Skip to content

Update docker-publish.yml #26

Update docker-publish.yml

Update docker-publish.yml #26

name: CI
on:
push:
branches: [ "main" ]
tags: [ 'v*.*.*' ]
pull_request:
branches: [ "main" ]
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
LATEST_ANDROID_PLATFORM: 34
LATEST_JDK: 17
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
android: [33, 34]
jdk: [17]
permissions:
contents: read
packages: write
id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Install cosign
if: startsWith(github.ref, 'refs/tags/v')
uses: sigstore/cosign-installer@f3c664df7af409cb4873aa5068053ba9d61a57b6 #v2.6.0
with:
cosign-release: 'v1.13.1'
- name: Set environment variables
shell: sh
run: |
set -eu
case ${{ matrix.jdk }} in
17)
JDK_MINOR="0"
JDK_PATCH="9"
JDK_BUILD_VERSION="b1087.11" ;;
esac
CMDLINE_VERSION="12.0"
SDK_TOOLS_VERSION="11076708"
case ${{ matrix.android }} in
33) BUILD_TOOLS_VERSION="33.0.3" ;;
34) BUILD_TOOLS_VERSION="34.0.0" ;;
esac
echo "JDK_MINOR=${JDK_MINOR}" >> $GITHUB_ENV
echo "JDK_PATCH=${JDK_PATCH}" >> $GITHUB_ENV
echo "JDK_BUILD_VERSION=${JDK_BUILD_VERSION}" >> $GITHUB_ENV
echo "CMDLINE_VERSION=${CMDLINE_VERSION}" >> $GITHUB_ENV
echo "SDK_TOOLS_VERSION=${SDK_TOOLS_VERSION}" >> $GITHUB_ENV
echo "BUILD_TOOLS_VERSION=$BUILD_TOOLS_VERSION" >> $GITHUB_ENV
# Workaround: https://github.com/docker/build-push-action/issues/461
- name: Setup Docker buildx
uses: docker/setup-buildx-action@v2.5.0
- name: Log into registry ${{ env.REGISTRY }}
if: github.event_name != 'pull_request'
uses: docker/login-action@v2.1.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v4.4.0
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=raw,value=android-${{ matrix.android }}-jdk${{ matrix.jdk }}
type=raw,value=android-${{ matrix.android }}-jdk${{ matrix.jdk }}-${{ github.ref_name }},enable=${{ startsWith(github.ref, 'refs/tags/v') }}
type=raw,value=latest-jdk${{ matrix.jdk }},enable=${{ matrix.android == env.LATEST_ANDROID_PLATFORM }}
type=raw,value=latest,enable=${{ matrix.android == env.LATEST_ANDROID_PLATFORM && matrix.jdk == env.LATEST_JDK }}
- name: Build API=${{ matrix.android }} JDK=${{ matrix.jdk }}
id: build-and-push
uses: docker/build-push-action@v4.0.0
with:
context: .
push: ${{ startsWith(github.ref, 'refs/tags/v') }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: |
JDK_MAJOR=${{ matrix.jdk }}
JDK_MINOR=${{ env.JDK_MINOR }}
JDK_PATCH=${{ env.JDK_PATCH }}
JDK_BUILD_VERSION=${{ env.JDK_BUILD_VERSION }}
CMDLINE_VERSION=${{ env.CMDLINE_VERSION }}
SDK_TOOLS_VERSION=${{ env.SDK_TOOLS_VERSION }}
BUILD_TOOLS_VERSION=${{ env.BUILD_TOOLS_VERSION }}
TARGET_SDK=${{ matrix.android }}
# Sign the resulting Docker image digest except on PRs.
# This will only write to the public Rekor transparency log when the Docker
# repository is public to avoid leaking data. If you would like to publish
# transparency data even for private images, pass --force to cosign below.
# https://github.com/sigstore/cosign
- name: Sign the published Docker image
if: ${{ startsWith(github.ref, 'refs/tags/v') }}
env:
COSIGN_EXPERIMENTAL: "true"
# This step uses the identity token to provision an ephemeral certificate
# against the sigstore community Fulcio instance.
run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }}