main #147
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: main | |
on: | |
schedule: | |
# update the pointers once a week | |
# https://crontab.guru/once-a-week | |
- cron: "0 0 * * 0" | |
push: | |
branches: main | |
env: | |
TARGET_PLATFORMS: linux/amd64,linux/arm64/v8 | |
jobs: | |
docker: | |
strategy: | |
fail-fast: false | |
matrix: | |
repository: | |
- 'ghcr.io' | |
- 'docker.io' | |
python: | |
- '3.13' | |
- '3.12' | |
- '3.11' | |
- '3.10' | |
- '3.9' | |
- '3.8' | |
alpine: | |
- '3.20' | |
- '3.21' | |
os: | |
- 'ubuntu-latest' | |
exclude: | |
# No tag | |
- python: '3.8' | |
alpine: '3.21' | |
runs-on: ${{ matrix.os }} | |
permissions: | |
packages: write | |
steps: | |
- | |
name: Checkout | |
uses: actions/checkout@v4 | |
- | |
name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- | |
name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- | |
id: image_env | |
run: | | |
. ./env.sh \ | |
'${{ matrix.alpine }}' \ | |
'${{ matrix.python }}' \ | |
'${{ github.repository_owner }}' \ | |
'${{ matrix.repository }}' | |
docker pull "${SOURCE_IMAGE}" || true | |
echo "IMAGE_HOME=$(mktemp -d)" >> "$GITHUB_OUTPUT" | |
echo ALPINE_VERSION="${ALPINE_VERSION}" >> "$GITHUB_OUTPUT" | |
echo PYTHON_VERSION="${PYTHON_VERSION}" >> "$GITHUB_OUTPUT" | |
echo SOURCE_IMAGE="${SOURCE_IMAGE}" >> "$GITHUB_OUTPUT" | |
echo IMAGE_TAG="${IMAGE_TAG}" >> "$GITHUB_OUTPUT" | |
echo REPOSITORY="${REPOSITORY}" >> "$GITHUB_OUTPUT" | |
echo BASE_IMAGE_DIGEST="$(digest_of "$SOURCE_IMAGE")" >> "$GITHUB_OUTPUT" | |
echo 'IMAGE_DESCRIPTION=${{ github.event.repository.description }}. See ${{ github.server_url }}/${{ github.repository }} for more info.' >> "$GITHUB_OUTPUT" | |
- | |
name: Login to GitHub Container Registry | |
if: ${{ matrix.repository == 'ghcr.io' }} | |
uses: docker/login-action@v3 | |
with: | |
registry: 'ghcr.io' | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- | |
name: Login to DockerHub | |
if: ${{ matrix.repository == 'docker.io' }} | |
uses: docker/login-action@v3 | |
with: | |
registry: 'docker.io' | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- | |
name: Upload Buildroot | |
uses: docker/build-push-action@v6 | |
with: | |
push: true | |
platforms: ${{ env.TARGET_PLATFORMS }} | |
context: "." | |
file: Dockerfile.alpine | |
target: buildroot | |
cache-to: | | |
type=gha,mode=max | |
cache-from: | | |
type=gha | |
type=registry,ref=${{ steps.image_env.outputs.IMAGE_TAG }}-buildroot | |
type=registry,ref=${{ steps.image_env.outputs.SOURCE_IMAGE }}@${{ steps.image_env.outputs.BASE_IMAGE_DIGEST }} | |
build-args: | | |
ALPINE_VERSION=${{ steps.image_env.outputs.ALPINE_VERSION }} | |
BASE_IMAGE_DIGEST=${{ steps.image_env.outputs.BASE_IMAGE_DIGEST }} | |
PYTHON_VERSION=${{ steps.image_env.outputs.PYTHON_VERSION }} | |
SOURCE_IMAGE=${{ steps.image_env.outputs.SOURCE_IMAGE }} | |
BUILD_ROOT=/d | |
tags: "${{ steps.image_env.outputs.IMAGE_TAG }}-buildroot" | |
- | |
name: Upload | |
uses: docker/build-push-action@v6 | |
env: | |
SOURCE_DATE_EPOCH: 0 | |
with: | |
push: true | |
