44 workflow_dispatch :
55 inputs :
66 release_tag :
7- description : ' Release tag to build from (e.g., v1.2.3)'
7+ description : ' Release tag to build from (e.g., iii/ v1.2.3)'
88 required : true
99 type : string
1010 workflow_call :
1111 inputs :
1212 release_tag :
13- description : ' Release tag to build from (e.g., v1.2.3)'
13+ description : ' Release tag to build from (e.g., iii/ v1.2.3)'
1414 required : true
1515 type : string
1616 secrets :
2121
2222permissions :
2323 contents : read
24- packages : write
2524 security-events : write
2625
2726env :
28- GHCR_REPO : ghcr.io/${{ github.repository_owner }}/iii
2927 DOCKERHUB_REPO : iiidev/iii
3028
3129jobs :
@@ -82,26 +80,25 @@ jobs:
8280name : Set up Docker Buildx
8381 uses : docker/setup-buildx-action@v3
8482
85- - name : Login to GHCR
83+ - name : Login to DockerHub
8684 uses : docker/login-action@v3
8785 with :
88- registry : ghcr.io
89- username : ${{ github.actor }}
90- password : ${{ secrets.GITHUB_TOKEN }}
86+ username : ${{ secrets.DOCKERHUB_USERNAME }}
87+ password : ${{ secrets.DOCKERHUB_PASSWORD }}
9188
9289 - name : Extract metadata
9390 id : meta
9491 uses : docker/metadata-action@v5
9592 with :
96- images : ${{ env.GHCR_REPO }}
93+ images : ${{ env.DOCKERHUB_REPO }}
9794
9895 - name : Build and push
9996 uses : docker/build-push-action@v6
10097 with :
10198 context : engine
10299 platforms : ${{ matrix.platform }}
103100 push : true
104- tags : ${{ env.GHCR_REPO }}:build-${{ matrix.docker_arch }}
101+ tags : ${{ env.DOCKERHUB_REPO }}:build-${{ matrix.docker_arch }}
105102 labels : ${{ steps.meta.outputs.labels }}
106103 provenance : false
107104
@@ -117,51 +114,31 @@ jobs:
117114 id : meta
118115 uses : docker/metadata-action@v5
119116 with :
120- images : |
121- ${{ env.GHCR_REPO }}
122- ${{ env.DOCKERHUB_REPO }}
117+ images : ${{ env.DOCKERHUB_REPO }}
123118 tags : |
124119 type=raw,value=${{ needs.setup.outputs.version }}
125120 type=raw,value=latest
126121
127- name : Login to GHCR
128- uses : docker/login-action@v3
129- with :
130- registry : ghcr.io
131- username : ${{ github.actor }}
132- password : ${{ secrets.GITHUB_TOKEN }}
133-
134122name : Login to DockerHub
135123 uses : docker/login-action@v3
136124 with :
137125 username : ${{ secrets.DOCKERHUB_USERNAME }}
138126 password : ${{ secrets.DOCKERHUB_PASSWORD }}
139- continue-on-error : true
140127
141- - name : Create and push multi-platform manifest (GHCR)
142- run : |
143- for tag in "${{ needs.setup.outputs.version }}" "latest"; do
144- docker buildx imagetools create \
145- -t "${{ env.GHCR_REPO }}:$tag" \
146- "${{ env.GHCR_REPO }}:build-amd64" \
147- "${{ env.GHCR_REPO }}:build-arm64"
148- done
149-
150- name : Create and push multi-platform manifest (DockerHub)
151- continue-on-error : true
128+ - name : Create and push multi-platform manifest
152129 run : |
153130 for tag in "${{ needs.setup.outputs.version }}" "latest"; do
154131 docker buildx imagetools create \
155132 -t "${{ env.DOCKERHUB_REPO }}:$tag" \
156- "${{ env.GHCR_REPO }}:build-amd64" \
