Skip to content

Commit 548fed3

Browse files
authored
Publish Docker Containers used on CI to GHCR (#1152)
Fixes [SKIKO-1081](https://youtrack.jetbrains.com/issue/SKIKO-1081) Make docker images for building skiko publicly available The Skiko project previously used a private Docker registry (`registry.jetbrains.team/p/ui/skiko-docker`) for build containers, which required secrets for authentication. This prevented CI verification from fork PRs even after manual approval. The change migrates to GitHub Container Registry (GHCR), making containers publicly accessible and enabling CI to run on fork PRs. Containers built: https://github.com/orgs/JetBrains/packages?repo_name=skiko Triggers: - Push to master: Automatically builds and publishes all Docker images - Pull requests: Builds images in dry-run mode (no publishing) for verification - Manual workflow dispatch: Option to publish or just build - File changes: Triggers on changes to `skiko/docker/**` or the workflow itself
1 parent d709bbb commit 548fed3

File tree

4 files changed

+255
-24
lines changed

4 files changed

+255
-24
lines changed
Lines changed: 61 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,61 @@
1+
name: 'Docker Publish'
2+
description: 'Build and optionally publish a Docker image to a registry'
3+
4+
inputs:
5+
registry:
6+
description: 'Docker registry (e.g., ghcr.io)'
7+
required: true
8+
namespace:
9+
description: 'Image namespace (e.g., owner/repo)'
10+
required: true
11+
image_name:
12+
description: 'Image name (e.g., linux-amd64)'
13+
required: true
14+
context:
15+
description: 'Build context path (e.g., ./skiko/docker/linux-amd64)'
16+
required: true
17+
platforms:
18+
description: 'Target platforms (e.g., linux/amd64 or linux/amd64,linux/arm64)'
19+
required: true
20+
tag:
21+
description: 'Image tag (e.g., ubuntu-2004)'
22+
required: true
23+
should_publish:
24+
description: 'Whether to push the image to the registry'
25+
required: true
26+
github_token:
27+
description: 'GitHub token for authentication'
28+
required: true
29+
30+
runs:
31+
using: 'composite'
32+
steps:
33+
- name: 'Set up Docker Buildx'
34+
uses: docker/setup-buildx-action@v3
35+
36+
- name: 'Log into registry'
37+
if: inputs.should_publish == 'true'
38+
uses: docker/login-action@v3
39+
with:
40+
registry: ${{ inputs.registry }}
41+
username: ${{ github.actor }}
42+
password: ${{ inputs.github_token }}
43+
44+
- name: 'Extract metadata'
45+
id: meta
46+
uses: docker/metadata-action@v5
47+
with:
48+
images: ${{ inputs.registry }}/${{ inputs.namespace }}/${{ inputs.image_name }}
49+
tags: |
50+
type=raw,value=${{ inputs.tag }}
51+
52+
- name: 'Build and push'
53+
uses: docker/build-push-action@v5
54+
with:
55+
context: ${{ inputs.context }}
56+
platforms: ${{ inputs.platforms }}
57+
push: ${{ inputs.should_publish == 'true' }}
58+
tags: ${{ steps.meta.outputs.tags }}
59+
labels: ${{ steps.meta.outputs.labels }}
60+
cache-from: type=gha
61+
cache-to: type=gha,mode=max
Lines changed: 188 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,188 @@
1+
name: Docker Build and Publish
2+
3+
on:
4+
workflow_dispatch:
5+
inputs:
6+
publish:
7+
description: 'Publish to registry (if false, only dry-run build)'
8+
required: false
9+
type: boolean
10+
default: true
11+
push:
12+
branches:
13+
- master
14+
paths:
15+
- 'skiko/docker/**'
16+
- '.github/workflows/docker-publish.yml'
17+
pull_request:
18+
paths:
19+
- 'skiko/docker/**'
20+
- '.github/workflows/docker-publish.yml'
21+
22+
env:
23+
REGISTRY: ghcr.io
24+
25+
jobs:
26+
# Determine if we should publish (only on push to master or manual trigger with publish=true)
27+
config:
28+
name: 'Configuration'
29+
runs-on: ubuntu-24.04
30+
outputs:
31+
should_publish: ${{ steps.vars.outputs.should_publish }}
32+
image_namespace: ${{ steps.vars.outputs.image_namespace }}
33+
steps:
34+
- id: vars
35+
name: 'Set Variables'
36+
run: |
37+
if [[ "${{ github.event_name }}" == "push" && "${{ github.ref }}" == "refs/heads/master" ]]; then
38+
echo "should_publish=true" >> $GITHUB_OUTPUT
39+
elif [[ "${{ github.event_name }}" == "workflow_dispatch" && "${{ github.event.inputs.publish }}" == "true" ]]; then
40+
echo "should_publish=true" >> $GITHUB_OUTPUT
41+
else
42+
echo "should_publish=false" >> $GITHUB_OUTPUT
43+
fi
44+
echo "image_namespace=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
