diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a150e4ef..9a26f9c9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,10 +9,14 @@ on: env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} + IMAGE_AUTOMATION_TEST: automation-test + IMAGE_UBUNTU: ubuntu-latest + IMAGE_PHP: php-latest jobs: + # job inspect-code inspect-code: - name: '[Required] Inspect code' + name: 'Inspect code' runs-on: ubuntu-latest steps: - name: Check out repository @@ -31,6 +35,7 @@ jobs: - name: Check code run: ls -all + # job manual, workflow manual manual: name: 'Manual workflow' runs-on: ubuntu-latest @@ -50,7 +55,8 @@ jobs: TEST: true - name: Check code run: ls -all - + + # job automation, workflow automation automation: name: 'Automation workflow' runs-on: ubuntu-latest @@ -70,9 +76,38 @@ jobs: TEST: true - name: Check code run: ls -all - + - name: Set up date and time variable + run: echo "DATE_TIME=$(TZ='Asia/Tokyo' date '+%Y-%m-%d-%H-%M-%S')" >> $GITHUB_ENV + - name: Log in to Docker Hub # https://github.com/docker/login-action + # uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + - name: Log in to the Container registry # https://github.com/docker/login-action + # uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract metadata (tags, labels) for Docker # https://github.com/docker/metadata-action + id: meta + # uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 # using hash + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=raw,${{ env.IMAGE_AUTOMATION_TEST }}-${{ env.DATE_TIME }} + type=ref,enable=true,priority=600,prefix=${{ env.IMAGE_AUTOMATION_TEST }}-,event=branch + type=ref,enable=true,priority=600,prefix=${{ env.IMAGE_AUTOMATION_TEST }}-,event=pr + type=schedule,pattern={{date 'YYYYMMDD-hhmmss' tz='Asia/Tokyo'}} + type=semver,pattern={{raw}} # TODO release only + type=sha # TODO release only + # OS - # Ubuntu + # Ubuntu - manual build and test + # job build ubuntu latest manual build-ubuntu-latest-manual: name: '[Manual] Build Ubuntu latest' needs: manual @@ -80,7 +115,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: Set up date and time variable - run: echo "DATE_TIME=$(date '+%Y-%m-%d-%H-%M-%S')" >> $GITHUB_ENV + run: echo "DATE_TIME=$(TZ='Asia/Tokyo' date '+%Y-%m-%d-%H-%M-%S')" >> $GITHUB_ENV - name: Output date and time run: | ls -all;pwd;whoami; @@ -103,6 +138,7 @@ jobs: # docker push ubuntu-latest:${{ env.DATE_TIME }} # docker push ghcr.io/lecaoquochung/ubuntu-latest:${{ env.DATE_TIME }} + # Ubuntu - automation build and push build-ubuntu-latest: name: '[Auto] Build Ubuntu latest' needs: automation @@ -116,48 +152,44 @@ jobs: steps: - name: Check out the repo uses: actions/checkout@v4 - - name: Set up date and time variable - run: echo "DATE_TIME=$(date '+%Y-%m-%d-%H-%M-%S')" >> $GITHUB_ENV - - - name: Log in to Docker Hub - uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a + run: echo "DATE_TIME=$(TZ='Asia/Tokyo' date '+%Y-%m-%d-%H-%M-%S')" >> $GITHUB_ENV + - name: Log in to Docker Hub # https://github.com/docker/login-action + # uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - - - name: Log in to the Container registry - uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + - name: Log in to the Container registry # https://github.com/docker/login-action + # uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - # https://github.com/docker/metadata-action - - name: Extract metadata (tags, labels) for Docker + - name: Extract metadata (tags, labels) for Docker # https://github.com/docker/metadata-action id: meta # uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 # using hash uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | - type=raw,${{ env.DATE_TIME }} - type=ref,event=branch - type=ref,event=pr - type=schedule,pattern={{date 'YYYYMMDD-hhmmss' tz='Asia/Tokyo'}} - type=semver,pattern={{raw}} - # type=sha # Can be used with released - - - name: Build and push Docker images + type=raw,${{ env.IMAGE_UBUNTU }}-${{ env.DATE_TIME }} + type=ref,enable=true,priority=600,prefix=${{ env.IMAGE_UBUNTU }}-,event=branch + type=ref,enable=true,priority=600,prefix=${{ env.IMAGE_UBUNTU }}-,event=pr + # type=schedule,pattern={{date 'YYYYMMDD-hhmmss' tz='Asia/Tokyo'}} + # type=semver,pattern={{raw}} # TODO release only + # type=sha # TODO release only + - name: Build and push Docker images # https://github.com/docker/build-push-action id: push - uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 + # uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 + uses: docker/build-push-action@v6 with: context: . file: ./ubuntu/latest.Dockerfile push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - - name: Generate artifact attestation