Docker #3943
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker | ||
| on: | ||
| push: | ||
| paths-ignore: | ||
| - 'docs/**' | ||
| branches-ignore: ["dependabot/**"] | ||
| pull_request: | ||
| paths-ignore: | ||
| - 'docs/**' | ||
| push: | ||
| tags: | ||
| - '*.*.*' | ||
| workflow_dispatch: | ||
| concurrency: | ||
| group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} | ||
| cancel-in-progress: true | ||
| permissions: | ||
| contents: read | ||
| # adapted from https://raw.githubusercontent.com/stefanprodan/podinfo/master/.github/workflows/release.yml | ||
| # | ||
| jobs: | ||
| containers: | ||
| name: ${{ matrix.container }} Container - ${{ matrix.runner }} | ||
| strategy: | ||
| matrix: | ||
| container: ["proj"] | ||
| runner: [ubuntu-24.04, ubuntu-24.04-arm] | ||
| dockerfile: ["./Dockerfile"] | ||
| include: | ||
| - container: "proj-docs" | ||
| dockerfile: "./docs/docbuild/Dockerfile" | ||
| runner: "ubuntu-24.04" | ||
| runs-on: ${{ matrix.runner }} | ||
| permissions: | ||
| contents: read | ||
| packages: write | ||
| attestations: write | ||
| id-token: write | ||
| env: | ||
| # Only push proj-docs package for master | ||
| PUSH_PACKAGES: ${{ github.repository_owner == 'OSGeo' && github.event_name != 'pull_request' && (matrix.container == 'proj' || (matrix.container == 'proj-docs' && github.ref_name == 'master')) }} | ||
| CONTAINER: ${{ matrix.container }} | ||
| steps: | ||
| - uses: actions/checkout@v6 | ||
| - name: Lint | ||
| id: lint | ||
| run: | | ||
| echo "are we pushing packages" ${{ env.PUSH_PACKAGES }} | ||
| echo "event_name" ${{ github.event_name }} | ||
| echo "ref" ${{ github.ref }} | ||
| - name: Set up Docker | ||
| uses: docker/setup-docker-action@v4 | ||
| with: | ||
| daemon-config: | | ||
| { | ||
| "debug": false, | ||
| "features": { | ||
| "containerd-snapshotter": true | ||
| } | ||
| } | ||
| - name: Setup Docker Buildx | ||
| id: buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
| with: | ||
| version: latest | ||
| - name: Login to GitHub Container Registry | ||
| if: env.PUSH_PACKAGES == 'true' | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| registry: ghcr.io | ||
| username: ${{ github.repository_owner }} | ||
| password: ${{ secrets.GHCR_TOKEN }} | ||
| - name: Login to Docker Hub | ||
| if: env.PUSH_PACKAGES == 'true' | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| username: ${{ secrets.DOCKER_USERNAME }} | ||
| password: ${{ secrets.DOCKER_PASSWORD }} | ||
| - name: Extract container metadata | ||
| id: meta | ||
| uses: docker/metadata-action@v5 | ||
| with: | ||
| images: | | ||
| ghcr.io/osgeo/${{ matrix.container }} | ||
| docker.io/osgeo/${{ matrix.container }} | ||
| tags: | | ||
| type=ref,event=branch | ||
| type=ref,event=pr | ||
| type=semver,pattern={{version}} | ||
| type=semver,pattern={{major}}.{{minor}} | ||
| env: | ||
| DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index | ||
| - name: Prepare | ||
| id: prep | ||
| run: | | ||
| VERSION=sha-${GITHUB_SHA::8} | ||
| if [[ $GITHUB_REF == refs/tags/* ]]; then | ||
| VERSION=${GITHUB_REF/refs\/tags\//} | ||
| # 9.8.0-x --> 9.8.0 | ||
| VERSION=$(echo $VERSION | sed "s/-.*//" ) | ||
| fi | ||
| echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT | ||
| echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT | ||
| runner=${{ matrix.runner }} | ||
| if [[ "$runner" == *"-arm" ]]; then | ||
| ARCH=arm64 | ||
| else | ||
| ARCH=amd64 | ||
| fi | ||
| echo "ARCH=$ARCH" >> $GITHUB_OUTPUT | ||
| - name: Build docs image | ||
| uses: docker/build-push-action@v6 | ||
| if: matrix.container == 'proj-docs' | ||
| with: | ||
| push: ${{ env.PUSH_PACKAGES == 'true' }} | ||
| builder: ${{ steps.buildx.outputs.name }} | ||
| context: . | ||
| file: ${{ matrix.dockerfile }} | ||
| platforms: linux/amd64 | ||
| tags: | | ||
| docker.io/osgeo/${{ matrix.container }}:${{ steps.prep.outputs.VERSION }} | ||
| docker.io/osgeo/${{ matrix.container }}:latest | ||
| ghcr.io/osgeo/${{ matrix.container }}:${{ steps.prep.outputs.VERSION }} | ||
| ghcr.io/osgeo/${{ matrix.container }}:latest | ||
| labels: | | ||
| org.opencontainers.image.title=${{ github.event.repository.name }} | ||
| org.opencontainers.image.description=${{ github.event.repository.description }} | ||
