Add step to copy to external registries

HeroCC · Oct 23, 2024 · dba3575 · dba3575
1 parent aa8d76a
commit dba3575
Showing 1 changed file with 78 additions and 1 deletion.
diff --git a/.github/workflows/docker-publish.yaml b/.github/workflows/docker-publish.yaml
@@ -132,4 +132,81 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
           tags: ${{ steps.meta.outputs.tags }}
-          push: ${{ env.PUSH_IMAGE }}
+          push: ${{ env.PUSH_IMAGE }}
+
+  push-to-registry:
+    runs-on: ubuntu-latest
+    needs:
+      - prepare
+      - build-minrobot
+      - build-gui
+    env:
+      REGISTRY_IMAGE: ${{ needs.prepare.outputs.registry_image }}
+    strategy:
+      fail-fast: false
+      matrix:
+        registry: [docker.io, quay.io]
+    steps:
+      - name: Sanitize some things
+        id: prepare
+        run: |
+          # Sanitize the registry name
+          REGISTRY="${{ matrix.registry }}"
+          REGISTRY="${REGISTRY^^}" # upper case
+          REGISTRY="${REGISTRY//[^A-Z0-9]/_}" # replace non-alphanumeric with _
+          echo "REGISTRY=${REGISTRY}" >> $GITHUB_OUTPUT
+
+          # Quay & DockerHub don't support dashes in the repository name
+          UNSANITIZED_ORG="${{ github.organization }}"
+          REPO="${UNSANITIZED_REPO//\-/}/${{ github.repository_name }}" # Remove dashes from the repository name
+          echo "REPOSITORY=${{ matrix.registry }}/${REPO}" | tee -a $GITHUB_OUTPUT
+
+      - name: Prepare Credentials
+        id: credentials
+        run: |
+          # Write the username and password to job outputs
+          echo "REGISTRY_USERNAME=${{ secrets[format('REGISTRY_USERNAME_{0}', steps.prepare.outputs.REGISTRY)] }}" >> $GITHUB_OUTPUT
+          echo "REGISTRY_PASSWORD=${{ secrets[format('REGISTRY_PASSWORD_{0}', steps.prepare.outputs.REGISTRY)] }}" >> $GITHUB_OUTPUT
+
+          if [ ! -s $GITHUB_OUTPUT ]; then
+            # If we don't have the relevant credentials, we can't push. Warn the user, but don't fail.
+            echo "::warning::Pushing to ${{ matrix.registry }} is disabled; we can't find credentials"
+            echo "REGISTRY_READY=false" >> $GITHUB_OUTPUT
+          else
+            echo "REGISTRY_READY=true" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ steps.prepare.outputs.REPOSITORY }}
+          tags: |
+            # branch event
+            type=ref,enable=true,event=branch
+            # tag event
+            type=ref,enable=true,event=tag
+            # commit sha
+            type=sha,prefix=,format=short
+
+      - name: Login to ${{ matrix.registry }}
+        uses: docker/login-action@v3
+        if: steps.credentials.outputs.REGISTRY_READY == 'true'
+        with:
+          registry: ${{ matrix.registry }}
+          username: ${{ job.prepare.output.REGISTRY_USERNAME }}
+          password: ${{ job.prepare.output.REGISTRY_PASSWORD }}
+
+      - name: Push to ${{ matrix.registry }}
+        id: check
+        if: steps.credentials.outputs.REGISTRY_READY == 'true'
+        run: |
+          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+              ${{ env.REGISTRY_IMAGE }}@${{ needs.build-minrobot.outputs.digest }}
+
+          # Cheap way to also copy the gui
+          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join("-gui ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+              ${{ env.REGISTRY_IMAGE }}@${{ needs.build-gui.outputs.digest }}