200 lines
7.8 KiB
YAML
200 lines
7.8 KiB
YAML
name: Build Docker image
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
repo:
|
|
description: '仓库地址'
|
|
required: true
|
|
type: string
|
|
|
|
ref:
|
|
description: '分支名称'
|
|
required: true
|
|
type: string
|
|
|
|
image_name:
|
|
description: '镜像名称'
|
|
required: true
|
|
type: string
|
|
|
|
image_tag:
|
|
description: '镜像标签'
|
|
required: false
|
|
default: 'latest'
|
|
type: string
|
|
|
|
build_target:
|
|
description: '构建目标'
|
|
required: false
|
|
type: string
|
|
|
|
architectures:
|
|
description: '构建架构'
|
|
required: false
|
|
type: string
|
|
default: "linux/amd64, linux/arm64, linux/arm/v7"
|
|
|
|
dockerfile:
|
|
description: 'Dockerfile 在仓库中的路径'
|
|
required: false
|
|
type: string
|
|
default: 'Dockerfile'
|
|
|
|
env:
|
|
IMAGE_DESCRIPTION: Built by GitHub Actions, the associated workflow is https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
|
|
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
id-token: write
|
|
attestations: write
|
|
|
|
jobs:
|
|
publish-docker:
|
|
name: Build and publish
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Set env
|
|
env:
|
|
IMAGE_NAME=${{ github.event.inputs.image_name }}
|
|
run: |
|
|
owner=$(echo '${{ github.repository_owner }}' | tr '[:upper:]' '[:lower:]')
|
|
echo "OWNER=$owner" >> "$GITHUB_ENV"
|
|
echo "IMAGE_FULL_NAME=ghcr.io/${{ env.OWNER }}/$IMAGE_NAME" >> $GITHUB_ENV
|
|
echo "IMAGE_NAME=$IMAGE_NAME" >> $GITHUB_ENV
|
|
echo "IMAGE_TAG=${{ github.event.inputs.image_tag }}" >> $GITHUB_ENV
|
|
|
|
- name: Checkout repository
|
|
env:
|
|
REPO_URL: ${{ github.event.inputs.repo }}
|
|
TARGET_REF: ${{ github.event.inputs.ref }}
|
|
run: |
|
|
git clone $REPO_URL .
|
|
git fetch --tags
|
|
git checkout $TARGET_REF
|
|
|
|
- name: Set up Ruby
|
|
uses: ruby/setup-ruby@v1
|
|
with:
|
|
ruby-version: '3.0'
|
|
- name: Get license
|
|
run: |
|
|
gem install licensee
|
|
license_result=$(licensee detect --json | jq -r '.licenses[0].spdx_id' 2>&1)
|
|
status=$?
|
|
if [ $status -eq 0 ]; then
|
|
if [ "$license_result" = "null" ] || [ -z "$license_result" ]; then
|
|
echo "LICENSES=none" >> "$GITHUB_ENV"
|
|
else
|
|
echo "LICENSES=$license_result" >> "$GITHUB_ENV"
|
|
fi
|
|
else
|
|
echo "LICENSES=none" >> "$GITHUB_ENV"
|
|
fi
|
|
|
|
- name: Confirm current version
|
|
run: |
|
|
git describe --tags --always
|
|
|
|
- name: Login to GitHub Container Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ env.OWNER }}
|
|
password: ${{ github.token }}
|
|
|
|
- name: Extract metadata (tags, labels) for image registry
|
|
id: meta
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: ${{ env.IMAGE_FULL_NAME }}
|
|
annotations: |
|
|
org.opencontainers.image.description=${{ env.IMAGE_DESCRIPTION }}
|
|
org.opencontainers.image.url=${{ github.event.inputs.repo }}
|
|
org.opencontainers.image.source=${{ github.event.inputs.repo }}
|
|
org.opencontainers.image.title=${{ env.IMAGE_NAME }}
|
|
org.opencontainers.image.version=${{ env.IMAGE_TAG }}
|
|
${{ env.LICENSES != 'none' && format('org.opencontainers.image.licenses={0}', env.LICENSES) || '' }}
|
|
labels: |
|
|
org.opencontainers.image.description=${{ env.IMAGE_DESCRIPTION }}
|
|
org.opencontainers.image.url=${{ github.event.inputs.repo }}
|
|
org.opencontainers.image.source=${{ github.event.inputs.repo }}
|
|
org.opencontainers.image.title=${{ env.IMAGE_NAME }}
|
|
org.opencontainers.image.version=${{ env.IMAGE_TAG }}
|
|
${{ env.LICENSES != 'none' && format('org.opencontainers.image.licenses={0}', env.LICENSES) || '' }}
|
|
env:
|
|
DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
|
|
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@v3
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
- name: Build and push
|
|
id: push
|
|
uses: docker/build-push-action@v6
|
|
with:
|
|
context: .
