Skip to content

Commit

Permalink
ci: refactor GitHub Actions and Docker build-push-action settings
Browse files Browse the repository at this point in the history 
- Add a new docker setup workflow to GitHub actions
- Clean up `docker_publish` workflow by reusing the docker setup steps
- Update permissions for the `docker_publish` job to write packages
- Replace hard-coded parts with variables (such as `DOCKERHUB_USERNAME` and `DOCKERHUB_TOKEN`)
- Set `VERSION` to be `latest` by default in `Dockerfile`
- Modify the docker build and push step in the GitHub action to include more options such as caching to registry, sbom, and provenance
- Change the docker image source to `minio/mc:$VERSION` from `minio/mc` for version control
- Add support for multi-arch in the compression stage of Dockerfile.

Signed-off-by: 陳鈞 <jim60105@gmail.com>
  • Loading branch information
@jim60105
jim60105 committed May 24, 2024
1 parent c77b883 commit e69cd05
Show file tree
Hide file tree
Showing 3 changed files with 85 additions and 45 deletions.
58 changes: 58 additions & 0 deletions .github/workflows/docker-reused-setup-steps/action.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
name: Setup docker

description: Configure the docker workflow.

inputs:
DOCKERHUB_ORGANIZATION_NAME :
required: true
DOCKERHUB_USERNAME:
required: true
DOCKERHUB_TOKEN:
required: true
tag:
required: true

outputs:
tags:
description: "tags"
value: ${{ steps.meta.outputs.tags }}
labels:
description: "labels"
value: ${{ steps.meta.outputs.labels }}

runs:
using: composite
steps:
- name: Docker meta:${{ inputs.tag }}
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ inputs.DOCKERHUB_ORGANIZATION_NAME }}/s3-uploader,ghcr.io/${{ github.repository_owner }}/s3-uploader
flavor: |
latest=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
prefix=
suffix=
- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

# Create a Access Token and save it as as Actions secret
# https://hub.docker.com/settings/security
# DOCKERHUB_USERNAME
# DOCKERHUB_TOKEN
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ inputs.DOCKERHUB_USERNAME }}
password: ${{ inputs.DOCKERHUB_TOKEN }}

# You may need to manage write and read access of GitHub Actions for repositories in the container settings.
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ github.token }}
68 changes: 25 additions & 43 deletions .github/workflows/docker_publish.yml
View file
Original file line number Diff line number Diff line change
@@ -1,63 +1,37 @@
name: docker_publish

# Controls when the action will run.
on:
# Triggers the workflow on push or pull request events but only for the master branch
push:
branches:
- 'master'
tags:
- '*'

# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
# Sets the permissions granted to the GITHUB_TOKEN for the actions in this job.
permissions:
contents: read
packages: write

jobs:
# This workflow contains a single job called "build"
build-and-push:
# The type of runner that the job will run on
docker-latest:
runs-on: ubuntu-latest

# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ secrets.DOCKERHUB_ORGANIZATION_NAME }}/${{ github.event.repository.name }},ghcr.io/${{ github.repository }}
flavor: |
latest=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
prefix=
suffix=
- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

# Create a Access Token and save it as as Actions secret
# https://hub.docker.com/settings/security
# DOCKERHUB_USERNAME
# DOCKERHUB_TOKEN
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
submodules: 'true'

# Create a Access Token with `read:packages` and `write:packages` scopes
# CR_PAT
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
- name: Setup docker
id: setup
uses: ./.github/workflows/docker-reused-setup-steps
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.CR_PAT }}
DOCKERHUB_ORGANIZATION_NAME : ${{ secrets.DOCKERHUB_ORGANIZATION_NAME }}
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
tag: latest

- name: Build and push
uses: docker/build-push-action@v5
Expand All @@ -66,6 +40,14 @@ jobs:
file: ./Dockerfile
push: true
target: final
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
platforms: linux/amd64
tags: ${{ steps.setup.outputs.tags }}
labels: ${{ steps.setup.outputs.labels }}
build-args: |
VERSION=latest
RELEASE=${{ github.run_number }}
platforms: linux/amd64,linux/arm64
# Cache to regietry instead of gha to avoid the capacity limit.
cache-from: type=registry,ref=ghcr.io/recorder-moe/s3-uploader:cache
cache-to: type=registry,ref=ghcr.io/recorder-moe/s3-uploader:cache,mode=max
sbom: true
provenance: true
4 changes: 2 additions & 2 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
# syntax=docker/dockerfile:1
ARG UID=1001
ARG VERSION=EDGE
ARG VERSION=latest
ARG RELEASE=0

########################################
# Compress stage
########################################
FROM minio/mc as mc
FROM minio/mc:$VERSION as mc

FROM alpine:3.19 as compress

Expand Down

0 comments on commit e69cd05

Please sign in to comment.