From c8e23c753e7271b8e39b2de1d64aa31e02b9f16e Mon Sep 17 00:00:00 2001 From: mac641 Date: Fri, 13 Jun 2025 16:56:01 +0200 Subject: [PATCH] ci: introduce standard docker workflow and add generating sbom in container images --- .github/workflows/docker.yaml | 49 ++++++++++++++++++++++++++++++++++ .github/workflows/master.yaml | 35 ------------------------ .github/workflows/release.yaml | 32 ---------------------- 3 files changed, 49 insertions(+), 67 deletions(-) create mode 100644 .github/workflows/docker.yaml delete mode 100644 .github/workflows/master.yaml delete mode 100644 .github/workflows/release.yaml diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml new file mode 100644 index 0000000..8930f53 --- /dev/null +++ b/.github/workflows/docker.yaml @@ -0,0 +1,49 @@ +name: Docker Image from master + +on: + pull_request: + branches: + - master + release: + types: + - published + push: + branches: + - master + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Fetch tags # fetch-tags does not work + run: git fetch --prune --unshallow --tags + + - name: Make tag + run: | + [ "${GITHUB_EVENT_NAME}" == 'pull_request' ] && echo "TAG_NAME=$(echo $GITHUB_REF | awk -F / '{print $3}')-${GITHUB_HEAD_REF##*/}" >> $GITHUB_ENV || true + [ "${GITHUB_EVENT_NAME}" == 'release' ] && echo "TAG_NAME=${GITHUB_REF##*/}" >> $GITHUB_ENV || true + [ "${GITHUB_EVENT_NAME}" == 'push' ] && echo "TAG_NAME=latest" >> $GITHUB_ENV || true + + - name: Docker Login + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ secrets.DOCKER_REGISTRY_USER }} + password: ${{ secrets.DOCKER_REGISTRY_TOKEN }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build and push image + uses: docker/build-push-action@v6 + with: + context: . + push: true + sbom: true + tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.TAG_NAME }} diff --git a/.github/workflows/master.yaml b/.github/workflows/master.yaml deleted file mode 100644 index 02defbb..0000000 --- a/.github/workflows/master.yaml +++ /dev/null @@ -1,35 +0,0 @@ -name: Docker Image from master - -on: - push: - branches: - - master - -jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - name: Docker Login - uses: docker/login-action@v1 - with: - registry: ${{ secrets.DOCKER_REGISTRY }} - username: ${{ secrets.DOCKER_REGISTRY_USER }} - password: ${{ secrets.DOCKER_REGISTRY_TOKEN }} - - - name: Docker Login - uses: docker/login-action@v1 - with: - registry: docker.io - username: ${{ secrets.DOCKER_HUB_USER }} - password: ${{ secrets.DOCKER_HUB_TOKEN }} - - - name: Build the latest Docker image - run: | - docker build -t metalstack/builder -t ghcr.io/metal-stack/builder . - - - name: Push the latest image - run: | - docker push metalstack/builder - docker push ghcr.io/metal-stack/builder diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml deleted file mode 100644 index 02cbe42..0000000 --- a/.github/workflows/release.yaml +++ /dev/null @@ -1,32 +0,0 @@ -name: Docker Image from release tags - -on: - release: - types: - - published - -jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - name: Docker Login - uses: docker/login-action@v1 - with: - registry: ${{ secrets.DOCKER_REGISTRY }} - username: ${{ secrets.DOCKER_REGISTRY_USER }} - password: ${{ secrets.DOCKER_REGISTRY_TOKEN }} - - - name: Docker Login - uses: docker/login-action@v1 - with: - registry: docker.io - username: ${{ secrets.DOCKER_HUB_USER }} - password: ${{ secrets.DOCKER_HUB_TOKEN }} - - - name: Build and push the released Docker images - run: | - docker build -t metalstack/builder:${GITHUB_REF##*/} -t ghcr.io/metal-stack/builder:${GITHUB_REF##*/} . - docker push metalstack/builder:${GITHUB_REF##*/} - docker push ghcr.io/metal-stack/builder:${GITHUB_REF##*/}