github-workflows/.github/workflows/docker-publish.yml at main · JourneyDocker/github-workflows · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
name: Docker Publish

on:
  workflow_call:
    inputs:
      tag:
        description: "The tag for the Docker image"
        required: true
        type: string
      platforms:
        description: "The platforms for Docker image build, e.g., 'linux/amd64,linux/arm64'"
        required: true
        type: string
      registry:
        description: "The registry to publish to: 'both', 'dockerhub', or 'github'"
        required: false
        default: 'both'
        type: string
      dockerfile-location:
        description: "The build context directory for the Docker image, relative to the repository root"
        required: false
        default: '.'
        type: string
    secrets:
      DOCKERHUB_USERNAME:
        required: false
      DOCKERHUB_TOKEN:
        required: false

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  publish:
    environment: release-docker
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v6
        with:
          show-progress: false
          submodules: recursive

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v4

      - name: Login to ghcr.io
        if: ${{ inputs.registry == 'both' || inputs.registry == 'github' }}
        uses: docker/login-action@v4
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Login to DockerHub
        if: ${{ inputs.registry == 'both' || inputs.registry == 'dockerhub' }}
        uses: docker/login-action@v4
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Prepare environment and images
        id: prep
        shell: bash
        run: |
          set -eu

          # Safely lowercase repository names for Docker compliance
          GHCR_REPOSITORY=$(echo "ghcr.io/${{ github.repository }}" | tr '[:upper:]' '[:lower:]')
          DH_REPOSITORY=$(echo "${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}" | tr '[:upper:]' '[:lower:]')
          IMAGE_NAME_LC=$(echo "${{ github.event.repository.name }}" | tr '[:upper:]' '[:lower:]')

          # Export variables needed by later steps
          echo "DH_REPOSITORY=$DH_REPOSITORY" >> "$GITHUB_ENV"
          echo "IMAGE_NAME_LC=$IMAGE_NAME_LC" >> "$GITHUB_ENV"

          # Build the list of base images depending on the user's registry input
          IMAGES=""
          if [ "${{ inputs.registry }}" = "both" ] || [ "${{ inputs.registry }}" = "github" ]; then
            IMAGES="${IMAGES}${GHCR_REPOSITORY}\n"
          fi
          if [ "${{ inputs.registry }}" = "both" ] || [ "${{ inputs.registry }}" = "dockerhub" ]; then
            IMAGES="${IMAGES}${DH_REPOSITORY}\n"
          fi

          # Output multiline image list for the metadata-action
          echo "images<<EOF" >> "$GITHUB_OUTPUT"
          echo -e "$IMAGES" >> "$GITHUB_OUTPUT"
          echo "EOF" >> "$GITHUB_OUTPUT"

      - name: Extract Docker metadata
        id: meta
        uses: docker/metadata-action@v6
        with:
          images: ${{ steps.prep.outputs.images }}
          tags: |
            type=raw,value=${{ inputs.tag }}
            type=ref,event=branch,enable=${{ inputs.tag != 'main' }}
            type=ref,event=tag,enable=${{ inputs.tag != 'main' }}
            type=ref,event=pr,enable=${{ inputs.tag != 'main' }}

      - name: Build and publish Docker image from Dockerfile
        uses: docker/build-push-action@v7
        with:
          context: ${{ inputs.dockerfile-location }}
          platforms: ${{ inputs.platforms }}
          provenance: true
          sbom: true
          push: true
          cache-from: type=gha
          cache-to: type=gha,mode=max
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          annotations: ${{ steps.meta.outputs.annotations }}

      - name: Update DockerHub repository description
        if: ${{ (inputs.registry == 'both' || inputs.registry == 'dockerhub') && inputs.tag == 'main' }}
        uses: peter-evans/dockerhub-description@v5
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
          repository: ${{ env.DH_REPOSITORY }}
          short-description: ${{ github.event.repository.description }}

      - name: Delete Untagged Packages
        if: ${{ inputs.registry == 'both' || inputs.registry == 'github' }}
        uses: dataaxiom/ghcr-cleanup-action@v1
        continue-on-error: true
        with:
          delete-untagged: true
          delete-ghost-images: true
          delete-orphaned-images: true
          validate: true
          package: ${{ env.IMAGE_NAME_LC }}