Deploy to Docker Hub #476
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy to Docker Hub | |
on: | |
# Build and deploy the image on pushes to master branch | |
push: | |
branches: | |
- master | |
- main | |
workflow_dispatch: | |
# Build and deploy the image nightly (to ensure we pick up any security updates) | |
schedule: | |
- cron: "0 10 * * *" | |
jobs: | |
deploy_dockerhub_single_arch: | |
name: Deploy to DockerHub | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
docker-platform: | |
- linux/amd64 | |
# Set job-wide environment variables | |
# - REPO: repo name on dockerhub | |
# - IMAGE: image name on dockerhub | |
env: | |
REPO: mikenye | |
IMAGE: postfix | |
PUSH: true | |
steps: | |
# Check out our code | |
- | |
name: Checkout | |
uses: actions/checkout@v4 | |
# Hit an issue where arm builds would fail with cURL errors regarding intermediary certificates when downloading from github (ie: deploy-s6-overlay). | |
# After many hours of troubleshooting, the workaround is to pre-load the image's rootfs with the CA certificates from the runner. | |
# This problem may go away in future. | |
- | |
name: Copy CA Certificates from GitHub Runner to Image rootfs | |
run: | | |
ls -la /etc/ssl/certs/ | |
mkdir -p ./rootfs/etc/ssl/certs | |
mkdir -p ./rootfs/usr/share/ca-certificates/mozilla | |
cp --no-dereference /etc/ssl/certs/*.crt ./rootfs/etc/ssl/certs | |
cp --no-dereference /etc/ssl/certs/*.pem ./rootfs/etc/ssl/certs | |
cp --no-dereference /usr/share/ca-certificates/mozilla/*.crt ./rootfs/usr/share/ca-certificates/mozilla | |
# Set up QEMU for multi-arch builds | |
- | |
name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
# Log into docker hub (so we can push images) | |
- | |
name: Login to DockerHub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
# Set up buildx for multi platform builds | |
- | |
name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v3 | |
# Get archictecture suffix | |
- | |
name: Get image architecture suffix | |
run: | | |
echo "ARCH_TAG=$(echo '${{ matrix.docker-platform }}' | cut -d '/' -f2- | tr -s '/' '_')" >> $GITHUB_ENV | |
# Show archictecture suffix | |
- | |
name: Show image architecture suffix | |
run: | | |
echo "Architecture suffix: ${{ env.ARCH_TAG }}" | |
# Build "latest" | |
- | |
name: Build & Push - latest | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
file: ./Dockerfile | |
no-cache: true | |
platforms: ${{ matrix.docker-platform }} | |
push: ${{ env.PUSH }} | |
tags: ${{ env.REPO }}/${{ env.IMAGE }}:latest | |
# Get version from "latest" | |
- | |
name: Get latest image version | |
run: | | |
docker pull "${{ env.REPO }}/${{ env.IMAGE }}:latest" | |
echo "VERSION_TAG=$(docker run --rm --entrypoint cat "${{ env.REPO }}/${{ env.IMAGE }}:latest" /CONTAINER_VERSION)" >> $GITHUB_ENV | |
# Show version from "latest" | |
- | |
name: Show latest image version | |
run: | | |
echo "${{ env.REPO }}/${{ env.IMAGE }}:latest contains version: ${{ env.VERSION_TAG }}" | |
# Build version specific | |
- | |
name: Build & Push - version specific | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
file: ./Dockerfile | |
no-cache: true | |
platforms: ${{ matrix.docker-platform }} | |
push: ${{ env.PUSH }} | |
tags: ${{ env.REPO }}/${{ env.IMAGE }}:${{ env.VERSION_TAG }} | |
deploy_ghcrio_single_arch: | |
name: Deploy to GitHub Container Registry | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
docker-platform: | |
- linux/amd64 | |
# Set job-wide environment variables | |
# - REPO: repo name on dockerhub | |
# - IMAGE: image name on dockerhub | |
env: | |
REPO: mikenye | |
IMAGE: postfix | |
PUSH: true | |
steps: | |
# Check out our code | |
- | |
name: Checkout | |
uses: actions/checkout@v4 | |
# Hit an issue where arm builds would fail with cURL errors regarding intermediary certificates when downloading from github (ie: deploy-s6-overlay). | |
# After many hours of troubleshooting, the workaround is to pre-load the image's rootfs with the CA certificates from the runner. | |
# This problem may go away in future. | |
- | |
name: Copy CA Certificates from GitHub Runner to Image rootfs | |
run: | | |
ls -la /etc/ssl/certs/ | |
mkdir -p ./rootfs/etc/ssl/certs | |
mkdir -p ./rootfs/usr/share/ca-certificates/mozilla | |
cp --no-dereference /etc/ssl/certs/*.crt ./rootfs/etc/ssl/certs | |
cp --no-dereference /etc/ssl/certs/*.pem ./rootfs/etc/ssl/certs | |
cp --no-dereference /usr/share/ca-certificates/mozilla/*.crt ./rootfs/usr/share/ca-certificates/mozilla | |
# Set up QEMU for multi-arch builds | |
- | |
name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
# Log into docker hub (so we can push images) | |
- | |
name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
# Set up buildx for multi platform builds | |
- | |
name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v3 | |
# Get archictecture suffix | |
- | |
name: Get image architecture suffix | |
run: | | |
echo "ARCH_TAG=$(echo '${{ matrix.docker-platform }}' | cut -d '/' -f2- | tr -s '/' '_')" >> $GITHUB_ENV | |
# Show archictecture suffix | |
- | |
name: Show image architecture suffix | |
run: | | |
echo "Architecture suffix: ${{ env.ARCH_TAG }}" | |
# Build "latest" | |
- | |
name: Build & Push - latest | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
file: ./Dockerfile | |
no-cache: true | |
platforms: ${{ matrix.docker-platform }} | |
push: ${{ env.PUSH }} | |
tags: ghcr.io/${{ env.REPO }}/${{ env.IMAGE }}:latest | |
# Get version from "latest" | |
- | |
name: Get latest image version | |
run: | | |
docker pull "ghcr.io/${{ env.REPO }}/${{ env.IMAGE }}:latest" | |
echo "VERSION_TAG=$(docker run --rm --entrypoint cat "ghcr.io/${{ env.REPO }}/${{ env.IMAGE }}:latest" /CONTAINER_VERSION)" >> $GITHUB_ENV | |
# Show version from "latest" | |
- | |
name: Show latest image version | |
run: | | |
echo "ghcr.io/${{ env.REPO }}/${{ env.IMAGE }}:latest contains version: ${{ env.VERSION_TAG }}" | |
# Build version specific | |
- | |
name: Build & Push - version specific | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
file: ./Dockerfile | |
no-cache: true | |
platforms: ${{ matrix.docker-platform }} | |
push: ${{ env.PUSH }} | |
tags: ghcr.io/${{ env.REPO }}/${{ env.IMAGE }}:${{ env.VERSION_TAG }} |