Skip to content

Commit 8e0292d

Browse files
thespadthespad
committed
Release v8
1 parent 5edaa77 commit 8e0292d

6 files changed

Lines changed: 245 additions & 82 deletions

File tree

.github/workflows/build-image.yml

Lines changed: 72 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,14 @@ on:
2121
release_name:
2222
required: false
2323
type: string
24+
sign_image:
25+
required: false
26+
type: boolean
27+
default: true
28+
branch_name:
29+
required: false
30+
type: string
31+
default: "main"
2432
secrets:
2533
OP_SERVICE_ACCOUNT_TOKEN:
2634
required: true
@@ -33,6 +41,8 @@ jobs:
3341
-
3442
name: Checkout
3543
uses: actions/checkout@v6
44+
with:
45+
ref: ${{ github.head_ref || inputs.branch_name }}
3646
-
3747
name: Docker meta
3848
id: docker_meta
@@ -44,24 +54,28 @@ jobs:
4454
org.opencontainers.image.title=${{ inputs.app_name }}
4555
org.opencontainers.image.description=${{ inputs.app_name }}
4656
org.opencontainers.image.vendor=${{ inputs.repo_owner }}
57+
org.opencontainers.image.documentation=https://github.com/linuxserver-labs/${{ inputs.app_name }}
58+
flavor: |
59+
latest=false
4760
tags: |
48-
type=schedule
4961
type=ref,event=branch
5062
type=ref,event=tag
5163
type=ref,event=pr
52-
type=raw,value=latest,enable={{is_default_branch}}
64+
type=raw,value=${{ github.head_ref || inputs.branch_name }},enable=true
65+
type=raw,value=${{ github.head_ref || inputs.branch_name }},enable=true
5366
-
5467
name: Set up QEMU
5568
uses: docker/setup-qemu-action@v4
5669
-
5770
name: Set up Docker Buildx
58-
uses: docker/setup-buildx-action@v3.12.0
71+
uses: docker/setup-buildx-action@v4.0.0
5972
-
6073
name: Install Cosign
61-
uses: sigstore/cosign-installer@v3.10.0
74+
if: ${{ inputs.sign_image == 'true' }}
75+
uses: sigstore/cosign-installer@v4.1.1
6276
-
6377
name: Login to GitHub Container Registry
64-
uses: docker/login-action@v3.6.0
78+
uses: docker/login-action@v4.1.0
6579
with:
6680
registry: ghcr.io
6781
username: ${{ inputs.repo_owner }}
@@ -78,18 +92,18 @@ jobs:
7892
id: gen_release
7993
run: |
8094
if [ -z ${{ github.event.release.tag_name }} ]; then
81-
IMAGE_VERSION=$(curl -s "https://api.github.com/repos/${{ inputs.repo_owner }}/docker-${{ inputs.app_name }}/releases" | jq -r '(sort_by(.published_at) | .[-1].tag_name)?')
95+
IMAGE_VERSION=$(curl -s "https://api.github.com/repos/${{ inputs.repo_owner }}/docker-${{ inputs.app_name }}/releases" | jq -r 'last((sort_by(.published_at) | .[] | select(.target_commitish == "${{ inputs.branch_name }}") | .tag_name)?)')
8296
if [ -z $IMAGE_VERSION ] || [ $IMAGE_VERSION == null ]; then
8397
case ${{ inputs.release_type }} in
8498
github)
8599
IMAGE_VERSION=$(curl -sX GET "${{ inputs.release_url }}/releases/latest" | awk '/tag_name/{print $4;exit}' FS='[""]');
86100
;;
87-
github_tag)
88-
IMAGE_VERSION=$(curl -sX GET "${{ inputs.release_url }}/tags" | jq -r 'first(.[] | select(.name | contains("${{ inputs.release_name }}") )) | .name');
89-
;;
90101
github_commit)
91102
IMAGE_VERSION=$(curl -sL "${{ inputs.release_url }}" | jq -r 'first(.[])' | cut -c1-8);
92103
;;
104+
github_tag)
105+
IMAGE_VERSION=$(curl -sX GET "${{ inputs.release_url }}/tags" | jq -r 'first(.[] | select(.name | contains("${{ inputs.release_name }}") )) | .name');
106+
;;
93107
alpine)
94108
