Add step to copy to external registries #48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: DockerPublish | |
| on: | |
| workflow_dispatch: | |
| push: | |
| env: | |
| # Only push images on forks or the main branch | |
| PUSH_IMAGE: ${{ (github.ref_name == 'master') || (github.repository_owner != 'moos-ivp') }} | |
| jobs: | |
| prepare: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| commit_time: ${{ steps.prepare.outputs.COMMIT_TIMESTAMP }} | |
| registry_image: ${{ steps.prepare.outputs.REGISTRY_IMAGE }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Prepare various metadata | |
| id: prepare | |
| run: | | |
| # Get the commit timestamp | |
| export "COMMIT_TIMESTAMP=$(git log -1 --pretty=%ct)" | |
| echo "COMMIT_TIMESTAMP=${COMMIT_TIMESTAMP}" >> $GITHUB_OUTPUT | |
| # Lowercase the repository name | |
| UNSANITIZED_REGISTRY_IMAGE="ghcr.io/${{ github.repository }}" | |
| echo "REGISTRY_IMAGE=${UNSANITIZED_REGISTRY_IMAGE,,}" >> $GITHUB_OUTPUT | |
| # Print it for our audience | |
| cat $GITHUB_OUTPUT | |
| build-minrobot: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - prepare | |
| env: | |
| SOURCE_DATE_EPOCH: ${{ needs.prepare.outputs.commit_time }} | |
| REGISTRY_IMAGE: ${{ needs.prepare.outputs.registry_image }} | |
| outputs: | |
| # So we can `FROM` this image in the next build | |
| digest: ${{ steps.build.outputs.digest }} | |
| steps: | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY_IMAGE }} | |
| tags: | | |
| # branch event | |
| type=ref,enable=true,prefix=,event=branch | |
| # tag event | |
| type=ref,enable=true,prefix=,event=tag | |
| # commit sha | |
| type=sha,prefix=,suffix=,format=short | |
| - name: Login to Github Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push by digest | |
| id: build | |
| uses: docker/build-push-action@v6 | |
| with: | |
| platforms: linux/amd64,linux/arm64 | |
| annotations: ${{ steps.meta.outputs.annotations }} | |
| build-args: | | |
| SOURCE_DATE_EPOCH=${{ env.SOURCE_DATE_EPOCH }} | |
| file: docker/moos-ivp/Dockerfile | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| tags: ${{ steps.meta.outputs.tags }} | |
| push: ${{ env.PUSH_IMAGE }} | |
| build-gui: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - prepare | |
| - build-minrobot | |
| env: | |
| FLAVOR: "-gui" | |
| SOURCE_DATE_EPOCH: ${{ needs.prepare.outputs.commit_time }} | |
| REGISTRY_IMAGE: ${{ needs.prepare.outputs.registry_image }} | |
| steps: | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY_IMAGE }} | |
| tags: | | |
| # branch event | |
| type=ref,enable=true,suffix=${{ env.FLAVOR }},event=branch | |
| # tag event | |
| type=ref,enable=true,suffix=${{ env.FLAVOR }},event=tag | |
| # commit sha | |
| type=sha,prefix=,suffix=${{ env.FLAVOR }},format=short | |
| - name: Login to Github Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push by digest | |
| id: build | |
| uses: docker/build-push-action@v6 | |
| with: | |
| platforms: linux/amd64,linux/arm64 | |
| annotations: ${{ steps.meta.outputs.annotations }} | |
| build-args: | | |
| FROM=${{ env.REGISTRY_IMAGE }}@${{ needs.build-minrobot.outputs.digest }} | |
| SOURCE_DATE_EPOCH=${{ env.SOURCE_DATE_EPOCH }} | |
| file: docker/moos-ivp-gui/Dockerfile | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| tags: ${{ steps.meta.outputs.tags }} | |
| push: ${{ env.PUSH_IMAGE }} | |
| push-to-registry: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - prepare | |
| - build-minrobot | |
| - build-gui | |
| env: | |
| REGISTRY_IMAGE: ${{ needs.prepare.outputs.registry_image }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| registry: [docker.io, quay.io] | |
| steps: | |
| - name: Sanitize some things | |
| id: prepare | |
| run: | | |
| # Sanitize the registry name | |
| REGISTRY="${{ matrix.registry }}" | |
| REGISTRY="${REGISTRY^^}" # upper case | |
| REGISTRY="${REGISTRY//[^A-Z0-9]/_}" # replace non-alphanumeric with _ | |
| echo "REGISTRY=${REGISTRY}" >> $GITHUB_OUTPUT | |
| # Quay & DockerHub don't support dashes in the repository name | |
| UNSANITIZED_ORG="${{ github.organization }}" | |
| REPO="${UNSANITIZED_REPO//\-/}/${{ github.repository_name }}" # Remove dashes from the repository name | |
| echo "REPOSITORY=${{ matrix.registry }}/${REPO}" | tee -a $GITHUB_OUTPUT | |
| - name: Prepare Credentials | |
| id: credentials | |
| run: | | |
| # Write the username and password to job outputs | |
| echo "REGISTRY_USERNAME=${{ secrets[format('REGISTRY_USERNAME_{0}', steps.prepare.outputs.REGISTRY)] }}" >> $GITHUB_OUTPUT | |
| echo "REGISTRY_PASSWORD=${{ secrets[format('REGISTRY_PASSWORD_{0}', steps.prepare.outputs.REGISTRY)] }}" >> $GITHUB_OUTPUT | |
| if [ ! -s $GITHUB_OUTPUT ]; then | |
| # If we don't have the relevant credentials, we can't push. Warn the user, but don't fail. | |
| echo "::warning::Pushing to ${{ matrix.registry }} is disabled; we can't find credentials" | |
| echo "REGISTRY_READY=false" >> $GITHUB_OUTPUT | |
| else | |
| echo "REGISTRY_READY=true" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ steps.prepare.outputs.REPOSITORY }} | |
| tags: | | |
| # branch event | |
| type=ref,enable=true,event=branch | |
| # tag event | |
| type=ref,enable=true,event=tag | |
| # commit sha | |
| type=sha,prefix=,format=short | |
| - name: Login to ${{ matrix.registry }} | |
| uses: docker/login-action@v3 | |
| if: steps.credentials.outputs.REGISTRY_READY == 'true' | |
| with: | |
| registry: ${{ matrix.registry }} | |
| username: ${{ job.prepare.output.REGISTRY_USERNAME }} | |
| password: ${{ job.prepare.output.REGISTRY_PASSWORD }} | |
| - name: Push to ${{ matrix.registry }} | |
| id: check | |
| if: steps.credentials.outputs.REGISTRY_READY == 'true' | |
| run: | | |
| docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | |
| ${{ env.REGISTRY_IMAGE }}@${{ needs.build-minrobot.outputs.digest }} | |
| # Cheap way to also copy the gui | |
| docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join("-gui ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | |
| ${{ env.REGISTRY_IMAGE }}@${{ needs.build-gui.outputs.digest }} |