From 1c2b7bd74b59edadbaf9fdace9c571b77e72cab0 Mon Sep 17 00:00:00 2001 From: kodxana Date: Fri, 13 May 2022 21:32:08 +0200 Subject: [PATCH 1/7] Create docker.yml --- .github/workflows/docker.yml | 86 ++++++++++++++++++++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100644 .github/workflows/docker.yml diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml new file mode 100644 index 00000000..f724f1c0 --- /dev/null +++ b/.github/workflows/docker.yml @@ -0,0 +1,86 @@ +name: docker + +on: + workflow_dispatch: + inputs: + note: + description: 'Note' + required: false + default: '' + pull_request: + push: + tags: + - '*' + +env: + # github.repository as / + IMAGE_NAME: lbry/lbcd + +jobs: + build: + + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + # This is used to complete the identity challenge + # with sigstore/fulcio when running outside of PRs. + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + # Install the cosign tool except on PR + # https://github.com/sigstore/cosign-installer + - name: Install cosign + if: github.event_name != 'pull_request' + uses: sigstore/cosign-installer@d6a3abf1bdea83574e28d40543793018b6035605 + with: + cosign-release: 'v1.7.1' + + + # Workaround: https://github.com/docker/build-push-action/issues/461 + - name: Setup Docker buildx + uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf + + # Login against a Docker registry except on PR + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 + with: + images: lbry/lbcd + + # Build and push Docker image with Buildx (don't push on PR) + # https://github.com/docker/build-push-action + - name: Build and push Docker image + id: build-and-push + uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a + with: + context: . + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + # Sign the resulting Docker image digest except on PRs. + # This will only write to the public Rekor transparency log when the Docker + # repository is public to avoid leaking data. If you would like to publish + # transparency data even for private images, pass --force to cosign below. + # https://github.com/sigstore/cosign + - name: Sign the published Docker image + if: ${{ github.event_name != 'pull_request' }} + env: + COSIGN_EXPERIMENTAL: "true" + # This step uses the identity token to provision an ephemeral certificate + # against the sigstore community Fulcio instance. + run: cosign sign ${{ steps.meta.outputs.tags }}@${{ steps.build-and-push.outputs.digest }} -- 2.45.2 From a42741127b40439f466fa8afb1c84799df7ccc5b Mon Sep 17 00:00:00 2001 From: Roy Lee Date: Fri, 13 May 2022 12:55:16 -0700 Subject: [PATCH 2/7] Update docker.yml Parameterize docker repo --- .github/workflows/docker.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index f724f1c0..14a7f3d0 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -3,6 +3,10 @@ name: docker on: workflow_dispatch: inputs: + repo: + description: 'Repository' + required: false + default: 'lbry/lbcd' note: description: 'Note' required: false @@ -14,7 +18,7 @@ on: env: # github.repository as / - IMAGE_NAME: lbry/lbcd + IMAGE_NAME: ${{ inputs.repo }} jobs: build: @@ -50,8 +54,8 @@ jobs: if: github.event_name != 'pull_request' uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} # Extract metadata (tags, labels) for Docker # https://github.com/docker/metadata-action @@ -59,7 +63,7 @@ jobs: id: meta uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 with: - images: lbry/lbcd + images: ${{ inputs.repo }} # Build and push Docker image with Buildx (don't push on PR) # https://github.com/docker/build-push-action -- 2.45.2 From 526d123fac7f88a9030e35454baa6cde59f86df2 Mon Sep 17 00:00:00 2001 From: Roy Lee Date: Fri, 13 May 2022 13:01:26 -0700 Subject: [PATCH 3/7] Update docker.yml update inputs.repo --- .github/workflows/docker.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 14a7f3d0..876dc126 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -18,7 +18,7 @@ on: env: # github.repository as / - IMAGE_NAME: ${{ inputs.repo }} + IMAGE_NAME: ${{ github.event.inputs.repo }} jobs: build: @@ -63,7 +63,7 @@ jobs: id: meta uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 with: - images: ${{ inputs.repo }} + images: ${{ github.event.inputs.repo }} # Build and push Docker image with Buildx (don't push on PR) # https://github.com/docker/build-push-action -- 2.45.2 From 020654186536168e70cbb1431e39c936410ab8c4 Mon Sep 17 00:00:00 2001 From: Roy Lee Date: Fri, 13 May 2022 13:15:25 -0700 Subject: [PATCH 4/7] Update docker.yml --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 876dc126..24c59b67 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -1,4 +1,4 @@ -name: docker +name: Publish Docker Image on: workflow_dispatch: -- 2.45.2 From 9e73e3af84b2c8833a3d8042103f10cde0432850 Mon Sep 17 00:00:00 2001 From: Roy Lee Date: Fri, 13 May 2022 13:29:53 -0700 Subject: [PATCH 5/7] Update docker.yml --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 24c59b67..f60e5fde 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -63,7 +63,7 @@ jobs: id: meta uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 with: - images: ${{ github.event.inputs.repo }} + images: lbry/lbcd # Build and push Docker image with Buildx (don't push on PR) # https://github.com/docker/build-push-action -- 2.45.2 From 52f9c05e66646ef2b70c7a733aec0c6f0066627f Mon Sep 17 00:00:00 2001 From: Roy Lee Date: Fri, 13 May 2022 13:41:00 -0700 Subject: [PATCH 6/7] Update docker.yml --- .github/workflows/docker.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index f60e5fde..d138b83d 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -11,7 +11,6 @@ on: description: 'Note' required: false default: '' - pull_request: push: tags: - '*' @@ -63,7 +62,7 @@ jobs: id: meta uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 with: - images: lbry/lbcd + images: ${{ github.event.inputs.repo }} # Build and push Docker image with Buildx (don't push on PR) # https://github.com/docker/build-push-action -- 2.45.2 From 0e924e317e9872869007b10c8068d32f577eb192 Mon Sep 17 00:00:00 2001 From: Roy Lee Date: Fri, 13 May 2022 13:43:13 -0700 Subject: [PATCH 7/7] Rename docker.yml to docker-publish.yml --- .github/workflows/{docker.yml => docker-publish.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{docker.yml => docker-publish.yml} (100%) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker-publish.yml similarity index 100% rename from .github/workflows/docker.yml rename to .github/workflows/docker-publish.yml -- 2.45.2