Auto Docker publishing #325
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: docker tests | |
| on: | |
| push: | |
| branches: | |
| - stable | |
| - dev | |
| pull_request: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| docker-test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v7 | |
| - name: Set up Python | |
| run: uv python install 3.11 | |
| - name: Install dependencies | |
| run: uv sync | |
| - name: Run tests | |
| run: | | |
| BBOT_SERVER_TEST_DOCKER_COMPOSE=true uv run pytest --disable-warnings --log-cli-level=INFO -k test_docker_compose | |
| docker-publish: | |
| runs-on: ubuntu-latest | |
| needs: docker-test | |
| if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/stable' }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v7 | |
| - name: Get version from pyproject.toml | |
| id: version | |
| run: | | |
| VERSION=$(uv version --short) | |
| echo "version=$VERSION" >> $GITHUB_OUTPUT | |
| echo "major=$(echo $VERSION | cut -d. -f1)" >> $GITHUB_OUTPUT | |
| echo "minor=$(echo $VERSION | cut -d. -f1-2)" >> $GITHUB_OUTPUT | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: blacklanternsecurity | |
| password: ${{ secrets.DOCKER_TOKEN }} | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: blacklanternsecurity/bbot-server | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=sha,prefix=sha- | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| type=raw,value=v${{ steps.version.outputs.major }} | |
| type=raw,value=v${{ steps.version.outputs.minor }} | |
| type=raw,value=v${{ steps.version.outputs.version }} | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Clean up old Docker Hub tags (up to 50 most recent tags plus 'latest') | |
| run: | | |
| # Install jq for JSON processing | |
| sudo apt-get update && sudo apt-get install -y jq | |
| echo "Cleaning up bbot-server tags..." | |
| tags_response=$(curl -s -H "Authorization: Bearer ${{ secrets.DOCKER_TOKEN }}" \ | |
| "https://hub.docker.com/v2/repositories/bbot-server}/tags/?page_size=100") | |
| tags_to_delete=$(echo "$tags_response" | jq -r '.results[] | select(.name != "latest") | [.last_updated, .name] | @tsv' | \ | |
| sort -r | tail -n +51 | cut -f2) | |
| for tag in $tags_to_delete; do | |
| echo "Deleting bbot-server tag: $tag" | |
| curl -X DELETE -H "Authorization: Bearer ${{ secrets.DOCKER_TOKEN }}" \ | |
| "https://hub.docker.com/v2/repositories/bbot-server/tags/$tag/" | |
| done | |
| echo "Cleanup completed for bbot-server. Kept 50 most recent tags plus 'latest'." |