CI / Publish Docker Images #11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI / Publish Docker Images | |
| on: | |
| schedule: | |
| - cron: '0 0 * * 0' | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| DOCKER: docker.io | |
| GITHUB: ghcr.io | |
| GITLAB: registry.gitlab.com | |
| DOCKERFILE: ./Dockerfile | |
| MULTI_ARCH: true | |
| GLCR: ${{ secrets.GLCR_SLUG }} | |
| GHCR: ${{ secrets.GHCR_SLUG }} | |
| DOCKERHUB: ${{ secrets.DOCKER_USER }}/${{secrets.DOCKER_IMAGE }} | |
| USERNAME: ${{ secrets.DOCKER_USER }} | |
| PASSWORD: ${{ secrets.DOCKER_TOKEN }} | |
| GLCR_PASSWORD: ${{ secrets.GLCR_TOKEN }} | |
| GHCR_PASSWORD: ${{ secrets.GHCR_TOKEN }} | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| name: Publish Images | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 | |
| - name: Extract Docker Metadata | |
| id: meta | |
| uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 | |
| with: | |
| images: | | |
| ${{ env.DOCKERHUB }} | |
| ${{ env.GHCR }} | |
| ${{ env.GLCR }} | |
| tags: | | |
| type=edge | |
| flavor: | | |
| latest=true | |
| labels: | | |
| org.opencontainers.image.title=Icons | |
| org.opencontainers.image.vendor=Vedansh | |
| org.opencontainers.image.multi-platform=true | |
| org.opencontainers.image.source=https://github.com/offensive-vk/Icons | |
| - name: Install Cosign | |
| if: github.event_name != 'pull_request' | |
| uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 #v3.6.0 | |
| with: | |
| cosign-release: 'v2.1.1' | |
| - name: Login to Dockerhub | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@3b8fed7e4b60203b2aa0ecc6c6d6d91d12c06760 # v3.0.0 | |
| with: | |
| registry: ${{ env.DOCKER }} | |
| username: ${{ env.USERNAME }} | |
| password: ${{ env.PASSWORD }} | |
| - name: Login to Gitlab Container Registry | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@3b8fed7e4b60203b2aa0ecc6c6d6d91d12c06760 # v3.0.0 | |
| with: | |
| registry: ${{ env.GITLAB }} | |
| username: ${{ github.repository_owner }} | |
| password: ${{ env.GLCR_PASSWORD }} | |
| - name: Login to Github Container Registry | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.GITHUB }} | |
| username: ${{ github.repository_owner }} | |
| password: ${{ env.GHCR_PASSWORD }} | |
| - name: Build and Push Image | |
| id: build-and-push | |
| uses: docker/build-push-action@e44afff3590e1d4f93b6adc72376512edb012a7c # v5.0.0 | |
| with: | |
| context: . | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/amd64/v2,linux/amd64/v3 | |
| - name: Sign the Published image | |
| if: ${{ github.event_name != 'pull_request' }} | |
| env: | |
| TAGS: ${{ steps.meta.outputs.tags }} | |
| DIGEST: ${{ steps.build-and-push.outputs.digest }} | |
| run: echo "Image with ${TAGS} tag has been sucessfully Signed." | |
| - name: Verify Tags and Labels | |
| run: | | |
| echo "## Action Summary - Docker CI " >> $GITHUB_STEP_SUMMARY | |
| echo "${{ steps.meta.outputs.tags }}" >> $GITHUB_STEP_SUMMARY | |
| echo "${{ steps.meta.outputs.labels }} " >> $GITHUB_STEP_SUMMARY | |
| echo "*** VERIFICATION COMPLETED ***" |