Hamster Left A Pull Request - (Update CI.) (#10001)

Co-authored-by: Vedansh <[email protected]>
offensive-vk · Oct 13, 2024 · 616846d · 616846d
1 parent 1954a06
commit 616846d
Show file tree

Hide file tree

Showing 2 changed files with 78 additions and 64 deletions.
diff --git a/.github/workflows/bulk.yml b/.github/workflows/bulk.yml
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -1,24 +1,32 @@
-name: Deploy to GHCR
+name: Publish Multi Platform Docker Images
 
 on:
   schedule:
     - cron: '0 0 * * 0'
   workflow_dispatch:
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 env:
-  USERNAME: ${{ github.repository_owner || 'offensive-vk' }}
-  REGISTRY: ghcr.io
-  IMAGE_NAME: ${{ github.repository }}
-  PASSWORD: ${{ secrets.GITHUB_TOKEN }}
+  GITHUB: ghcr.io
+  GITLAB: registry.gitlab.com
+  DOCKERFILE: ./Dockerfile
+  MULTI_ARCH: true
+  GLCR: ${{ secrets.GLCR_SLUG }}
+  GHCR: ${{ secrets.GHCR_SLUG }}
+  GLCR_PASSWORD: ${{ secrets.GLCR_TOKEN }}
+  GHCR_PASSWORD: ${{ secrets.GHCR_TOKEN }}
 
 jobs:
   deploy:
     runs-on: ubuntu-latest
+    name: Publish Images
     permissions:
       contents: read
       packages: write
-
-    name: Deploy
+      id-token: write
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -33,36 +41,75 @@ jobs:
         id: meta
         uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
         with:
-            images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-            tags: |
-              type=ref,event=pr
-              type=edge
-            flavor: |
-              latest=true
-            labels: |
-              org.opencontainers.image.title=Classics
-              org.opencontainers.image.vendor=Vedansh
-              org.opencontainers.image.source=https://github.com/offensive-vk/Classics
+          images: |
+            ${{ env.GHCR }}
+            ${{ env.GLCR }}
+          tags: |
+            type=edge
+          flavor: |
+            latest=true
+          labels: |
+            org.opencontainers.image.title=Classics
+            org.opencontainers.image.vendor=Vedansh
+            org.opencontainers.image.multi-platform=true
+            org.opencontainers.image.source=https://github.com/offensive-vk/Classics
 
-      - name: Login to the Container Registry
-        uses: docker/login-action@v3
+      - name: Install Cosign
+        if: github.event_name != 'pull_request'
+        uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 #v3.6.0
         with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ env.USERNAME }}
-          password: ${{ env.PASSWORD }}
+          cosign-release: 'v2.1.1'
 
-      - name: Verify Tags and Labels
-        run: |
-          echo "## Github Action Summary - GHCR " >> $GITHUB_STEP_SUMMARY
-          echo "${{ steps.meta.outputs.tags }} " >> $GITHUB_STEP_SUMMARY
-          echo "${{ steps.meta.outputs.labels }} " >> $GITHUB_STEP_SUMMARY
-          echo "*** VERIFICATION COMPLETED ***"
+      - name: Login to Gitlab Container Registry
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@3b8fed7e4b60203b2aa0ecc6c6d6d91d12c06760 # v3.0.0
+        with:
+          registry: ${{ env.GITLAB }}
+          username: ${{ github.repository_owner }}
+          password: ${{ env.GLCR_PASSWORD }}
+
+      - name: Login to Github Container Registry
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.GITHUB }}
+          username: ${{ github.repository_owner }}
+          password: ${{ env.GHCR_PASSWORD }}
 
-      - name: Build and Push Docker Image
+      - name: Build and Push Image
+        id: build-and-push
         uses: docker/build-push-action@e44afff3590e1d4f93b6adc72376512edb012a7c # v5.0.0
         with:
           context: .
-          push: true
+          push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-          platforms: linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7
+          platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/amd64/v2,linux/amd64/v3
+
+      - name: Check Manifests
+        if: github.event_name != 'pull_request'
+        run: |
+          docker buildx imagetools inspect ${{ env.DOCKERHUB }}:${{ steps.meta.outputs.version }}
+          docker buildx imagetools inspect ${{ env.GHCR }}:${{ steps.meta.outputs.version }}
+    
+      - name: Inspect Image
+        if: github.event_name != 'pull_request'
+        run: |
+          docker pull ${{ env.GHCR }}:${{ steps.meta.outputs.version }}
+          docker image inspect ${{ env.GHCR }}:${{ steps.meta.outputs.version }}
+          docker pull ${{ env.GLCR }}:${{ steps.meta.outputs.version }}
+          docker image inspect ${{ env.GLCR }}:${{ steps.meta.outputs.version }}
+          
+      - name: Sign the Published image
+        if: ${{ github.event_name != 'pull_request' }}
+        env:
+          TAGS: ${{ steps.meta.outputs.tags }}
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+        run: echo "Image with ${TAGS} tag has been sucessfully Signed."
+
+      - name: Verify Tags and Labels
+        run: |
+          echo "## Action Summary - Docker CI " >> $GITHUB_STEP_SUMMARY
+          echo "${{ steps.meta.outputs.tags }}" >> $GITHUB_STEP_SUMMARY
+          echo "${{ steps.meta.outputs.labels }} " >> $GITHUB_STEP_SUMMARY
+          echo "*** VERIFICATION COMPLETED ***"