Merge pull request #285 from perfectra1n/develop

Add CI/CD step for DockerHub containers

Author: eliandoran

.github/workflows/main.yml

@@ -2,20 +2,21 @@ name: Main
 on:
   push:
     branches:
-      - 'develop'
-      - 'feature/update**'
-      - 'feature/server_esm**'
+      - "develop"
+      - "feature/update**"
+      - "feature/server_esm**"
     paths-ignore:
-      - 'docs/**'
-      - 'bin/**'
+      - "docs/**"
+      - "bin/**"
   workflow_dispatch:    
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
 env:
-  REGISTRY: ghcr.io
+  GHCR_REGISTRY: ghcr.io
+  DOCKERHUB_REGISTRY: docker.io
   IMAGE_NAME: ${{ github.repository }}
 
 jobs:
@@ -141,7 +142,7 @@ jobs:
           name: TriliumNext Notes for Windows (Setup)
           path: out/make/squirrel.windows/x64/*.exe
   build_docker:
-    name: Build Docker image
+    name: Build Docker images
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -150,40 +151,68 @@ jobs:
       id-token: write
     steps:
       - uses: actions/checkout@v4
-      - name: Log in to the Container registry
-        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+      - name: Extract metadata (tags, labels) for GHCR image
+        id: ghcr-meta
+        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
         with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
+          images: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}
+      - name: Extract metadata (tags, labels) for DockerHub image
+        id: dh-meta
         uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
         with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          images: ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME }}
       - name: Set up node & dependencies
         uses: actions/setup-node@v4
         with:
           node-version: 20
           cache: "npm"
-      - run: npm ci    
+      - run: npm ci
       - name: Run the TypeScript build
         run: npx tsc
       - name: Create server-package.json
         run: cat package.json | grep -v electron > server-package.json
+      - name: Log in to the GHCR container registry
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        with:
+          registry: ${{ env.GHCR_REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
       - uses: docker/setup-buildx-action@v3
-      - uses: docker/build-push-action@v6
-        id: push
+      - name: Build and push container image to GHCR
+        uses: docker/build-push-action@v6
+        id: ghcr-push
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.ghcr-meta.outputs.tags }}
+          labels: ${{ steps.ghcr-meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+      - name: Generate and push artifact attestation to GHCR
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME}}
+          subject-digest: ${{ steps.ghcr-push.outputs.digest }}
+          push-to-registry: true
+      - name: Log in to the DockerHub container registry
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        with:
+          registry: ${{ env.DOCKERHUB_REGISTRY }}
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Build and push image to DockerHub
+        uses: docker/build-push-action@v6
+        id: dh-push
         with:
           context: .
           push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
+          tags: ${{ steps.dh-meta.outputs.tags }}
+          labels: ${{ steps.dh-meta.outputs.labels }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
-      - name: Generate artifact attestation
+      - name: Generate and push artifact attestation to DockerHub
         uses: actions/attest-build-provenance@v1
         with:
-          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
-          subject-digest: ${{ steps.push.outputs.digest }}
-          push-to-registry: true
+          subject-name: ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME}}
+          subject-digest: ${{ steps.dh-push.outputs.digest }}
+          push-to-registry: true