v1.43.2 #65
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish Docker | |
on: | |
workflow_dispatch: | |
push: | |
tags: | |
- 'v*.*.*' | |
jobs: | |
build: | |
name: Build and publish docker images | |
runs-on: ubuntu-latest | |
timeout-minutes: 15 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Determine if images should be published to DockerHub | |
id: dockerhub | |
run: | | |
# check if a release branch, or master, or a tag | |
if [[ "${{ github.ref }}" =~ ^refs/heads/release([0-9]+)$ || "${{ github.ref }}" == "refs/heads/master" || "${{ github.ref }}" == refs/tags/* ]] | |
then | |
DOCKERHUB_PUBLISH="1" | |
else | |
DOCKERHUB_PUBLISH="0" | |
fi | |
# debug output | |
echo "dockerhub-publish $DOCKERHUB_PUBLISH" | |
echo "dockerhub-publish=$DOCKERHUB_PUBLISH" >> $GITHUB_OUTPUT | |
- name: Check if push to GHCR is enabled | |
id: check-ghcr | |
env: | |
GHCR_ENABLED: ${{ secrets.GHCR_ENABLED }} | |
run: | | |
echo "Enable push to GHCR: ${{ env.GHCR_ENABLED != '' }}" | |
echo "enable=${{ env.GHCR_ENABLED != '' }}" >> $GITHUB_OUTPUT | |
- name: Check if there is access to repo secrets (needed for build and push) | |
if: steps.dockerhub.outputs.dockerhub-publish == '1' || steps.check-ghcr.outputs.enable == 'true' | |
id: check-build-and-push | |
env: | |
SECRET_ACCESS: ${{ secrets.DOCKERHUB_USERNAME }} | |
run: | | |
echo "Enable build and push: ${{ env.SECRET_ACCESS != '' }}" | |
echo "enable=${{ env.SECRET_ACCESS != '' }}" >> $GITHUB_OUTPUT | |
- name: Get the http-server docker tag for GHCR | |
id: http-server-ghcr-tag | |
if: steps.check-build-and-push.outputs.enable == 'true' | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
ghcr.io/${{ github.repository }}-http-server | |
tags: | | |
type=schedule | |
type=ref,event=branch | |
type=ref,event=tag | |
type=raw,value=latest,enable={{is_default_branch}} | |
type=raw,value=nightly,enable={{is_default_branch}} | |
- name: Get the http-server docker tag for DockerHub | |
id: http-server-dockerhub-tag | |
if: steps.check-build-and-push.outputs.enable == 'true' | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
sofietv/package-manager-http-server | |
tags: | | |
type=schedule | |
type=ref,event=branch | |
type=ref,event=tag | |
type=raw,value=latest,enable={{is_default_branch}} | |
type=raw,value=nightly,enable={{is_default_branch}} | |
- name: Get the quantel-http-transformer-proxy docker tag for GHCR | |
id: quantel-ghcr-tag | |
if: steps.check-build-and-push.outputs.enable == 'true' | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
ghcr.io/${{ github.repository }}-quantel-http-transformer-proxy | |
tags: | | |
type=schedule | |
type=ref,event=branch | |
type=ref,event=tag | |
type=raw,value=latest,enable={{is_default_branch}} | |
type=raw,value=nightly,enable={{is_default_branch}} | |
- name: Get the quantel-http-transformer-proxy docker tag for DockerHub | |
id: quantel-dockerhub-tag | |
if: steps.check-build-and-push.outputs.enable == 'true' | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
sofietv/package-manager-quantel-http-transformer-proxy | |
tags: | | |
type=schedule | |
type=ref,event=branch | |
type=ref,event=tag | |
type=raw,value=latest,enable={{is_default_branch}} | |
type=raw,value=nightly,enable={{is_default_branch}} | |
- name: Set up Docker Buildx | |
if: steps.check-build-and-push.outputs.enable == 'true' | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to DockerHub | |
if: steps.check-build-and-push.outputs.enable == 'true' && steps.dockerhub.outputs.dockerhub-publish == '1' | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Login to GitHub Container Registry | |
if: steps.check-build-and-push.outputs.enable == 'true' && steps.check-ghcr.outputs.enable == 'true' | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and push http-server to GHCR | |
if: steps.check-build-and-push.outputs.enable == 'true' && steps.check-ghcr.outputs.enable == 'true' | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: apps/http-server/app/Dockerfile | |
push: true | |
provenance: false | |
labels: ${{ steps.http-server-ghcr-tag.outputs.labels }} | |
tags: "${{ steps.http-server-ghcr-tag.outputs.tags }}" | |
- name: Build and push http-server to DockerHub | |
if: steps.check-build-and-push.outputs.enable == 'true' && steps.dockerhub.outputs.dockerhub-publish == '1' | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: apps/http-server/app/Dockerfile | |
push: true | |
provenance: false | |
labels: ${{ steps.http-server-dockerhub-tag.outputs.labels }} | |
tags: "${{ steps.http-server-dockerhub-tag.outputs.tags }}" | |
- name: Build and push quantel-http-transformer-proxy to GHCR | |
if: steps.check-build-and-push.outputs.enable == 'true' && steps.check-ghcr.outputs.enable == 'true' | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: apps/quantel-http-transformer-proxy/app/Dockerfile | |
push: true | |
provenance: false | |
labels: ${{ steps.quantel-ghcr-tag.outputs.labels }} | |
tags: "${{ steps.quantel-ghcr-tag.outputs.tags }}" | |
- name: Build and push quantel-http-transformer-proxy to DockerHub | |
if: steps.check-build-and-push.outputs.enable == 'true' && steps.dockerhub.outputs.dockerhub-publish == '1' | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: apps/quantel-http-transformer-proxy/app/Dockerfile | |
push: true | |
provenance: false | |
labels: ${{ steps.quantel-dockerhub-tag.outputs.labels }} | |
tags: "${{ steps.quantel-dockerhub-tag.outputs.tags }}" | |
trivy-scanning-http-server: | |
uses: nrkno/github-workflow-docker-build-push/.github/workflows/workflow.yaml@v4.0.1 | |
with: | |
runs-on: "['ubuntu-latest']" | |
registry-url: ghcr.io | |
name: nrkno/sofie-package-manager | |
# Don't actually push any images, this is just for trivy scanning for now | |
push: false | |
trivy-severity: "CRITICAL" | |
trivy-summary-enabled: true | |
trivy-sbom-enabled: true | |
dockerfile: apps/http-server/app/Dockerfile | |
secrets: | |
registry-username: ${{ github.repository_owner }} | |
registry-password: ${{ secrets.GITHUB_TOKEN }} | |
token: ${{ secrets.GITHUB_TOKEN }} | |
trivy-scanning-quantel-http-transformer-proxy: | |
uses: nrkno/github-workflow-docker-build-push/.github/workflows/workflow.yaml@v4.0.1 | |
with: | |
runs-on: "['ubuntu-latest']" | |
registry-url: ghcr.io | |
name: nrkno/sofie-package-manager | |
# Don't actually push any images, this is just for trivy scanning for now | |
push: false | |
trivy-severity: "CRITICAL" | |
trivy-summary-enabled: true | |
trivy-sbom-enabled: true | |
dockerfile: apps/quantel-http-transformer-proxy/app/Dockerfile | |
secrets: | |
registry-username: ${{ github.repository_owner }} | |
registry-password: ${{ secrets.GITHUB_TOKEN }} | |
token: ${{ secrets.GITHUB_TOKEN }} |