db-backup-runner/.github/workflows/docker.yml at main · burgdev/db-backup-runner · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
name: Build Docker

# Configures this workflow to run every time a change is pushed to the branch called `release`.
on:
  push:
    branches:
      - main
    tags:
      - "v*.*.*"
  workflow_dispatch:
    inputs:
      custom_tag:
        description: "Tag name"
        required: true
        default: "feature"
  repository_dispatch:
    types: [new-tag-created]

env:
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}

jobs:
  check-label:
    runs-on: ubuntu-latest
    outputs:
      skip: ${{ steps.labelcheck.outputs.skip }}
    steps:
      - name: Get PR for commit
        id: get_pr
        uses: actions-ecosystem/action-get-merged-pull-request@v1
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}

      - name: Check labels
        id: labelcheck
        run: |
          LABELS="${{ steps.get_pr.outputs.labels }}"
          echo "Labels: $LABELS"
          if echo "$LABELS" | grep -q "NO_DOCKER"; then
            echo "skip=true" >> $GITHUB_OUTPUT
          else
            echo "skip=false" >> $GITHUB_OUTPUT
          fi

  build-and-push-image:
    runs-on: ubuntu-latest
    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
    permissions:
      contents: read
      packages: write
      attestations: write
      id-token: write
    needs: check-label
    if: needs.check-label.outputs.skip != 'true'
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      - name: Log in to the Container registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Determine version
        id: determine-version
        run: |
          if [ "${{ github.event_name }}" == "repository_dispatch" ]; then
            VERSION=${{ github.event.client_payload.version }}
            LATEST="latest"
          elif [[ "${{ github.ref }}" == refs/tags/v* ]]; then
            VERSION=${{ github.ref_name }}
            LATEST="latest"
          else
            VERSION=""
            LATEST=""
          fi

          MAJOR=$(echo $VERSION | cut -d. -f1)
          MINOR=$(echo $VERSION | cut -d. -f1-2)
          echo "VERSION=$VERSION" >> $GITHUB_ENV
          echo "VERSION_MINOR=$MINOR" >> $GITHUB_ENV
          echo "VERSION_MAJOR=$MAJOR" >> $GITHUB_ENV
          echo "LATEST=$LATEST" >> $GITHUB_ENV

      # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about)
      # to extract tags and labels that will be applied to the specified image.
      # The `id` "meta" allows the output of this step to be referenced in a subsequent step.
      # The `images` value provides the base name for the tags and labels.
      - name: Extract metadata (tags, labels) for Docker
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
          tags: |
            # Add 'edge' tag for main and develop branches
            type=edge,pattern=main
            type=edge,pattern=develop
            type=sha # create a sha tag
            # Use a custom tag if manually dispatched
            type=raw,value=${{ github.event.inputs.custom_tag || '' }}

            # Use the semantic version if provided explicitly
            type=raw,value=${{ env.VERSION }}
            type=raw,value=${{ env.VERSION_MINOR }}
            type=raw,value=${{ env.VERSION_MAJOR }}
            type=raw,value=${{ env.LATEST }}
            ## Semantic version tags
            #type=semver,pattern={{version}}
            #type=semver,pattern={{major}}.{{minor}}
            #type=semver,pattern={{major}}

      # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`.
      # If the build succeeds, it pushes the image to GitHub Packages.
      # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.
      - name: Build and push Docker image
        id: push
        uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
        with:
          context: .
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}

      ## not included at the moment
      ## # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built.
      ## # It increases supply chain security for people who consume the image.
      ## - name: Generate artifact attestation
      ##   uses: actions/attest-build-provenance@v2
      ##   with:
      ##     subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
      ##     subject-digest: ${{ steps.push.outputs.digest }}
      ##     push-to-registry: false