Skip to content

Deploy to Docker Hub #476

Deploy to Docker Hub

Deploy to Docker Hub #476

Workflow file for this run

name: Deploy to Docker Hub
on:
# Build and deploy the image on pushes to master branch
push:
branches:
- master
- main
workflow_dispatch:
# Build and deploy the image nightly (to ensure we pick up any security updates)
schedule:
- cron: "0 10 * * *"
jobs:
deploy_dockerhub_single_arch:
name: Deploy to DockerHub
runs-on: ubuntu-latest
strategy:
matrix:
docker-platform:
- linux/amd64
# Set job-wide environment variables
# - REPO: repo name on dockerhub
# - IMAGE: image name on dockerhub
env:
REPO: mikenye
IMAGE: postfix
PUSH: true
steps:
# Check out our code
-
name: Checkout
uses: actions/checkout@v4
# Hit an issue where arm builds would fail with cURL errors regarding intermediary certificates when downloading from github (ie: deploy-s6-overlay).
# After many hours of troubleshooting, the workaround is to pre-load the image's rootfs with the CA certificates from the runner.
# This problem may go away in future.
-
name: Copy CA Certificates from GitHub Runner to Image rootfs
run: |
ls -la /etc/ssl/certs/
mkdir -p ./rootfs/etc/ssl/certs
mkdir -p ./rootfs/usr/share/ca-certificates/mozilla
cp --no-dereference /etc/ssl/certs/*.crt ./rootfs/etc/ssl/certs
cp --no-dereference /etc/ssl/certs/*.pem ./rootfs/etc/ssl/certs
cp --no-dereference /usr/share/ca-certificates/mozilla/*.crt ./rootfs/usr/share/ca-certificates/mozilla
# Set up QEMU for multi-arch builds
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
# Log into docker hub (so we can push images)
-
name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
# Set up buildx for multi platform builds
-
name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
# Get archictecture suffix
-
name: Get image architecture suffix
run: |
echo "ARCH_TAG=$(echo '${{ matrix.docker-platform }}' | cut -d '/' -f2- | tr -s '/' '_')" >> $GITHUB_ENV
# Show archictecture suffix
-
name: Show image architecture suffix
run: |
echo "Architecture suffix: ${{ env.ARCH_TAG }}"
# Build "latest"
-
name: Build & Push - latest
uses: docker/build-push-action@v6
with:
context: .
file: ./Dockerfile
no-cache: true
platforms: ${{ matrix.docker-platform }}
push: ${{ env.PUSH }}
tags: ${{ env.REPO }}/${{ env.IMAGE }}:latest
# Get version from "latest"
-
name: Get latest image version
run: |
docker pull "${{ env.REPO }}/${{ env.IMAGE }}:latest"
echo "VERSION_TAG=$(docker run --rm --entrypoint cat "${{ env.REPO }}/${{ env.IMAGE }}:latest" /CONTAINER_VERSION)" >> $GITHUB_ENV
# Show version from "latest"
-
name: Show latest image version
run: |
echo "${{ env.REPO }}/${{ env.IMAGE }}:latest contains version: ${{ env.VERSION_TAG }}"
# Build version specific
-
name: Build & Push - version specific
uses: docker/build-push-action@v6
with:
context: .
file: ./Dockerfile
no-cache: true
platforms: ${{ matrix.docker-platform }}
push: ${{ env.PUSH }}
tags: ${{ env.REPO }}/${{ env.IMAGE }}:${{ env.VERSION_TAG }}
deploy_ghcrio_single_arch:
name: Deploy to GitHub Container Registry
runs-on: ubuntu-latest
strategy:
matrix:
docker-platform:
- linux/amd64
# Set job-wide environment variables
# - REPO: repo name on dockerhub
# - IMAGE: image name on dockerhub
env:
REPO: mikenye
IMAGE: postfix
PUSH: true
steps:
# Check out our code
-
name: Checkout
uses: actions/checkout@v4
# Hit an issue where arm builds would fail with cURL errors regarding intermediary certificates when downloading from github (ie: deploy-s6-overlay).
# After many hours of troubleshooting, the workaround is to pre-load the image's rootfs with the CA certificates from the runner.
# This problem may go away in future.
-
name: Copy CA Certificates from GitHub Runner to Image rootfs
run: |
ls -la /etc/ssl/certs/
mkdir -p ./rootfs/etc/ssl/certs
mkdir -p ./rootfs/usr/share/ca-certificates/mozilla
cp --no-dereference /etc/ssl/certs/*.crt ./rootfs/etc/ssl/certs
cp --no-dereference /etc/ssl/certs/*.pem ./rootfs/etc/ssl/certs
cp --no-dereference /usr/share/ca-certificates/mozilla/*.crt ./rootfs/usr/share/ca-certificates/mozilla
# Set up QEMU for multi-arch builds
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
# Log into docker hub (so we can push images)
-
name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# Set up buildx for multi platform builds
-
name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
# Get archictecture suffix
-
name: Get image architecture suffix
run: |
echo "ARCH_TAG=$(echo '${{ matrix.docker-platform }}' | cut -d '/' -f2- | tr -s '/' '_')" >> $GITHUB_ENV
# Show archictecture suffix
-
name: Show image architecture suffix
run: |
echo "Architecture suffix: ${{ env.ARCH_TAG }}"
# Build "latest"
-
name: Build & Push - latest
uses: docker/build-push-action@v6
with:
context: .
file: ./Dockerfile
no-cache: true
platforms: ${{ matrix.docker-platform }}
push: ${{ env.PUSH }}
tags: ghcr.io/${{ env.REPO }}/${{ env.IMAGE }}:latest
# Get version from "latest"
-
name: Get latest image version
run: |
docker pull "ghcr.io/${{ env.REPO }}/${{ env.IMAGE }}:latest"
echo "VERSION_TAG=$(docker run --rm --entrypoint cat "ghcr.io/${{ env.REPO }}/${{ env.IMAGE }}:latest" /CONTAINER_VERSION)" >> $GITHUB_ENV
# Show version from "latest"
-
name: Show latest image version
run: |
echo "ghcr.io/${{ env.REPO }}/${{ env.IMAGE }}:latest contains version: ${{ env.VERSION_TAG }}"
# Build version specific
-
name: Build & Push - version specific
uses: docker/build-push-action@v6
with:
context: .
file: ./Dockerfile
no-cache: true
platforms: ${{ matrix.docker-platform }}
push: ${{ env.PUSH }}
tags: ghcr.io/${{ env.REPO }}/${{ env.IMAGE }}:${{ env.VERSION_TAG }}