forked from Just-Some-Bots/MusicBot
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
10f5caf
commit e9a7e3a
Showing
1 changed file
with
47 additions
and
54 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,102 +1,95 @@ | ||
| name: Publish Docker images | ||
| name: CI | ||
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| - 'main' | ||
| - 'master' | ||
| - 'feat/**' | ||
| tags: | ||
| - '*.*.*' | ||
| paths: | ||
| - '.dockerignore' | ||
| - '.env.example' | ||
| - '.github/workflows/**' | ||
| - '**.bat' | ||
| - '**.ps1' | ||
| - '**.py' | ||
| - '**.sh' | ||
| - 'bin/**' | ||
| - 'config/**' | ||
| - 'Dockerfile*' | ||
| - 'musicbot.service' | ||
| - 'musicbot/**' | ||
| - 'musicbotcmd' | ||
| - 'poetry.lock' | ||
| - 'pyproject.toml' | ||
| - 'poetry.lock' | ||
| - 'requirements.txt' | ||
| - '**.py' | ||
| - '**.sh' | ||
| - '.dockerignore' | ||
| - '.env.example' | ||
| - '.github/workflows/**' | ||
| workflow_dispatch: | ||
|
|
||
| env: | ||
| REGISTRY_URL: ${{ vars.REGISTRY_URL }} | ||
| REGISTRY_USER: ${{ vars.REGISTRY_USER }} | ||
| REGISTRY_PASS: ${{ secrets.REGISTRY_PASS }} | ||
|
|
||
| jobs: | ||
| push_to_registry: | ||
| name: Push Docker image to container registry | ||
| build: | ||
| name: Build and push Docker image | ||
| runs-on: ubuntu-latest | ||
| strategy: | ||
| matrix: | ||
| dockerfile: [Dockerfile] | ||
| concurrency: | ||
| group: ${{ github.workflow }}-${{ matrix.dockerfile }}-${{ github.ref }} | ||
| cancel-in-progress: true | ||
| permissions: | ||
| packages: write | ||
| contents: read | ||
| actions: read | ||
| fail-fast: true | ||
| steps: | ||
| - name: Check out the repo | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Log into container registry | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| registry: ${{ env.REGISTRY_URL }} | ||
| username: ${{ env.REGISTRY_URL == 'ghcr.io' && github.repository_owner || env.REGISTRY_USER }} | ||
| password: ${{ env.REGISTRY_URL == 'ghcr.io' && secrets.GITHUB_TOKEN || env.REGISTRY_PASS }} | ||
|
|
||
| - name: Extract image name from Dockerfile | ||
| id: image_name | ||
| run: | | ||
| IMAGE=$(grep "LABEL org.opencontainers.image.title" ${{ matrix.dockerfile }} | cut -d'"' -f2) | ||
| IMAGE=$(grep "LABEL org.opencontainers.image.title" Dockerfile | cut -d'"' -f2) | ||
| echo "IMAGE=$IMAGE" >> $GITHUB_OUTPUT | ||
| - name: Extract metadata (tags, labels) for Docker | ||
| - name: Set password by container registry | ||
| run: | | ||
| case "${{ env.REGISTRY_URL }}" in | ||
| "ghcr.io") | ||
| echo "REGISTRY_PASS=${{ secrets.GITHUB_TOKEN }}" >> $GITHUB_ENV | ||
| ;; | ||
| *) | ||
| if [ -n "${{ secrets.REGISTRY_PASS }}" ]; then | ||
| echo "REGISTRY_PASS=${{ secrets.REGISTRY_PASS }}" >> $GITHUB_ENV | ||
| else | ||
| echo "REGISTRY_PASS secret is not set and registry is not recognized. Exiting..." | ||
| exit 1 | ||
| fi | ||
| ;; | ||
| esac | ||
| - name: Docker meta | ||
| id: meta | ||
| uses: docker/metadata-action@v5 | ||
| with: | ||
| images: | | ||
| ${{ env.REGISTRY_URL }}/${{ env.REGISTRY_URL == 'ghcr.io' && github.repository_owner || env.REGISTRY_USER }}/${{ steps.image_name.outputs.IMAGE }} | ||
| ${{ env.REGISTRY_URL }}/${{ env.REGISTRY_USER }}/${{ steps.image_name.outputs.IMAGE }} | ||
| tags: | | ||
| type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' }} | ||
| type=schedule | ||
| type=ref,event=branch | ||
| type=ref,event=pr | ||
| type=semver,pattern={{version}} | ||
| flavor: | | ||
| latest=false | ||
| type=semver,pattern={{major}}.{{minor}} | ||
| type=semver,pattern={{major}} | ||
| type=sha | ||
| type=raw,value=latest,enable={{is_default_branch}} | ||
| - name: Set up QEMU | ||
| uses: docker/setup-qemu-action@v3 | ||
|
|
||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
|
|
||
| # TODO: fix tagging | ||
| # ! 'manifest unknown' via `docker pull ghcr.io/pythoninthegrass/musicbot:feat-update_docker` | ||
| # ! `docker pull ghcr.io/pythoninthegrass/musicbot@sha256:40b2474ed9a12a7276196e1e09956c2b94ddd379ba46c6859ed40740ea41039a` works | ||
| # ! annotations also only apply to sha256 -- not 'branch/tag' versions | ||
| - name: Build and push Docker image | ||
| - name: Login to container registry | ||
| if: github.event_name != 'pull_request' | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| registry: ${{ env.REGISTRY_URL }} | ||
| username: ${{ env.REGISTRY_USER }} | ||
| password: ${{ env.REGISTRY_PASS }} | ||
|
|
||
| - name: Build and push | ||
| uses: docker/build-push-action@v6 | ||
| with: | ||
| context: . | ||
| file: ./${{ matrix.dockerfile }} | ||
| push: true | ||
| platforms: linux/amd64,linux/arm64/v8 | ||
| push: ${{ github.event_name != 'pull_request' }} | ||
| tags: ${{ steps.meta.outputs.tags }} | ||
| labels: ${{ steps.meta.outputs.labels }} | ||
| platforms: linux/amd64,linux/arm64/v8 | ||
| cache-from: type=registry,ref=${{ steps.meta.outputs.tags }} | ||
| cache-to: type=registry,ref=${{ steps.meta.outputs.tags }},mode=max | ||
| outputs: > | ||
| type=image,name=${{ steps.meta.outputs.tags }}, | ||
| annotation-index.org.opencontainers.image.description=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.description'] }} |