context: "." | |
platforms: ${{ env.TARGET_PLATFORMS }} | |
file: Dockerfile.alpine | |
cache-to: | | |
type=gha,mode=max | |
cache-from: | | |
type=gha | |
type=registry,ref=${{ steps.image_env.outputs.IMAGE_TAG }} | |
type=registry,ref=${{ steps.image_env.outputs.IMAGE_TAG }}-buildroot | |
type=registry,ref=${{ steps.image_env.outputs.SOURCE_IMAGE }}@${{ steps.image_env.outputs.BASE_IMAGE_DIGEST }} | |
build-args: | | |
ALPINE_VERSION=${{ steps.image_env.outputs.ALPINE_VERSION }} | |
BASE_IMAGE_DIGEST=${{ steps.image_env.outputs.BASE_IMAGE_DIGEST }} | |
PYTHON_VERSION=${{ steps.image_env.outputs.PYTHON_VERSION }} | |
SOURCE_IMAGE=${{ steps.image_env.outputs.SOURCE_IMAGE }} | |
BUILD_ROOT=/d | |
tags: "${{ steps.image_env.outputs.IMAGE_TAG }}" | |
labels: ${{steps.image_env.outputs.IMAGE_LABELS}} | |
sbom: true | |
annotations: | | |
index,manifest:org.opencontainers.image.authors=distroless-python image developers <[email protected]> | |
index,manifest:org.opencontainers.image.source=https://github.com/autumnjolitz/distroless-python | |
index,manifest:org.opencontainers.image.title=distroless-python${{ steps.image_env.outputs.PYTHON_VERSION }}-alpine${{ steps.image_env.outputs.ALPINE_VERSION }} | |
index,manifest:org.opencontainers.image.description=${{ steps.image_env.outputs.IMAGE_DESCRIPTION }} | |
index,manifest:org.opencontainers.image.base.digest=${{ steps.image_env.outputs.BASE_IMAGE_DIGEST }} | |
index,manifest:org.opencontainers.image.base.name=${{ steps.image_env.outputs.SOURCE_IMAGE }} | |
index,manifest:distroless.python-version=${{ steps.image_env.outputs.PYTHON_VERSION }} | |
index,manifest:distroless.alpine-version=${{ steps.image_env.outputs.ALPINE_VERSION }} | |
index,manifest:distroless.base-image=alpine${{ steps.image_env.outputs.ALPINE_VERSION }} | |
- | |
name: examples/simple-flask | |
uses: docker/build-push-action@v6 | |
with: | |
context: "examples/simple-flask" | |
platforms: ${{ env.TARGET_PLATFORMS }} | |
cache-from: | | |
type=gha | |
type=registry,ref=${{ steps.image_env.outputs.IMAGE_TAG }} | |
type=registry,ref=${{ steps.image_env.outputs.IMAGE_TAG }}-buildroot | |
type=registry,ref=${{ steps.image_env.outputs.SOURCE_IMAGE }}@${{ steps.image_env.outputs.BASE_IMAGE_DIGEST }} | |
build-args: | | |
SOURCE_IMAGE=${{ steps.image_env.outputs.IMAGE_TAG }} | |
tags: "${{ steps.image_env.outputs.IMAGE_TAG }}-example1-amd64" | |
outputs: type=oci,dest=${{ steps.image_env.outputs.IMAGE_HOME }}/example1.tar | |
update-dockerhub-desc: | |
needs: [docker] | |
runs-on: "ubuntu-latest" | |
steps: | |
- | |
name: Checkout | |
uses: actions/checkout@v4 | |
- | |
name: Convert README.rst to markdown | |
uses: docker://pandoc/core:2.9 | |
with: | |
args: >- | |
-s | |
--wrap=none | |
-t gfm | |
-o README.md | |
README.rst | |
- name: Update repo description | |
uses: peter-evans/dockerhub-description@e98e4d1628a5f3be2be7c231e50981aee98723ae # v4.0.0 | |
with: | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
short-description: ${{ github.event.repository.description }} |