-
Notifications
You must be signed in to change notification settings - Fork 0
139 lines (133 loc) · 4.73 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
name: Release
on:
release:
types:
- published
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
IMAGE_AUTOMATION_TEST: automation-test
IMAGE_UBUNTU: ubuntu-latest
IMAGE_PHP: php-latest
jobs:
automation:
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
packages: write
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Validate
run:
# TODO Validate the Dockerfile
# https://docs.docker.com/build/checks/
docker build --help
# -
# name: Publish
# uses: actions/[email protected]
release-ubuntu-latest:
name: '[Auto] Release Ubuntu latest'
needs: automation
runs-on: ubuntu-latest
environment: CI
permissions:
packages: write
contents: read
attestations: write
id-token: write
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: Set up date and time variable
run: echo "DATE_TIME=$(TZ='Asia/Tokyo' date '+%Y-%m-%d-%H-%M-%S')" >> $GITHUB_ENV
- name: Log in to Docker Hub # https://github.com/docker/login-action
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Log in to the Container registry # https://github.com/docker/login-action
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker # https://github.com/docker/metadata-action
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=raw,${{ env.IMAGE_UBUNTU }}
type=ref,enable=true,priority=600,prefix=${{ env.IMAGE_UBUNTU }}-,event=branch
type=semver,enable=true,priority=900,prefix=${{ env.IMAGE_UBUNTU }}-,pattern={{raw}}
type=sha,enable=true,priority=100,prefix=${{ env.IMAGE_UBUNTU }}-sha-,suffix=,format=short
- name: Build and push Docker images # https://github.com/docker/build-push-action
id: push
uses: docker/build-push-action@v6
with:
context: .
file: ./ubuntu/latest.Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v2
with:
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true
release-php-latest:
name: '[Auto] Release PHP latest'
needs: automation
runs-on: ubuntu-latest
environment: CI
permissions:
packages: write
contents: read
attestations: write
id-token: write
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: Set up date and time variable
run: echo "DATE_TIME=$(TZ='Asia/Tokyo' date '+%Y-%m-%d-%H-%M-%S')" >> $GITHUB_ENV
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker # https://github.com/docker/metadata-action
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=raw,${{ env.IMAGE_PHP }}
type=ref,enable=true,priority=600,prefix=${{ env.IMAGE_PHP }}-,event=branch
type=semver,enable=true,priority=900,prefix=${{ env.IMAGE_PHP }}-,pattern={{raw}}
type=sha,enable=true,priority=100,prefix=${{ env.IMAGE_PHP }}-sha-,suffix=,format=short
- name: Build and push Docker images
id: push
uses: docker/build-push-action@v6
with:
context: .
file: ./php/latest.Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v2
with:
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true