|
6 | 6 | tags: |
7 | 7 | - "v[0-9]+.[0-9]+.[0-9]+*" |
8 | 8 |
|
9 | | -jobs: |
10 | | - cross-compile: |
11 | | - runs-on: ubuntu-latest |
12 | | - steps: |
13 | | - - name: Check out the repo |
14 | | - uses: actions/checkout@v3 |
15 | | - - name: Setup Go |
16 | | - uses: actions/setup-go@v3 |
17 | | - with: |
18 | | - go-version: "1.21" |
19 | | - - name: Cache Go |
20 | | - id: go-cache |
21 | | - uses: actions/cache@v3 |
22 | | - with: |
23 | | - path: | |
24 | | - ~/go/bin |
25 | | - ~/go/pkg/mod |
26 | | - key: go-cache-${{ runner.os }}-${{ hashFiles('**/go.sum') }} |
27 | | - - name: Install promu |
28 | | - run: make promu |
29 | | - shell: bash |
30 | | - - name: Build |
31 | | - run: ~/go/bin/promu -c .promu.yml crossbuild -v -p linux/amd64 -p linux/arm64 -p darwin/amd64 -p darwin/arm64 |
32 | | - - name: Upload Binaries |
33 | | - uses: actions/upload-artifact@v4 |
34 | | - with: |
35 | | - name: binaries |
36 | | - path: .build/* |
37 | | - include-hidden-files: true |
| 9 | +env: |
| 10 | + REGISTRY: ghcr.io |
| 11 | + IMAGE_NAME: ${{ github.repository }} |
38 | 12 |
|
| 13 | + |
| 14 | +jobs: |
39 | 15 | push_to_registries: |
40 | 16 | name: Push Docker image to multiple registries |
41 | 17 | runs-on: ubuntu-latest |
42 | 18 | permissions: |
| 19 | + attestations: write |
43 | 20 | packages: write |
44 | 21 | contents: read |
45 | 22 | id-token: write |
46 | | - needs: [cross-compile] |
| 23 | + |
47 | 24 | if: (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v')) |
48 | 25 | steps: |
49 | 26 | - name: Check out the repo |
50 | 27 | uses: actions/checkout@v3 |
51 | 28 |
|
| 29 | + - name: Set up QEMU |
| 30 | + uses: docker/setup-qemu-action@v3 |
| 31 | + |
52 | 32 | - name: Set up Docker Buildx |
53 | 33 | uses: docker/setup-buildx-action@v2 |
54 | 34 |
|
55 | | - - name: Sanitize branch name and create version |
56 | | - id: create-version |
57 | | - env: |
58 | | - BRANCH: ${{github.ref_name}} |
59 | | - RUN_NUMBER: ${{github.run_number}} |
60 | | - BASE_VERSION: "0.0.0" |
61 | | - run: | |
62 | | - # let's simply use the k8s namespace rules (even stricter) and have the same version(-suffix) for everything |
63 | | - # lowercase everything and replace all invalid characters with '-' and trim to 60 characters |
64 | | - SANITIZED_BRANCH=$(echo -n "${BRANCH}" | tr '[:upper:]' '[:lower:]' | tr -C 'a-z0-9' '-') |
65 | | - SANITIZED_BRANCH="${SANITIZED_BRANCH:0:60}" |
66 | | -
|
67 | | - BUILD_VERSION="${BASE_VERSION}-${SANITIZED_BRANCH}-${RUN_NUMBER}" |
68 | | - echo "BUILD_VERSION=${BUILD_VERSION}" | tee -a $GITHUB_ENV $GITHUB_OUTPUT |
69 | | -
|
70 | | - - name: Download Binaries |
71 | | - uses: actions/download-artifact@v4 |
72 | | - with: |
73 | | - name: binaries |
74 | | - path: .build/ |
75 | | - include-hidden-files: true |
76 | | - |
77 | | - - run: chmod +x .build/**/* |
78 | | - |
79 | | - - id: login-gcp |
80 | | - name: Authenticate with Google Cloud |
81 | | - uses: google-github-actions/auth@v2 |
82 | | - with: |
83 | | - token_format: access_token |
84 | | - workload_identity_provider: ${{secrets.GCR_WORKLOAD_IDENTITY_PROVIDER}} |
85 | | - service_account: ${{secrets.GCR_SERVICE_ACCOUNT}} |
86 | | - access_token_lifetime: 1800s |
87 | | - |
88 | | - - name: Log in to EU registry |
89 | | - uses: docker/login-action@v2 |
90 | | - with: |
91 | | - registry: us-docker.pkg.dev |
92 | | - username: oauth2accesstoken |
93 | | - password: ${{ steps.login-gcp.outputs.access_token }} |
94 | 35 |
|
95 | | - - name: Log in to EU registry |
96 | | - uses: docker/login-action@v2 |
| 36 | + - name: Log in to the Container registry |
| 37 | + uses: docker/login-action@v3 |
97 | 38 | with: |
98 | | - registry: europe-docker.pkg.dev |
99 | | - username: oauth2accesstoken |
100 | | - password: ${{ steps.login-gcp.outputs.access_token }} |
| 39 | + registry: ${{ env.REGISTRY }} |
| 40 | + username: ${{ github.actor }} |
| 41 | + password: ${{ secrets.GITHUB_TOKEN }} |
101 | 42 |
|
102 | | - - name: Log in to Asia registry |
103 | | - uses: docker/login-action@v2 |
| 43 | + - name: Extract metadata (tags, labels) for Docker |
| 44 | + id: meta |
| 45 | + uses: docker/metadata-action@v5 |
104 | 46 | with: |
105 | | - registry: asia-docker.pkg.dev |
106 | | - username: oauth2accesstoken |
107 | | - password: ${{ steps.login-gcp.outputs.access_token }} |
| 47 | + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} |
108 | 48 |
|
109 | 49 | - name: build and push |
110 | 50 | uses: docker/build-push-action@v5 |
|
113 | 53 | context: . |
114 | 54 | file: Dockerfile |
115 | 55 | platforms: linux/amd64,linux/arm64,darwin/arm64,darwin/amd64 |
116 | | - tags: | |
117 | | - ${{secrets.GCR_ASIA_IMAGE}}:${{steps.create-version.outputs.BUILD_VERSION}} |
118 | | - ${{secrets.GCR_EUROPE_IMAGE}}:${{steps.create-version.outputs.BUILD_VERSION}} |
119 | | - ${{secrets.GCR_US_IMAGE}}:${{steps.create-version.outputs.BUILD_VERSION}} |
| 56 | + tags: ${{ steps.meta.outputs.tags }} |
| 57 | + labels: ${{ steps.meta.outputs.labels }} |
0 commit comments