diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 4d70a0b330..1b636c2689 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -5,32 +5,24 @@ on: branches: - 'main' - 'master' - - 'feat/**' tags: - '*.*.*' paths: - - '.dockerignore' - - '.env.example' - - '.github/workflows/**' - - '**.bat' - - '**.ps1' - - '**.py' - - '**.sh' - - 'bin/**' - - 'config/**' - 'Dockerfile*' - - 'musicbot.service' - - 'musicbot/**' - - 'musicbotcmd' - - 'poetry.lock' - 'pyproject.toml' + - 'poetry.lock' - 'requirements.txt' + - '**.py' + - '**.sh' + - '.dockerignore' + - '.env.example' + - '.github/workflows/**' workflow_dispatch: env: REGISTRY_URL: ${{ vars.REGISTRY_URL }} REGISTRY_USER: ${{ vars.REGISTRY_USER }} - REGISTRY_PASS: ${{ secrets.REGISTRY_PASS }} + DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index jobs: push_to_registry: @@ -40,22 +32,34 @@ jobs: matrix: dockerfile: [Dockerfile] concurrency: - group: ${{ github.workflow }}-${{ matrix.dockerfile }}-${{ github.ref }} + group: ${{ github.workflow }}-${{ matrix.dockerfile }}-${{ github.head_ref || github.ref }} cancel-in-progress: true - permissions: - packages: write - contents: read - actions: read steps: - name: Check out the repo uses: actions/checkout@v4 + - name: Set password by container registry + run: | + case "${{ env.REGISTRY_URL }}" in + "ghcr.io") + echo "REGISTRY_PASS=${{ secrets.GITHUB_TOKEN }}" >> $GITHUB_ENV + ;; + *) + if [ -n "${{ secrets.REGISTRY_PASS }}" ]; then + echo "REGISTRY_PASS=${{ secrets.REGISTRY_PASS }}" >> $GITHUB_ENV + else + echo "REGISTRY_PASS secret is not set and registry is not recognized. Exiting..." + exit 1 + fi + ;; + esac + - name: Log into container registry uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY_URL }} - username: ${{ env.REGISTRY_URL == 'ghcr.io' && github.repository_owner || env.REGISTRY_USER }} - password: ${{ env.REGISTRY_URL == 'ghcr.io' && secrets.GITHUB_TOKEN || env.REGISTRY_PASS }} + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY_PASS }} - name: Extract image name from Dockerfile id: image_name @@ -68,13 +72,10 @@ jobs: uses: docker/metadata-action@v5 with: images: | - ${{ env.REGISTRY_URL }}/${{ env.REGISTRY_URL == 'ghcr.io' && github.repository_owner || env.REGISTRY_USER }}/${{ steps.image_name.outputs.IMAGE }} + ${{ env.REGISTRY_URL }}/${{ env.REGISTRY_USER }}/${{ steps.image_name.outputs.IMAGE }} tags: | - type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' }} - type=ref,event=branch + type=raw,value=latest,enable={{is_default_branch}} type=semver,pattern={{version}} - flavor: | - latest=false - name: Set up QEMU uses: docker/setup-qemu-action@v3 @@ -82,10 +83,6 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - # TODO: fix tagging - # ! 'manifest unknown' via `docker pull ghcr.io/pythoninthegrass/musicbot:feat-update_docker` - # ! `docker pull ghcr.io/pythoninthegrass/musicbot@sha256:40b2474ed9a12a7276196e1e09956c2b94ddd379ba46c6859ed40740ea41039a` works - # ! annotations also only apply to sha256 -- not 'branch/tag' versions - name: Build and push Docker image uses: docker/build-push-action@v6 with: @@ -94,9 +91,7 @@ jobs: push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} + annotations: ${{ steps.meta.outputs.annotations }} platforms: linux/amd64,linux/arm64/v8 cache-from: type=registry,ref=${{ steps.meta.outputs.tags }} cache-to: type=registry,ref=${{ steps.meta.outputs.tags }},mode=max - outputs: > - type=image,name=${{ steps.meta.outputs.tags }}, - annotation-index.org.opencontainers.image.description=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.description'] }}