|
| 1 | +name: Build and Push Docker Image |
| 2 | + |
| 3 | +on: |
| 4 | + push: |
| 5 | + tags: "v[0-9]+.[0-9]+.[0-9]+" |
| 6 | + |
| 7 | +jobs: |
| 8 | + build-and-push: |
| 9 | + runs-on: ubuntu-latest |
| 10 | + |
| 11 | + steps: |
| 12 | + - name: Checkout repo |
| 13 | + uses: actions/checkout@v3 |
| 14 | + with: |
| 15 | + fetch-depth: 0 |
| 16 | + |
| 17 | + - name: Get the version |
| 18 | + id: get_version |
| 19 | + run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT |
| 20 | + |
| 21 | + - name: Set lowercase repository name |
| 22 | + id: set_repo |
| 23 | + run: echo "REPO_NAME=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT |
| 24 | + |
| 25 | + - name: Log in to GitHub Container Registry |
| 26 | + run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin |
| 27 | + |
| 28 | + - name: Build Docker image |
| 29 | + id: build |
| 30 | + run: | |
| 31 | + docker build -t ghcr.io/${{ steps.set_repo.outputs.REPO_NAME }}:latest -f Dockerfile . |
| 32 | +
|
| 33 | +
|
| 34 | + - name: Push Docker image |
| 35 | + id: push |
| 36 | + run: | |
| 37 | + # Push latest first |
| 38 | + docker push ghcr.io/${{ steps.set_repo.outputs.REPO_NAME }}:latest |
| 39 | + # Tag with version and push |
| 40 | + docker tag ghcr.io/${{ steps.set_repo.outputs.REPO_NAME }}:latest ghcr.io/${{ steps.set_repo.outputs.REPO_NAME }}:${{ steps.get_version.outputs.VERSION }} |
| 41 | + docker push ghcr.io/${{ steps.set_repo.outputs.REPO_NAME }}:${{ steps.get_version.outputs.VERSION }} |
| 42 | +
|
| 43 | + # Get the manifest digest after pushing |
| 44 | + MANIFEST_DIGEST=$(docker inspect ghcr.io/${{ steps.set_repo.outputs.REPO_NAME }}:latest --format='{{index .RepoDigests 0}}' | cut -d'@' -f2 | cut -d':' -f2) |
| 45 | + echo "IMAGE_HASH=${MANIFEST_DIGEST}" >> $GITHUB_OUTPUT |
| 46 | +
|
| 47 | + - name: Generate docker-compose-secretvm.yaml |
| 48 | + run: | |
| 49 | + cat > docker-compose-secretvm.yaml << EOL |
| 50 | + # Release: https://github.com/${{ github.repository }}/releases/tag/${{ steps.get_version.outputs.VERSION }} |
| 51 | + # Workflow URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} |
| 52 | + # Commit: https://github.com/${{ github.repository }}/commit/${{ github.sha }} |
| 53 | + version: '3' |
| 54 | + services: |
| 55 | + app: |
| 56 | + image: ghcr.io/${{ steps.set_repo.outputs.REPO_NAME }}@sha256:${{ steps.push.outputs.IMAGE_HASH }} |
| 57 | + ports: |
| 58 | + - '8000:8000' |
| 59 | + EOL |
| 60 | +
|
| 61 | + - name: Commit docker-compose-secretvm.yaml |
| 62 | + run: | |
| 63 | + # Fetch all branches |
| 64 | + git fetch origin |
| 65 | + |
| 66 | + # Get the branch where the workflow file was committed |
| 67 | + BRANCH_NAME="${{ github.event.repository.default_branch }}" |
| 68 | + |
| 69 | + # Checkout the branch |
| 70 | + git checkout $BRANCH_NAME |
| 71 | + |
| 72 | + # Configure git |
| 73 | + git config user.name github-actions |
| 74 | + git config user.email [email protected] |
| 75 | + |
| 76 | + # Add and commit changes |
| 77 | + git add docker-compose-secretvm.yaml |
| 78 | + if git diff --staged --quiet; then |
| 79 | + echo "No changes to commit" |
| 80 | + else |
| 81 | + git commit -m "Update docker-compose-secretvm.yaml for version ${{ steps.get_version.outputs.VERSION }}" |
| 82 | + git push origin $BRANCH_NAME |
| 83 | + fi |
| 84 | +
|
| 85 | + - name: Output Image URL |
| 86 | + run: | |
| 87 | + echo "IMAGE_URL=ghcr.io/${{ steps.set_repo.outputs.REPO_NAME }}:${{ steps.get_version.outputs.VERSION }}" >> $GITHUB_OUTPUT |
| 88 | + echo "WORKFLOW_ID=${{ github.run_id }}" >> $GITHUB_OUTPUT |
| 89 | +
|
| 90 | + - name: Notify Workflow Status |
| 91 | + if: always() |
| 92 | + run: | |
| 93 | + echo "Workflow Status: ${{ job.status }}" |
| 94 | + echo "Image URL: ghcr.io/${{ steps.set_repo.outputs.REPO_NAME }}:${{ steps.get_version.outputs.VERSION }}" |
| 95 | + echo "Workflow ID: ${{ github.run_id }}" |
0 commit comments