IMAGE_VERSION=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/${{ inputs.release_url }}/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp && awk '/^P:'"${{ inputs.release_name }}"'$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://');
95109
;;
@@ -110,7 +124,7 @@ jobs:
110124
-
111125
name: Build and push
112126
id: build_push
113-
uses: docker/bake-action@v6.10.0
127+
uses: docker/bake-action@v7.0.0
114128
with:
115129
files: |
116130
./docker-bake.hcl
@@ -123,9 +137,55 @@ jobs:
123137
push: true
124138
provenance: false
125139
sbom: true
140+
-
141+
name: Create manifest for release
142+
if: ${{ github.event_name != 'pull_request' }}
143+
id: manifest
144+
run: |
145+
TAG=$(jq -r '.tags[0]' <<< $TAGS | cut -f 2- -d ':')
146+
for registry in ghcr.io; do
147+
if [[ ${{ github.event.repository.default_branch }} == ${{ inputs.branch_name }} ]]; then
148+
docker buildx imagetools create -t ${registry}/${MANIFESTIMAGE}:latest ${registry}/${MANIFESTIMAGE}:${TAG}
149+
fi
150+
done
151+
env:
152+
MANIFESTIMAGE: ${{ inputs.repo_owner }}/${{ inputs.app_name }}
153+
TAGS: ${{ steps.docker_meta.outputs.json }}
154+
-
155+
name: Commit release version
156+
if: ${{ github.event_name != 'pull_request' }}
157+
id: commit_release
158+
env:
159+
CI_COMMIT_MESSAGE: CI Build Workflow Updates
160+
run: |
161+
FILE_BASE64=$(base64 <<< "${{ steps.gen_release.outputs.app_version }}")
162+
FILE_BLOB=$(curl -L \
163+
-H "Accept: application/vnd.github.object" \
164+
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
165+
-H "X-GitHub-Api-Version: 2022-11-28" \
166+
https://api.github.com/repos/${{ inputs.repo_owner }}/docker-${{ inputs.app_name }}/contents/version.txt?ref=${{ inputs.branch_name }})
167+
if jq -re .sha <<< ${FILE_BLOB} 2> /dev/null; then
168+
FILE_SHA=$(jq -r .sha <<< ${FILE_BLOB})
169+
curl -L \
170+
-X PUT \
171+
-H "Accept: application/vnd.github+json" \
172+
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
173+
-H "X-GitHub-Api-Version: 2022-11-28" \
174+
https://api.github.com/repos/${{ inputs.repo_owner }}/docker-${{ inputs.app_name }}/contents/version.txt \
175+
-d "{\"branch\":\"${{ inputs.branch_name }}\",\"sha\":\"${FILE_SHA}\",\"message\":\"${{ env.CI_COMMIT_MESSAGE }}\",\"content\":\"${FILE_BASE64}\"}"
176+
else
177+
curl -L \
178+
-X PUT \
179+
-H "Accept: application/vnd.github+json" \
180+
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
181+
-H "X-GitHub-Api-Version: 2022-11-28" \
182+
https://api.github.com/repos/${{ inputs.repo_owner }}/docker-${{ inputs.app_name }}/contents/version.txt \
183+
-d "{\"branch\":\"${{ inputs.branch_name }}\",\"message\":\"${{ env.CI_COMMIT_MESSAGE }}\",\"content\":\"${FILE_BASE64}\"}"
184+
fi
126185
-
127186
name: Get Digest
128187
id: get_digest
188+
if: ${{ inputs.sign_image == 'true' }}
129189
env:
130190
BAKE_METADATA: ${{ steps.build_push.outputs.metadata }}
131191
run: |
@@ -135,6 +195,7 @@ jobs:
135195
-
136196
name: Load Key
137197
id: op-load-key
198+
if: ${{ inputs.sign_image == 'true' }}
138199
uses: 1password/load-secrets-action@v3
139200
with:
140201
export-env: true
@@ -144,6 +205,7 @@ jobs:
144205
COSIGN_PASSWORD: op://Labs/labs-sigstore-pass/password
145206
-
146207
name: Sign image with a key
208+
if: ${{ inputs.sign_image == 'true' }}
147209
run: |
148210
images=""
149211
for tag in ${TAGS}; do

0 commit comments

Comments
 (0)