157- "${{ env.GHCR_REPO }}:build-arm64"
133+ "${{ env.DOCKERHUB_REPO }}:build-amd64" \
134+ "${{ env.DOCKERHUB_REPO }}:build-arm64"
158135 done
159136
160137name : Run Trivy vulnerability scanner
161138 continue-on-error : true
162139 uses : aquasecurity/trivy-action@0.28.0
163140 with :
164- image-ref : ${{ env.GHCR_REPO }}:${{ needs.setup.outputs.version }}
141+ image-ref : ${{ env.DOCKERHUB_REPO }}:${{ needs.setup.outputs.version }}
165142 format : ' sarif'
166143 output : ' trivy-results.sarif'
167144 severity : ' CRITICAL,HIGH'
@@ -177,32 +154,13 @@ jobs:
177154 continue-on-error : true
178155 uses : aquasecurity/trivy-action@0.28.0
179156 with :
180- image-ref : ${{ env.GHCR_REPO }}:${{ needs.setup.outputs.version }}
157+ image-ref : ${{ env.DOCKERHUB_REPO }}:${{ needs.setup.outputs.version }}
181158 format : ' table'
182159 severity : ' CRITICAL'
183160 exit-code : ' 1'
184161 ignore-unfixed : true
185162
186- - name : Remove intermediate build tags (GHCR)
187- continue-on-error : true
188- env :
189- GH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
190- OWNER : ${{ github.repository_owner }}
191- run : |
192- PKG_NAME=$(basename "${{ env.GHCR_REPO }}")
193- for arch in amd64 arm64; do
194- tag="build-${arch}"
195- version_id=$(gh api "/orgs/${OWNER}/packages/container/${PKG_NAME}/versions" \
196- --jq ".[] | select(.metadata.container.tags[] == \"${tag}\") | .id" 2>/dev/null \
197- || gh api "/users/${OWNER}/packages/container/${PKG_NAME}/versions" \
198- --jq ".[] | select(.metadata.container.tags[] == \"${tag}\") | .id" 2>/dev/null || true)
199- if [ -n "$version_id" ]; then
200- gh api --method DELETE "/orgs/${OWNER}/packages/container/${PKG_NAME}/versions/${version_id}" 2>/dev/null \
201- || gh api --method DELETE "/users/${OWNER}/packages/container/${PKG_NAME}/versions/${version_id}" 2>/dev/null || true
202- fi
203- done
204-
205- name : Remove intermediate build tags (DockerHub)
163+ - name : Remove intermediate build tags
206164 continue-on-error : true
207165 env :
208166 DOCKERHUB_USERNAME : ${{ secrets.DOCKERHUB_USERNAME }}
@@ -233,7 +191,6 @@ jobs:
233191
234192 | Registry | Repository |
235193 |----------|------------|
236- | GHCR | `${{ env.GHCR_REPO }}` |
237194 | DockerHub | `${{ env.DOCKERHUB_REPO }}` |
238195
239196 **Platforms:** linux/amd64, linux/arm64 (pre-built binaries)
@@ -255,7 +212,7 @@ jobs:
255212 "type": "section",
256213 "text": {
257214 "type": "mrkdwn",
258- "text": "*Docker Image Published*\n\nVersion: `${{ needs.setup.outputs.version }}`\nPlatforms: `linux/amd64`, `linux/arm64`\nRuntime: Distroless (nonroot)\n\n*Images :*\n\u2022 `${{ env.DOCKERHUB_REPO }}:${{ needs.setup.outputs.version }}`\n\u2022 `${{ env.GHCR_REPO }}:${{ needs.setup.outputs.version }}`"
215+ "text": "*Docker Image Published*\n\nVersion: `${{ needs.setup.outputs.version }}`\nPlatforms: `linux/amd64`, `linux/arm64`\nRuntime: Distroless (nonroot)\n\n*Image :*\n\u2022 `${{ env.DOCKERHUB_REPO }}:${{ needs.setup.outputs.version }}`"
259216 }
260217 },
261218 {
0 commit comments