cd #393
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: cd | |
| on: | |
| push: | |
| branches: [main] | |
| paths-ignore: | |
| - '**.md' | |
| schedule: | |
| - cron: '43 1 * * SUN' # every Sunday at 1:43 AM UTC | |
| workflow_dispatch: | |
| # Set empty permissions to empty by default, and then set more granular permissions for each job | |
| permissions: {} | |
| concurrency: | |
| group: cd-${{ github.ref }} | |
| env: | |
| IMAGE_NAME: network-tools | |
| jobs: | |
| # Test building on multiple architectures | |
| test: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| actions: read | |
| strategy: | |
| matrix: | |
| platform: [linux/amd64, linux/arm64] | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@main | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@master | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@master | |
| - name: Test build for ${{ matrix.platform }} | |
| uses: docker/build-push-action@master | |
| with: | |
| context: . | |
| platforms: ${{ matrix.platform }} | |
| push: false | |
| cache-from: type=gha,scope=${{ matrix.platform }} | |
| cache-to: type=gha,mode=max,scope=${{ matrix.platform }} | |
| publish: | |
| needs: test | |
| runs-on: ubuntu-latest | |
| if: ${{ github.event_name != 'pull_request' }} | |
| permissions: | |
| packages: write | |
| contents: read | |
| actions: read | |
| attestations: write | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@main | |
| - name: Log in to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@master | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Lint Dockerfile | |
| run: make lint | |
| - name: Extract metadata for images | |
| id: meta | |
| uses: docker/metadata-action@master | |
| with: | |
| images: | | |
| ${{ github.repository_owner }}/${{ env.IMAGE_NAME }} | |
| ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }} | |
| # manually handle the 'latest' tag | |
| flavor: | | |
| latest=false | |
| tags: | | |
| type=raw,value=latest | |
| type=sha,format=short | |
| labels: | | |
| org.opencontainers.image.licenses=MIT | |
| org.opencontainers.image.title=${{ env.IMAGE_NAME }} | |
| org.opencontainers.image.description=A Docker image with various network tools pre-installed | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@master | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@master | |
| - name: Build and push images | |
| uses: docker/build-push-action@master | |
| with: | |
| context: . | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| provenance: true | |
| sbom: true | |
| prune: | |
| needs: publish | |
| runs-on: ubuntu-latest | |
| if: ${{ github.event_name != 'pull_request' }} | |
| permissions: | |
| packages: write | |
| contents: read | |
| env: | |
| GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }} | |
| DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
| DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
| steps: | |
| - name: Checkout Git repository | |
| uses: actions/checkout@main | |
| - name: Setup Python | |
| uses: actions/setup-python@main | |
| with: | |
| python-version: '3.13' | |
| cache: 'pip' | |
| cache-dependency-path: 'scripts/prune/requirements.txt' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install --requirement scripts/prune/requirements.txt | |
| - name: Prune old images | |
| run: python scripts/prune/main.py --container ${{ env.IMAGE_NAME }} --registry all --keep-latest 25 --verbose |