From b394b4e822d9a541415053403863c31e259ade6a Mon Sep 17 00:00:00 2001 From: Keith Derrick Date: Mon, 23 Feb 2026 11:51:05 -0800 Subject: [PATCH 1/5] Enable github actions to build image --- .github/workflows/oscms-ci-docker.yml | 104 ++++++++++++++++++++++++++ .gitignore | 2 + 2 files changed, 106 insertions(+) create mode 100644 .github/workflows/oscms-ci-docker.yml create mode 100644 .gitignore diff --git a/.github/workflows/oscms-ci-docker.yml b/.github/workflows/oscms-ci-docker.yml new file mode 100644 index 0000000..d98bc4e --- /dev/null +++ b/.github/workflows/oscms-ci-docker.yml @@ -0,0 +1,104 @@ +# Copyright (c) 2026 LG Electronics, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http:#www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 + +name: OpenSCMS/oscms-ci-docker +on: + push: + branches: + - main + pull_request: + workflow_dispatch: + +env: + CI_REGISTRY: ghcr.io + CI_REGISTRY_USER: ${{ github.actor }} + CI_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} + +concurrency: + group: "${{ github.ref }}" + cancel-in-progress: true + +jobs: + lower-case-repo-name: + runs-on: + - ubuntu-latest + steps: + - id: set-variable + run: echo "LC_REPO_NAME=${GITHUB_REPOSITORY,,}" >>${GITHUB_OUTPUT} + + outputs: + LC_REPO_NAME: ${{ steps.set-variable.outputs.LC_REPO_NAME }} + + build-docker-ci-image: + needs: lower-case-repo-name + + env: + CI_REGISTRY_IMAGE: "${{ github.repository }}" + CI_IMAGE: "${{ github.repository }}:${{ github.sha }}" + # CI_REGISTRY_IMAGE: "${{ needs.lower-case-repo-name.outputs.LC_REPO_NAME }}" + # CI_IMAGE: "${{ needs.lower-case-repo-name.outputs.LC_REPO_NAME }}:${{ github.sha }}" + + runs-on: + - ubuntu-latest + + permissions: + contents: read + packages: write + attestations: write + id-token: write + + timeout-minutes: 60 + + steps: + - name: Checkout repository + uses: actions/checkout@v4.1.0 + with: + fetch-depth: 0 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3.0.0 + with: + registry: ${{ env.CI_REGISTRY }} + username: ${{ env.CI_REGISTRY_USER }} + password: ${{ env.CI_REGISTRY_PASSWORD }} + + - name: Get image metadata + id: meta + uses: docker/metadata-action@v5.0.0 + with: + images: ${{ env.CI_REGISTRY }}/${{ env.CI_REGISTRY_IMAGE }} + tags: | + type=raw,value=latest,enable={{ is_default_branch }} + type=ref,event=tag + type=ref,event=pr + + - name: Build and push Docker image + id: push + uses: docker/build-push-action@v5.0.0 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=registry,ref=${{ env.CI_REGISTRY }}/${{ env.CI_REGISTRY_IMAGE }}:latest + file: openscms-ci.dockerfile + + - name: Generate artifact attestation + uses: actions/attest@v4 + with: + subject-name: "${{ env.CI_REGISTRY }}/${{ needs.lower-case-repo-name.outputs.LC_REPO_NAME }}" + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..5215291 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +.env.local +log/ From a56a9d13c8f0c1f03265cd9e9a8f895740f847b2 Mon Sep 17 00:00:00 2001 From: Keith Derrick Date: Wed, 4 Mar 2026 09:14:50 -0800 Subject: [PATCH 2/5] Cleanup actions --- .github/workflows/oscms-ci-docker.yml | 38 ++++++--------------------- README.md | 13 ++++++--- 2 files changed, 17 insertions(+), 34 deletions(-) diff --git a/.github/workflows/oscms-ci-docker.yml b/.github/workflows/oscms-ci-docker.yml index d98bc4e..0e2fa1c 100644 --- a/.github/workflows/oscms-ci-docker.yml +++ b/.github/workflows/oscms-ci-docker.yml @@ -24,33 +24,14 @@ on: env: CI_REGISTRY: ghcr.io - CI_REGISTRY_USER: ${{ github.actor }} - CI_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} + CI_REGISTRY_IMAGE: ghcr.io/openscms/oscms-ci-docker concurrency: group: "${{ github.ref }}" cancel-in-progress: true jobs: - lower-case-repo-name: - runs-on: - - ubuntu-latest - steps: - - id: set-variable - run: echo "LC_REPO_NAME=${GITHUB_REPOSITORY,,}" >>${GITHUB_OUTPUT} - - outputs: - LC_REPO_NAME: ${{ steps.set-variable.outputs.LC_REPO_NAME }} - build-docker-ci-image: - needs: lower-case-repo-name - - env: - CI_REGISTRY_IMAGE: "${{ github.repository }}" - CI_IMAGE: "${{ github.repository }}:${{ github.sha }}" - # CI_REGISTRY_IMAGE: "${{ needs.lower-case-repo-name.outputs.LC_REPO_NAME }}" - # CI_IMAGE: "${{ needs.lower-case-repo-name.outputs.LC_REPO_NAME }}:${{ github.sha }}" - runs-on: - ubuntu-latest @@ -72,14 +53,14 @@ jobs: uses: docker/login-action@v3.0.0 with: registry: ${{ env.CI_REGISTRY }} - username: ${{ env.CI_REGISTRY_USER }} - password: ${{ env.CI_REGISTRY_PASSWORD }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Get image metadata id: meta uses: docker/metadata-action@v5.0.0 with: - images: ${{ env.CI_REGISTRY }}/${{ env.CI_REGISTRY_IMAGE }} + images: ${{ env.CI_REGISTRY_IMAGE }} tags: | type=raw,value=latest,enable={{ is_default_branch }} type=ref,event=tag @@ -90,15 +71,12 @@ jobs: uses: docker/build-push-action@v5.0.0 with: context: . + provenance: mode=max push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - cache-from: type=registry,ref=${{ env.CI_REGISTRY }}/${{ env.CI_REGISTRY_IMAGE }}:latest + cache-from: type=registry,ref=${{ env.CI_REGISTRY_IMAGE }}:latest file: openscms-ci.dockerfile - - name: Generate artifact attestation - uses: actions/attest@v4 - with: - subject-name: "${{ env.CI_REGISTRY }}/${{ needs.lower-case-repo-name.outputs.LC_REPO_NAME }}" - subject-digest: ${{ steps.push.outputs.digest }} - push-to-registry: true + - name: Image digest + run: echo ${{ steps.push.outputs.digest }} diff --git a/README.md b/README.md index b3c7647..7d8b17b 100644 --- a/README.md +++ b/README.md @@ -50,13 +50,18 @@ This will place you in a `bash` shell within the container, with your cloned sou ## Pulling the image from GitHub +The image is published on `ghcr.io` as a public image. Simply pull it as follows + ```bash -docker login ghcr.io -u YOUR_GITHUB_USERNAME -# When prompted for a password, paste your Personal Access Token (PAT) -docker pull ghcr.io/OpenSCMS/oscms-ci-docker/oscms-ci-docker:latest +docker pull ghcr.io/openscms/oscms-ci-docker:latest ``` -You can then run it as shown above. +You can then run it as shown below. + +```bash +docker run -ti --rm --volume $PWD:/WORK --user $(id -u):$(id -g) \ + ghcr.io/openscms/oscms-ci-docker:latest +``` ## Contributing From e19538366674f5f775ce31a6c1752602583f0f5f Mon Sep 17 00:00:00 2001 From: Keith Derrick Date: Wed, 4 Mar 2026 09:21:56 -0800 Subject: [PATCH 3/5] Don't load image with attestations --- .github/workflows/oscms-ci-docker.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/oscms-ci-docker.yml b/.github/workflows/oscms-ci-docker.yml index 0e2fa1c..b81e9ad 100644 --- a/.github/workflows/oscms-ci-docker.yml +++ b/.github/workflows/oscms-ci-docker.yml @@ -77,6 +77,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} cache-from: type=registry,ref=${{ env.CI_REGISTRY_IMAGE }}:latest file: openscms-ci.dockerfile + load: false - name: Image digest run: echo ${{ steps.push.outputs.digest }} From 78c333908be0c127d283360e66e8c07f4b0738b8 Mon Sep 17 00:00:00 2001 From: Keith Derrick Date: Wed, 4 Mar 2026 09:25:01 -0800 Subject: [PATCH 4/5] Go with default attestations --- .github/workflows/oscms-ci-docker.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/oscms-ci-docker.yml b/.github/workflows/oscms-ci-docker.yml index b81e9ad..a14ec78 100644 --- a/.github/workflows/oscms-ci-docker.yml +++ b/.github/workflows/oscms-ci-docker.yml @@ -71,13 +71,11 @@ jobs: uses: docker/build-push-action@v5.0.0 with: context: . - provenance: mode=max push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=registry,ref=${{ env.CI_REGISTRY_IMAGE }}:latest file: openscms-ci.dockerfile - load: false - name: Image digest run: echo ${{ steps.push.outputs.digest }} From 76e6f2e38eba362703c823c278ee06e4f414d108 Mon Sep 17 00:00:00 2001 From: Keith Derrick Date: Wed, 4 Mar 2026 09:32:17 -0800 Subject: [PATCH 5/5] Set up buildx --- .github/workflows/oscms-ci-docker.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/oscms-ci-docker.yml b/.github/workflows/oscms-ci-docker.yml index a14ec78..2bbe254 100644 --- a/.github/workflows/oscms-ci-docker.yml +++ b/.github/workflows/oscms-ci-docker.yml @@ -56,6 +56,9 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Get image metadata id: meta uses: docker/metadata-action@v5.0.0