uses: actions/checkout@v6

      - name: Hub readme
        uses: actionhippie/pushrm@v1
        with:
          provider: dockerhub
          target: webhippie/errors
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
          description: Default backend for Kubernetes Ingress
          readme: README.md

      - name: Quay readme
        uses: actionhippie/pushrm@v1
        with:
          provider: quay
          target: quay.io/webhippie/errors
          apikey: ${{ secrets.QUAY_APIKEY }}
          readme: README.md

...