uses: actions/attest-build-provenance@v2 with: @@ -267,6 +299,58 @@ jobs: - uses: actions/checkout@v4 - name: php-fpm run: docker build . --file ./php/latest.Dockerfile --tag "php:$(date +%s)" + + build-php-latest: + name: '[Auto] Build PHP latest' + needs: automation + runs-on: ubuntu-latest + environment: CI + permissions: + packages: write + contents: read + attestations: write + id-token: write + steps: + - name: Check out the repo + uses: actions/checkout@v4 + - name: Set up date and time variable + run: echo "DATE_TIME=$(TZ='Asia/Tokyo' date '+%Y-%m-%d-%H-%M-%S')" >> $GITHUB_ENV + - name: Log in to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + - name: Log in to the Container registry + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract metadata (tags, labels) for Docker # https://github.com/docker/metadata-action + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=raw,${{ env.IMAGE_PHP }}-${{ env.DATE_TIME }} + type=ref,enable=true,priority=600,prefix=${{ env.IMAGE_PHP }}-,event=branch + type=ref,enable=true,priority=600,prefix=${{ env.IMAGE_PHP }}-,event=pr + - name: Build and push Docker images + id: push + uses: docker/build-push-action@v6 + with: + context: . + file: ./php/latest.Dockerfile + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v2 + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true + build-php-beta-manual: name: '[Manual] Build PHP beta' needs: manual diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000..4a1352cf --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,132 @@ +name: Release + +on: + release: + types: + - published + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + IMAGE_AUTOMATION_TEST: automation-test + IMAGE_UBUNTU: ubuntu-latest + IMAGE_PHP: php-latest + +jobs: + automation: + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + packages: write + steps: + - + name: Checkout + uses: actions/checkout@v4 + - + name: Publish + uses: actions/publish-immutable-action@v0.0.4 + + release-ubuntu-latest: + name: '[Auto] Release Ubuntu latest' + needs: automation + runs-on: ubuntu-latest + environment: CI + permissions: + packages: write + contents: read + attestations: write + id-token: write + steps: + - name: Check out the repo + uses: actions/checkout@v4 + - name: Set up date and time variable + run: echo "DATE_TIME=$(TZ='Asia/Tokyo' date '+%Y-%m-%d-%H-%M-%S')" >> $GITHUB_ENV + - name: Log in to Docker Hub # https://github.com/docker/login-action + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + - name: Log in to the Container registry # https://github.com/docker/login-action + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract metadata (tags, labels) for Docker # https://github.com/docker/metadata-action + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=raw,${{ env.IMAGE_UBUNTU }} + type=ref,enable=true,priority=600,prefix=${{ env.IMAGE_UBUNTU }}-,event=branch + type=semver,enable=true,priority=900,prefix=${{ env.IMAGE_UBUNTU }}-,pattern={{raw}} + type=sha,enable=true,priority=100,prefix=${{ env.IMAGE_UBUNTU }}-sha-,suffix=,format=short + - name: Build and push Docker images # https://github.com/docker/build-push-action + id: push + uses: docker/build-push-action@v6 + with: + context: . + file: ./ubuntu/latest.Dockerfile + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v2 + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true + + release-php-latest: + name: '[Auto] Release PHP latest' + needs: automation + runs-on: ubuntu-latest + environment: CI + permissions: + packages: write + contents: read + attestations: write + id-token: write + steps: + - name: Check out the repo + uses: actions/checkout@v4 + - name: Set up date and time variable + run: echo "DATE_TIME=$(TZ='Asia/Tokyo' date '+%Y-%m-%d-%H-%M-%S')" >> $GITHUB_ENV + - name: Log in to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + - name: Log in to the Container registry + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract metadata (tags, labels) for Docker # https://github.com/docker/metadata-action + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=raw,${{ env.IMAGE_PHP }} + type=ref,enable=true,priority=600,prefix=${{ env.IMAGE_PHP }}-,event=branch + type=semver,enable=true,priority=900,prefix=${{ env.IMAGE_PHP }}-,pattern={{raw}} + type=sha,enable=true,priority=100,prefix=${{ env.IMAGE_PHP }}-sha-,suffix=,format=short + - name: Build and push Docker images + id: push + uses: docker/build-push-action@v6 + with: + context: . + file: ./php/latest.Dockerfile + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v2 + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true \ No newline at end of file