Skip to content

v1.43.3

v1.43.3 #77

name: Publish Docker
on:
workflow_dispatch:
push:
tags:
- 'v*.*.*'
jobs:
build:
name: Build and publish docker images
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@v4
- name: Determine if images should be published to DockerHub
id: dockerhub
run: |
# check if a release branch, or master, or a tag
if [[ "${{ github.ref }}" =~ ^refs/heads/release([0-9]+)$ || "${{ github.ref }}" == "refs/heads/master" || "${{ github.ref }}" == refs/tags/* ]]
then
DOCKERHUB_PUBLISH="1"
else
DOCKERHUB_PUBLISH="0"
fi
# debug output
echo "dockerhub-publish $DOCKERHUB_PUBLISH"
echo "dockerhub-publish=$DOCKERHUB_PUBLISH" >> $GITHUB_OUTPUT
- name: Check if push to GHCR is enabled
id: check-ghcr
env:
GHCR_ENABLED: ${{ secrets.GHCR_ENABLED }}
run: |
echo "Enable push to GHCR: ${{ env.GHCR_ENABLED != '' }}"
echo "enable=${{ env.GHCR_ENABLED != '' }}" >> $GITHUB_OUTPUT
- name: Check if there is access to repo secrets (needed for build and push)
if: steps.dockerhub.outputs.dockerhub-publish == '1' || steps.check-ghcr.outputs.enable == 'true'
id: check-build-and-push
env:
SECRET_ACCESS: ${{ secrets.DOCKERHUB_USERNAME }}
run: |
echo "Enable build and push: ${{ env.SECRET_ACCESS != '' }}"
echo "enable=${{ env.SECRET_ACCESS != '' }}" >> $GITHUB_OUTPUT
- name: Get the http-server docker tag for GHCR
id: http-server-ghcr-tag
if: steps.check-build-and-push.outputs.enable == 'true'
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/${{ github.repository }}-http-server
tags: |
type=schedule
type=ref,event=branch
type=ref,event=tag
type=raw,value=latest,enable={{is_default_branch}}
type=raw,value=nightly,enable={{is_default_branch}}
- name: Get the http-server docker tag for DockerHub
id: http-server-dockerhub-tag
if: steps.check-build-and-push.outputs.enable == 'true'
uses: docker/metadata-action@v5
with:
images: |
sofietv/package-manager-http-server
tags: |
type=schedule
type=ref,event=branch
type=ref,event=tag
type=raw,value=latest,enable={{is_default_branch}}
type=raw,value=nightly,enable={{is_default_branch}}
- name: Get the quantel-http-transformer-proxy docker tag for GHCR
id: quantel-ghcr-tag
if: steps.check-build-and-push.outputs.enable == 'true'
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/${{ github.repository }}-quantel-http-transformer-proxy
tags: |
type=schedule
type=ref,event=branch
type=ref,event=tag
type=raw,value=latest,enable={{is_default_branch}}
type=raw,value=nightly,enable={{is_default_branch}}
- name: Get the quantel-http-transformer-proxy docker tag for DockerHub
id: quantel-dockerhub-tag
if: steps.check-build-and-push.outputs.enable == 'true'
uses: docker/metadata-action@v5
with:
images: |
sofietv/package-manager-quantel-http-transformer-proxy
tags: |
type=schedule
type=ref,event=branch
type=ref,event=tag
type=raw,value=latest,enable={{is_default_branch}}
type=raw,value=nightly,enable={{is_default_branch}}
- name: Set up Docker Buildx
if: steps.check-build-and-push.outputs.enable == 'true'
uses: docker/setup-buildx-action@v3
- name: Login to DockerHub
if: steps.check-build-and-push.outputs.enable == 'true' && steps.dockerhub.outputs.dockerhub-publish == '1'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GitHub Container Registry
if: steps.check-build-and-push.outputs.enable == 'true' && steps.check-ghcr.outputs.enable == 'true'
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push http-server to GHCR
if: steps.check-build-and-push.outputs.enable == 'true' && steps.check-ghcr.outputs.enable == 'true'
uses: docker/build-push-action@v5
with:
context: .
file: apps/http-server/app/Dockerfile
push: true
provenance: false
labels: ${{ steps.http-server-ghcr-tag.outputs.labels }}
tags: "${{ steps.http-server-ghcr-tag.outputs.tags }}"
- name: Build and push http-server to DockerHub
if: steps.check-build-and-push.outputs.enable == 'true' && steps.dockerhub.outputs.dockerhub-publish == '1'
uses: docker/build-push-action@v5
with:
context: .
file: apps/http-server/app/Dockerfile
push: true
provenance: false
labels: ${{ steps.http-server-dockerhub-tag.outputs.labels }}
tags: "${{ steps.http-server-dockerhub-tag.outputs.tags }}"
- name: Build and push quantel-http-transformer-proxy to GHCR
if: steps.check-build-and-push.outputs.enable == 'true' && steps.check-ghcr.outputs.enable == 'true'
uses: docker/build-push-action@v5
with:
context: .
file: apps/quantel-http-transformer-proxy/app/Dockerfile
push: true
provenance: false
labels: ${{ steps.quantel-ghcr-tag.outputs.labels }}
tags: "${{ steps.quantel-ghcr-tag.outputs.tags }}"
- name: Build and push quantel-http-transformer-proxy to DockerHub
if: steps.check-build-and-push.outputs.enable == 'true' && steps.dockerhub.outputs.dockerhub-publish == '1'
uses: docker/build-push-action@v5
with:
context: .
file: apps/quantel-http-transformer-proxy/app/Dockerfile
push: true
provenance: false
labels: ${{ steps.quantel-dockerhub-tag.outputs.labels }}
tags: "${{ steps.quantel-dockerhub-tag.outputs.tags }}"
trivy-scanning-http-server:
uses: nrkno/github-workflow-docker-build-push/.github/workflows/[email protected]
with:
runs-on: "['ubuntu-latest']"
registry-url: ghcr.io
name: nrkno/sofie-package-manager
# Don't actually push any images, this is just for trivy scanning for now
push: false
trivy-severity: "CRITICAL"
trivy-summary-enabled: true
trivy-sbom-enabled: true
dockerfile: apps/http-server/app/Dockerfile
secrets:
registry-username: ${{ github.repository_owner }}
registry-password: ${{ secrets.GITHUB_TOKEN }}
token: ${{ secrets.GITHUB_TOKEN }}
trivy-scanning-quantel-http-transformer-proxy:
uses: nrkno/github-workflow-docker-build-push/.github/workflows/[email protected]
with:
runs-on: "['ubuntu-latest']"
registry-url: ghcr.io
name: nrkno/sofie-package-manager
# Don't actually push any images, this is just for trivy scanning for now
push: false
trivy-severity: "CRITICAL"
trivy-summary-enabled: true
trivy-sbom-enabled: true
dockerfile: apps/quantel-http-transformer-proxy/app/Dockerfile
secrets:
registry-username: ${{ github.repository_owner }}
registry-password: ${{ secrets.GITHUB_TOKEN }}
token: ${{ secrets.GITHUB_TOKEN }}