From dba3575c0c04e67c137b0c280e483bc88713768c Mon Sep 17 00:00:00 2001 From: Conlan Cesar Date: Tue, 22 Oct 2024 20:07:46 -0400 Subject: [PATCH] Add step to copy to external registries --- .github/workflows/docker-publish.yaml | 79 ++++++++++++++++++++++++++- 1 file changed, 78 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yaml b/.github/workflows/docker-publish.yaml index 0160a8489..1f9eb7ef4 100644 --- a/.github/workflows/docker-publish.yaml +++ b/.github/workflows/docker-publish.yaml @@ -132,4 +132,81 @@ jobs: cache-from: type=gha cache-to: type=gha,mode=max tags: ${{ steps.meta.outputs.tags }} - push: ${{ env.PUSH_IMAGE }} \ No newline at end of file + push: ${{ env.PUSH_IMAGE }} + + push-to-registry: + runs-on: ubuntu-latest + needs: + - prepare + - build-minrobot + - build-gui + env: + REGISTRY_IMAGE: ${{ needs.prepare.outputs.registry_image }} + strategy: + fail-fast: false + matrix: + registry: [docker.io, quay.io] + steps: + - name: Sanitize some things + id: prepare + run: | + # Sanitize the registry name + REGISTRY="${{ matrix.registry }}" + REGISTRY="${REGISTRY^^}" # upper case + REGISTRY="${REGISTRY//[^A-Z0-9]/_}" # replace non-alphanumeric with _ + echo "REGISTRY=${REGISTRY}" >> $GITHUB_OUTPUT + + # Quay & DockerHub don't support dashes in the repository name + UNSANITIZED_ORG="${{ github.organization }}" + REPO="${UNSANITIZED_REPO//\-/}/${{ github.repository_name }}" # Remove dashes from the repository name + echo "REPOSITORY=${{ matrix.registry }}/${REPO}" | tee -a $GITHUB_OUTPUT + + - name: Prepare Credentials + id: credentials + run: | + # Write the username and password to job outputs + echo "REGISTRY_USERNAME=${{ secrets[format('REGISTRY_USERNAME_{0}', steps.prepare.outputs.REGISTRY)] }}" >> $GITHUB_OUTPUT + echo "REGISTRY_PASSWORD=${{ secrets[format('REGISTRY_PASSWORD_{0}', steps.prepare.outputs.REGISTRY)] }}" >> $GITHUB_OUTPUT + + if [ ! -s $GITHUB_OUTPUT ]; then + # If we don't have the relevant credentials, we can't push. Warn the user, but don't fail. + echo "::warning::Pushing to ${{ matrix.registry }} is disabled; we can't find credentials" + echo "REGISTRY_READY=false" >> $GITHUB_OUTPUT + else + echo "REGISTRY_READY=true" >> $GITHUB_OUTPUT + fi + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ steps.prepare.outputs.REPOSITORY }} + tags: | + # branch event + type=ref,enable=true,event=branch + # tag event + type=ref,enable=true,event=tag + # commit sha + type=sha,prefix=,format=short + + - name: Login to ${{ matrix.registry }} + uses: docker/login-action@v3 + if: steps.credentials.outputs.REGISTRY_READY == 'true' + with: + registry: ${{ matrix.registry }} + username: ${{ job.prepare.output.REGISTRY_USERNAME }} + password: ${{ job.prepare.output.REGISTRY_PASSWORD }} + + - name: Push to ${{ matrix.registry }} + id: check + if: steps.credentials.outputs.REGISTRY_READY == 'true' + run: | + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + ${{ env.REGISTRY_IMAGE }}@${{ needs.build-minrobot.outputs.digest }} + + # Cheap way to also copy the gui + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join("-gui ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + ${{ env.REGISTRY_IMAGE }}@${{ needs.build-gui.outputs.digest }}