45+
46+
linux-amd64:
47+
name: 'Docker Linux (x64)'
48+
runs-on: ubuntu-24.04
49+
needs: config
50+
permissions:
51+
contents: read
52+
packages: write
53+
steps:
54+
- uses: actions/checkout@v4
55+
name: 'Check out code'
56+
57+
- uses: ./.github/actions/docker-publish
58+
name: 'Build and Publish Docker Image'
59+
with:
60+
registry: ${{ env.REGISTRY }}
61+
namespace: ${{ needs.config.outputs.image_namespace }}
62+
image_name: linux-amd64
63+
context: ./skiko/docker/linux-amd64
64+
platforms: linux/amd64
65+
tag: ubuntu-2004
66+
should_publish: ${{ needs.config.outputs.should_publish }}
67+
github_token: ${{ secrets.GITHUB_TOKEN }}
68+
69+
linux-arm64:
70+
name: 'Docker Linux (arm64)'
71+
runs-on: ubuntu-24.04
72+
needs: config
73+
permissions:
74+
contents: read
75+
packages: write
76+
steps:
77+
- uses: actions/checkout@v4
78+
name: 'Check out code'
79+
80+
- uses: ./.github/actions/docker-publish
81+
name: 'Build and Publish Docker Image'
82+
with:
83+
registry: ${{ env.REGISTRY }}
84+
namespace: ${{ needs.config.outputs.image_namespace }}
85+
image_name: linux-arm64
86+
context: ./skiko/docker/linux-arm64
87+
platforms: linux/arm64
88+
tag: ubuntu-2004
89+
should_publish: ${{ needs.config.outputs.should_publish }}
90+
github_token: ${{ secrets.GITHUB_TOKEN }}
91+
92+
linux-android-amd64:
93+
name: 'Docker Linux with Android SDK (x64)'
94+
runs-on: ubuntu-24.04
95+
needs: config
96+
permissions:
97+
contents: read
98+
packages: write
99+
steps:
100+
- uses: actions/checkout@v4
101+
name: 'Check out code'
102+
103+
- uses: ./.github/actions/docker-publish
104+
name: 'Build and Publish Docker Image'
105+
with:
106+
registry: ${{ env.REGISTRY }}
107+
namespace: ${{ needs.config.outputs.image_namespace }}
108+
image_name: linux-android-amd64
109+
context: ./skiko/docker/linux-android-amd64
110+
platforms: linux/amd64
111+
tag: ubuntu-2004
112+
should_publish: ${{ needs.config.outputs.should_publish }}
113+
github_token: ${{ secrets.GITHUB_TOKEN }}
114+
115+
linux-emscripten-amd64:
116+
name: 'Docker Linux with Emscripten (x64)'
117+
runs-on: ubuntu-24.04
118+
needs: config
119+
permissions:
120+
contents: read
121+
packages: write
122+
steps:
123+
- uses: actions/checkout@v4
124+
name: 'Check out code'
125+
126+
- uses: ./.github/actions/docker-publish
127+
name: 'Build and Publish Docker Image'
128+
with:
129+
registry: ${{ env.REGISTRY }}
130+
namespace: ${{ needs.config.outputs.image_namespace }}
131+
image_name: linux-emscripten-amd64
132+
context: ./skiko/docker/linux-emscripten-amd64
133+
platforms: linux/amd64
134+
tag: ubuntu-2004
135+
should_publish: ${{ needs.config.outputs.should_publish }}
136+
github_token: ${{ secrets.GITHUB_TOKEN }}
137+
138+
linux-compat:
139+
name: 'Docker Linux (Compatibility)'
140+
runs-on: ubuntu-24.04
141+
needs: config
142+
permissions:
143+
contents: read
144+
packages: write
145+
steps:
146+
- uses: actions/checkout@v4
147+
name: 'Check out code'
148+
149+
- uses: ./.github/actions/docker-publish
150+
name: 'Build and Publish Docker Image'
151+
with:
152+
registry: ${{ env.REGISTRY }}
153+
namespace: ${{ needs.config.outputs.image_namespace }}
154+
image_name: linux-compat
155+
context: ./skiko/docker/linux-compat
156+
platforms: linux/amd64,linux/arm64
157+
tag: amazonlinux2-latest
158+
should_publish: ${{ needs.config.outputs.should_publish }}
159+
github_token: ${{ secrets.GITHUB_TOKEN }}
160+
161+
windows:
162+
name: 'Docker Windows'
163+
runs-on: windows-2022
164+
needs: config
165+
permissions:
166+
contents: read
167+
packages: write
168+
steps:
169+
- uses: actions/checkout@v4
170+
name: 'Check out code'
171+
172+
- name: 'Log in to GitHub Container Registry'
173+
if: needs.config.outputs.should_publish == 'true'
174+
shell: pwsh
175+
run: |
176+
echo "${{ secrets.GITHUB_TOKEN }}" | docker login ${{ env.REGISTRY }} -u ${{ github.actor }} --password-stdin
177+
178+
- name: 'Build Image'
179+
shell: pwsh
180+
working-directory: ./skiko/docker/windows
181+
run: |
182+
docker build -t ${{ env.REGISTRY }}/${{ needs.config.outputs.image_namespace }}/windows-amd64:ltsc2022 -m 2G .
183+
184+
- name: 'Push Image'
185+
if: needs.config.outputs.should_publish == 'true'
186+
shell: pwsh
187+
run: |
188+
docker push ${{ env.REGISTRY }}/${{ needs.config.outputs.image_namespace }}/windows-amd64:ltsc2022

