push - pull request - master only #19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: docker-compose-ci | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: ["master"] | |
| tags: ["v*.*.*"] | |
| pull_request: | |
| branches: ["master"] | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| concurrency: | |
| group: docker-compose-ci-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| REPO_SLUG: centralized-logging | |
| DOCKERHUB_NAMESPACE: "" # optional mirroring | |
| PLATFORMS: linux/amd64,linux/arm64 | |
| jobs: | |
| images: | |
| name: Build and Push Images (GHCR) | |
| runs-on: ubuntu-latest | |
| if: > | |
| github.event_name == 'workflow_dispatch' || | |
| startsWith(github.ref, 'refs/heads/master') || | |
| startsWith(github.ref, 'refs/tags/v') | |
| env: | |
| DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
| DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: { fetch-depth: 0 } | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| # Build JSON arrays of tags for each service | |
| - name: Compute tags (JSON arrays) | |
| id: tags | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| OWNER_LC="${GITHUB_REPOSITORY_OWNER,,}" | |
| REPO_SLUG="${REPO_SLUG}" | |
| REF="${GITHUB_REF}" | |
| user_tags=( "ghcr.io/${OWNER_LC}/${REPO_SLUG}/userapi:edge" ) | |
| api_tags=( "ghcr.io/${OWNER_LC}/${REPO_SLUG}/api:edge" ) | |
| web_tags=( "ghcr.io/${OWNER_LC}/${REPO_SLUG}/web:edge" ) | |
| if [[ "$REF" == "refs/heads/master" ]]; then | |
| user_tags+=( "ghcr.io/${OWNER_LC}/${REPO_SLUG}/userapi:latest" ) | |
| api_tags+=( "ghcr.io/${OWNER_LC}/${REPO_SLUG}/api:latest" ) | |
| web_tags+=( "ghcr.io/${OWNER_LC}/${REPO_SLUG}/web:latest" ) | |
| fi | |
| if [[ "$REF" == refs/tags/v* ]]; then | |
| ver="${REF#refs/tags/}" # vX.Y.Z | |
| short="${ver#v}" # X.Y.Z | |
| minor="${short%.*}" # X.Y | |
| user_tags+=( "ghcr.io/${OWNER_LC}/${REPO_SLUG}/userapi:${ver}" "ghcr.io/${OWNER_LC}/${REPO_SLUG}/userapi:${minor}" ) | |
| api_tags+=( "ghcr.io/${OWNER_LC}/${REPO_SLUG}/api:${ver}" "ghcr.io/${OWNER_LC}/${REPO_SLUG}/api:${minor}" ) | |
| web_tags+=( "ghcr.io/${OWNER_LC}/${REPO_SLUG}/web:${ver}" "ghcr.io/${OWNER_LC}/${REPO_SLUG}/web:${minor}" ) | |
| fi | |
| # emit JSON arrays | |
| printf 'user_tags_json=%s\n' "$(printf '%s\n' "${user_tags[@]}" | jq -R . | jq -s .)" >> "$GITHUB_OUTPUT" | |
| printf 'api_tags_json=%s\n' "$(printf '%s\n' "${api_tags[@]}" | jq -R . | jq -s .)" >> "$GITHUB_OUTPUT" | |
| printf 'web_tags_json=%s\n' "$(printf '%s\n' "${web_tags[@]}" | jq -R . | jq -s .)" >> "$GITHUB_OUTPUT" | |
| - name: Login to GHCR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: (Optional) Login to Docker Hub | |
| if: ${{ env.DOCKERHUB_NAMESPACE != '' && env.DOCKERHUB_USERNAME != '' && env.DOCKERHUB_TOKEN != '' }} | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ env.DOCKERHUB_USERNAME }} | |
| password: ${{ env.DOCKERHUB_TOKEN }} | |
| - name: Restore build cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ runner.os }}-buildx-${{ github.sha }} | |
| restore-keys: ${{ runner.os }}-buildx- | |
| - name: Bake and Push (multi-arch) | |
| uses: docker/bake-action@v5 | |
| with: | |
| files: ./docker-bake.hcl | |
| push: true | |
| set: | | |
| *.platform=${{ env.PLATFORMS }} | |
| *.cache-from=type=local,src=/tmp/.buildx-cache | |
| *.cache-to=type=local,dest=/tmp/.buildx-cache-new,mode=max | |
| *.labels.org.opencontainers.image.revision=${{ github.sha }} | |
| userapi.tags=${{ steps.tags.outputs.user_tags_json }} | |
| api.tags=${{ steps.tags.outputs.api_tags_json }} | |
| web.tags=${{ steps.tags.outputs.web_tags_json }} | |
| - name: Save build cache | |
| if: always() | |
| run: | | |
| rm -rf /tmp/.buildx-cache | |
| mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
| - name: Mirror to Docker Hub (optional) | |
| if: ${{ env.DOCKERHUB_NAMESPACE != '' && env.DOCKERHUB_USERNAME != '' && env.DOCKERHUB_TOKEN != '' }} | |
| run: | | |
| set -euo pipefail | |
| mirror() { local svc="$1"; local json="$2"; \ | |
| mapfile -t arr < <(jq -r '.[]' <<<"$json"); \ | |
| for img in "${arr[@]}"; do | |
| tag="${img##*:}" | |
| hub="${DOCKERHUB_NAMESPACE}/${REPO_SLUG}-${svc}:${tag}" | |
| echo "Mirroring $img -> $hub" | |
| docker pull "$img" | |
| docker tag "$img" "$hub" | |
| docker push "$hub" | |
| done | |
| } | |
| mirror userapi '${{ steps.tags.outputs.user_tags_json }}' | |
| mirror api '${{ steps.tags.outputs.api_tags_json }}' | |
| mirror web '${{ steps.tags.outputs.web_tags_json }}' |