| org.opencontainers.image.source=${{ github.event.repository.html_url }} | ||
| org.opencontainers.image.url=${{ github.event.repository.html_url }} | ||
| org.opencontainers.image.revision=${{ github.sha }} | ||
| org.opencontainers.image.version=${{ steps.prep.outputs.VERSION }} | ||
| org.opencontainers.image.created=${{ steps.prep.outputs.BUILD_DATE }} | ||
| - name: Prepare tags | ||
| id: prep_tags | ||
| run: | | ||
| TAGS="docker.io/osgeo/${{ matrix.container }}:${{ steps.prep.outputs.VERSION }}-${{ steps.prep.outputs.ARCH }} | ||
| ghcr.io/osgeo/${{ matrix.container }}:${{ steps.prep.outputs.VERSION }}-${{ steps.prep.outputs.ARCH }}" | ||
| if [ "${GITHUB_REF}" = "refs/heads/master" ]; then | ||
| TAGS="$TAGS | ||
| docker.io/osgeo/${{ matrix.container }}:latest-${{ steps.prep.outputs.ARCH }} | ||
| ghcr.io/osgeo/${{ matrix.container }}:latest"-${{ steps.prep.outputs.ARCH }}" | ||
| fi | ||
| echo "tags<<EOF" >> $GITHUB_OUTPUT | ||
| echo "$TAGS" >> $GITHUB_OUTPUT | ||
| echo "EOF" >> $GITHUB_OUTPUT | ||
| - name: Build image | ||
| uses: docker/build-push-action@v6 | ||
| id: push | ||
| if: matrix.container == 'proj' | ||
| with: | ||
| push: ${{ env.PUSH_PACKAGES == 'true' }} | ||
| builder: ${{ steps.buildx.outputs.name }} | ||
| context: . | ||
| file: ${{ matrix.dockerfile }} | ||
| platforms: linux/${{ steps.prep.outputs.ARCH }} | ||
| tags: | | ||
| tags: ${{ steps.prep_tags.outputs.tags }} | ||
| labels: | | ||
| org.opencontainers.image.title=${{ github.event.repository.name }} | ||
| org.opencontainers.image.description=${{ github.event.repository.description }} | ||
| org.opencontainers.image.source=${{ github.event.repository.html_url }} | ||
| org.opencontainers.image.url=${{ github.event.repository.html_url }} | ||
| org.opencontainers.image.revision=${{ github.sha }} | ||
| org.opencontainers.image.version=${{ steps.prep.outputs.VERSION }} | ||
| org.opencontainers.image.created=${{ steps.prep.outputs.BUILD_DATE }} | ||
| - name: Generate artifact attestation | ||
| if: ${{ env.PUSH_PACKAGES == 'true' && matrix.container == 'proj' }} | ||
| uses: actions/attest-build-provenance@v3 | ||
| with: | ||
| subject-name: ghcr.io/osgeo/proj | ||
| subject-digest: ${{ steps.push.outputs.digest }} | ||
| push-to-registry: ${{ env.PUSH_PACKAGES == 'true' }} | ||
| create-manifest: | ||
| permissions: | ||
| contents: read | ||
| packages: write | ||
| attestations: write | ||
| id-token: write | ||
| runs-on: ubuntu-latest | ||
| env: | ||
| PUSH_PACKAGES: ${{ github.repository_owner == 'OSGeo' && github.event_name != 'pull_request' }} | ||
| needs: containers | ||
| steps: | ||
| - name: Login to GitHub Container Registry | ||
| uses: docker/login-action@v3 | ||
| if: env.PUSH_PACKAGES == 'true' | ||
| with: | ||
| registry: ghcr.io | ||
| username: ${{ github.actor }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: Login to Docker Hub | ||
| uses: docker/login-action@v3 | ||
| if: env.PUSH_PACKAGES == 'true' | ||
| with: | ||
| username: ${{ secrets.DOCKER_USERNAME }} | ||
| password: ${{ secrets.DOCKER_PASSWORD }} | ||
| - name: Prepare | ||
| id: prep | ||
| run: | | ||
| VERSION=sha-${GITHUB_SHA::8} | ||
| if [[ $GITHUB_REF == refs/tags/* ]]; then | ||
| VERSION=${GITHUB_REF/refs\/tags\//} | ||
| # 9.8.0-x --> 9.8.0 | ||
| VERSION=$(echo $VERSION | sed "s/-.*//" ) | ||
| fi | ||
| echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT | ||
| - name: Create and push multi-platform manifest | ||
| if: env.PUSH_PACKAGES == 'true' | ||
| run: | | ||
| docker buildx imagetools create \ | ||
| -t ghcr.io/osgeo/proj:${{ steps.prep.outputs.VERSION }} \ | ||
| ghcr.io/osgeo/proj:${{ steps.prep.outputs.VERSION }}-amd64 \ | ||
| ghcr.io/osgeo/proj:${{ steps.prep.outputs.VERSION }}-arm64 | ||
| docker buildx imagetools create \ | ||
| -t osgeo/proj:${{ steps.prep.outputs.VERSION }} \ | ||
| osgeo/proj:${{ steps.prep.outputs.VERSION }}-amd64 \ | ||
| osgeo/proj:${{ steps.prep.outputs.VERSION }}-arm64 | ||
| if [ "${GITHUB_REF}" = "refs/heads/master" ]; then | ||
| docker buildx imagetools create \ | ||
| -t ghcr.io/osgeo/proj:latest \ | ||
| ghcr.io/osgeo/proj:latest-amd64 \ | ||
| ghcr.io/osgeo/proj:latest-arm64 | ||
| docker buildx imagetools create \ | ||
| -t osgeo/proj:latest \ | ||
| osgeo/proj:latest-amd64 \ | ||
| osgeo/proj:latest-arm64 | ||
| fi | ||