.github/workflows/publish-dry-run.yml

Lines changed: 3 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -10,10 +10,7 @@ jobs:
1010
Android:
1111
runs-on: ubuntu-24.04
1212
container:
13-
image: registry.jetbrains.team/p/ui/skiko-docker/skiko-build-linux-android-amd64:ubuntu-2004
14-
credentials:
15-
username: ${{ secrets.SPACE_DOCKER_REGISTRY_USER }}
16-
password: ${{ secrets.SPACE_DOCKER_REGISTRY_TOKEN }}
13+
image: ghcr.io/jetbrains/skiko/linux-android-amd64:ubuntu-2004
1714
steps:
1815
- uses: actions/checkout@v3
1916
name: 'Check out code'
@@ -38,10 +35,7 @@ jobs:
3835
Web:
3936
runs-on: ubuntu-24.04
4037
container:
41-
image: registry.jetbrains.team/p/ui/skiko-docker/skiko-build-linux-emscripten-amd64:ubuntu-2004
42-
credentials:
43-
username: ${{ secrets.SPACE_DOCKER_REGISTRY_USER }}
44-
password: ${{ secrets.SPACE_DOCKER_REGISTRY_TOKEN }}
38+
image: ghcr.io/jetbrains/skiko/linux-emscripten-amd64:ubuntu-2004
4539
steps:
4640
- uses: actions/checkout@v3
4741
name: 'Check out code'
@@ -59,10 +53,7 @@ jobs:
5953
Linux:
6054
runs-on: ubuntu-24.04
6155
container:
62-
image: registry.jetbrains.team/p/ui/skiko-docker/skiko-build-linux-amd64:ubuntu-2004
63-
credentials:
64-
username: ${{ secrets.SPACE_DOCKER_REGISTRY_USER }}
65-
password: ${{ secrets.SPACE_DOCKER_REGISTRY_TOKEN }}
56+
image: ghcr.io/jetbrains/skiko/linux-amd64:ubuntu-2004
6657
steps:
6758
- uses: actions/checkout@v3
6859
name: 'Check out code'

.github/workflows/tests.yml

Lines changed: 3 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -162,10 +162,7 @@ jobs:
162162
name: 'Linux (x64)'
163163
runs-on: ubuntu-24.04
164164
container:
165-
image: registry.jetbrains.team/p/ui/skiko-docker/skiko-build-linux-amd64:ubuntu-2004
166-
credentials:
167-
username: ${{ secrets.SPACE_DOCKER_REGISTRY_USER }}
168-
password: ${{ secrets.SPACE_DOCKER_REGISTRY_TOKEN }}
165+
image: ghcr.io/jetbrains/skiko/linux-amd64:ubuntu-2004
169166
steps:
170167
- uses: actions/checkout@v3
171168
name: 'Check out code'
@@ -217,10 +214,7 @@ jobs:
217214
name: 'Cross-compile Linux (arm) on x64'
218215
runs-on: ubuntu-24.04
219216
container:
220-
image: registry.jetbrains.team/p/ui/skiko-docker/skiko-build-linux-amd64:ubuntu-2004
221-
credentials:
222-
username: ${{ secrets.SPACE_DOCKER_REGISTRY_USER }}
223-
password: ${{ secrets.SPACE_DOCKER_REGISTRY_TOKEN }}
217+
image: ghcr.io/jetbrains/skiko/linux-amd64:ubuntu-2004
224218
steps:
225219
- uses: actions/checkout@v3
226220
name: 'Check out code'
@@ -249,10 +243,7 @@ jobs:
249243
needs: linux-cross-compile
250244
runs-on: ubuntu-24.04-arm
251245
container:
252-
image: registry.jetbrains.team/p/ui/skiko-docker/skiko-build-linux-arm64:ubuntu-2004
253-
credentials:
254-
username: ${{ secrets.SPACE_DOCKER_REGISTRY_USER }}
255-
password: ${{ secrets.SPACE_DOCKER_REGISTRY_TOKEN }}
246+
image: ghcr.io/jetbrains/skiko/linux-arm64:ubuntu-2004
256247
steps:
257248
- uses: actions/checkout@v3
258249
name: 'Check out code'

0 commit comments

Comments
 (0)