|
|
target: ${{ github.event.inputs.build_target }}
|
|
push: true
|
|
file: ${{ github.event.inputs.dockerfile }}
|
|
tags: |
|
|
${{ env.IMAGE_FULL_NAME }}:${{ env.IMAGE_TAG }}
|
|
${{ github.event.inputs.image_tag != 'latest' && format('{0}:latest', env.IMAGE_FULL_NAME) || '' }}
|
|
annotations: ${{ steps.meta.outputs.annotations }}
|
|
labels: ${{ steps.meta.outputs.labels }}
|
|
cache-from: type=gha
|
|
cache-to: type=gha,mode=max
|
|
platforms: ${{ github.event.inputs.architectures }}
|
|
|
|
- name: Calculate image size
|
|
run: |
|
|
docker manifest inspect ${{ env.IMAGE_FULL_NAME }}:${{ env.IMAGE_TAG }} -v > manifest.json
|
|
curl -o ./get_image_size.sh -s https://raw.githubusercontent.com/${{ github.repository }}/refs/heads/script/get_image_size.sh
|
|
chmod +x get_image_size.sh
|
|
|
|
- name: Get the package id
|
|
run: |
|
|
gh auth login --with-token <<< "${{ github.token }}"
|
|
response=$(gh api \
|
|
-H "Accept: application/vnd.github+json" \
|
|
-H "X-GitHub-Api-Version: 2022-11-28" \
|
|
/users/${{ env.OWNER }}/packages/container/${{ env.IMAGE_NAME }}/versions)
|
|
version_id=$(echo "$response" | jq -r '.[] | select(.metadata.container.tags[]? == "${{ env.IMAGE_TAG }}") | .id')
|
|
echo "VERSION_ID=$version_id" >> $GITHUB_ENV
|
|
|
|
- name: Add a summary for the job
|
|
run: |
|
|
arch_array=($(echo ${{ github.event.inputs.architectures }} | tr -d '"' | tr ',' '\n' | tr -d ' '))
|
|
echo "## Build Report" >> $GITHUB_STEP_SUMMARY
|
|
echo "### Get the image" >> $GITHUB_STEP_SUMMARY
|
|
echo "<pre lang="bash">" >> $GITHUB_STEP_SUMMARY
|
|
echo "<code>docker pull ${{ env.IMAGE_FULL_NAME }}:${{ env.IMAGE_TAG }}</code>" >> $GITHUB_STEP_SUMMARY
|
|
echo "</pre>" >> $GITHUB_STEP_SUMMARY
|
|
echo "" >> $GITHUB_STEP_SUMMARY
|
|
echo "Image Url: https://github.com/users/${{ env.OWNER }}/packages/container/${{ env.IMAGE_NAME }}/${{ env.VERSION_ID }}?tag=${{ env.IMAGE_TAG }}" >> $GITHUB_STEP_SUMMARY
|
|
echo "### Image info" >> $GITHUB_STEP_SUMMARY
|
|
echo "" >> $GITHUB_STEP_SUMMARY
|
|
echo "| Repository | Reference / Branch / Tag | Push Time |" >> $GITHUB_STEP_SUMMARY
|
|
echo "|:-:|:-:|:-:|" >> $GITHUB_STEP_SUMMARY
|
|
echo "| ${{ github.event.inputs.repo }} | [$(git log --pretty=format:"%h" -n 1)](${{ github.event.inputs.repo }}/tree/$(git log --pretty=format:"%H" -n 1)) |$(git log --pretty=format:"%ci" -n 1)|" >> $GITHUB_STEP_SUMMARY
|
|
echo "" >> $GITHUB_STEP_SUMMARY
|
|
echo "| Architecture | Image Size |" >> $GITHUB_STEP_SUMMARY
|
|
echo "|:-:|:-:|" >> $GITHUB_STEP_SUMMARY
|
|
for arch in "${arch_array[@]}"; do
|
|
echo "| $arch | $(./get_image_size.sh --arch $arch) |" >> $GITHUB_STEP_SUMMARY
|
|
done
|
|
echo "### Verify the image" >> $GITHUB_STEP_SUMMARY
|
|
echo "You can use github cli to verify the image, run the command:" >> $GITHUB_STEP_SUMMARY
|
|
echo "<pre lang="bash"><code>" >> $GITHUB_STEP_SUMMARY
|
|
echo "gh attestation verify oci://${{ env.IMAGE_FULL_NAME }}:${{ env.IMAGE_TAG }} -R ${{ github.repository }}" >> $GITHUB_STEP_SUMMARY
|
|
echo "</code></pre>" >> $GITHUB_STEP_SUMMARY
|
|
|
|
- name: Generate artifact attestation
|
|
uses: actions/attest-build-provenance@v3
|
|
with:
|
|
subject-name: ${{ env.IMAGE_FULL_NAME }}
|
|
subject-digest: ${{ steps.push.outputs.digest }}
|
|
push-to-registry: true
|