name: Docker-Release on: push: tags: - "*" # release: # types: [created] # branches: # - 'main' workflow_dispatch: inputs: version: description: 'Version tag' required: false default: '' env: branch: latest image_org: jetsung acr_registry: registry.cn-guangzhou.aliyuncs.com hcr_registry: swr.ap-southeast-3.myhuaweicloud.com tcr_registry: sgccr.ccs.tencentyun.com package_name: app permissions: contents: read packages: write jobs: build: runs-on: ubuntu-24.04 outputs: tag: ${{ steps.get_version.outputs.version }} package_name: ${{ env.package_name }} steps: - name: Checkout Source Code uses: actions/checkout@v6 with: ref: 'main' - name: Get version id: get_version run: | if [[ "${{ github.event_name }}" == "push" && "${{ github.ref_type }}" == "tag" ]]; then version=${{ github.ref_name }} elif [[ "${{ github.event_name }}" == "workflow_dispatch" && -n "${{ github.event.inputs.version }}" ]]; then version=${{ github.event.inputs.version }} else version=latest-$(date +%Y%m%d) fi echo "version=${version#v}" >> $GITHUB_OUTPUT - name: Set up QEMU uses: docker/setup-qemu-action@v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v4 - name: Docker meta id: meta uses: docker/metadata-action@v6 with: images: ${{ env.package_name }} labels: | org.opencontainers.image.title=${{ env.package_name }} org.opencontainers.image.vendor=Jetsung Chan tags: | type=raw,value=latest - name: Build with Bake uses: docker/bake-action@v7 with: files: | ./docker/docker-bake.hcl cwd://${{ steps.meta.outputs.bake-file }} targets: release push: false provenance: false set: | *.attest=type=provenance,disabled=true *.attest=type=sbom,disabled=true *.output=type=oci,dest=./image.tar release.args.VERSION=${{ steps.get_version.outputs.version }} # - name: Build image and create OCI artifact # uses: docker/build-push-action@v7 # with: # context: . # platforms: linux/amd64,linux/arm64 # push: false # provenance: false # build-args: | # VERSION=${{ steps.get_version.outputs.version }} # outputs: type=oci,dest=./image.tar - name: Upload image as artifact uses: actions/upload-artifact@v7 with: name: docker-image path: ./image.tar retention-days: 1 sync-to-docker: needs: build runs-on: ubuntu-24.04 continue-on-error: true steps: - name: Check Docker Hub credentials id: check_dockerhub run: | if [ -z "${{ secrets.DOCKERHUB_USERNAME }}" ] || [ -z "${{ secrets.DOCKERHUB_TOKEN }}" ]; then echo "Docker Hub credentials not configured, skipping..." echo "skip=true" >> $GITHUB_OUTPUT else echo "skip=false" >> $GITHUB_OUTPUT fi - name: Install Skopeo if: steps.check_dockerhub.outputs.skip != 'true' uses: jetsung/install-skopeo@v1 - name: Check Skopeo if: steps.check_dockerhub.outputs.skip != 'true' run: | skopeo --version - name: Login to Docker Hub if: steps.check_dockerhub.outputs.skip != 'true' uses: docker/login-action@v4 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Download image artifact if: steps.check_dockerhub.outputs.skip != 'true' uses: actions/download-artifact@v8 with: name: docker-image path: . - name: Sync to Docker Hub if: steps.check_dockerhub.outputs.skip != 'true' env: SRC_IMAGE: oci-archive:./image.tar DEST_REPO: ${{ env.image_org }}/${{ env.package_name }} DEST_TAG: ${{ needs.build.outputs.tag }} run: | skopeo copy --all $SRC_IMAGE docker://$DEST_REPO:$DEST_TAG skopeo copy --all $SRC_IMAGE docker://$DEST_REPO:latest sync-to-ghcr: needs: build runs-on: ubuntu-24.04 steps: - name: Install Skopeo uses: jetsung/install-skopeo@v1 - name: Check Skopeo run: | skopeo --version - name: Login to GitHub Container Registry (ghcr.io) uses: docker/login-action@v4 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Download image artifact uses: actions/download-artifact@v8 with: name: docker-image path: . - name: Sync to GitHub Container Registry (ghcr.io) env: SRC_IMAGE: oci-archive:./image.tar DEST_REPO: ghcr.io/${{ github.repository_owner }}/${{ env.package_name }} DEST_TAG: ${{ needs.build.outputs.tag }} run: | skopeo copy --all $SRC_IMAGE docker://$DEST_REPO:$DEST_TAG skopeo copy --all $SRC_IMAGE docker://$DEST_REPO:latest - uses: actions/delete-package-versions@v5 continue-on-error: true with: package-name: ${{ env.package_name }} package-type: 'container' min-versions-to-keep: 2 delete-only-untagged-versions: 'true' sync-to-aliyun: needs: build runs-on: ubuntu-24.04 continue-on-error: true steps: - name: Check Aliyun credentials id: check_aliyun run: | if [ -z "${{ secrets.ALIYUN_USERNAME }}" ] || [ -z "${{ secrets.ALIYUN_TOKEN }}" ]; then echo "Aliyun credentials not configured, skipping..." echo "skip=true" >> $GITHUB_OUTPUT else echo "skip=false" >> $GITHUB_OUTPUT fi - name: Install Skopeo if: steps.check_aliyun.outputs.skip != 'true' uses: jetsung/install-skopeo@v1 - name: Check Skopeo if: steps.check_aliyun.outputs.skip != 'true' run: | skopeo --version - name: Login to Aliyun if: steps.check_aliyun.outputs.skip != 'true' uses: docker/login-action@v4 with: registry: ${{ env.acr_registry }} username: ${{ secrets.ALIYUN_USERNAME }} password: ${{ secrets.ALIYUN_TOKEN }} - name: Download image artifact if: steps.check_aliyun.outputs.skip != 'true' uses: actions/download-artifact@v8 with: name: docker-image path: . - name: Sync to Aliyun if: steps.check_aliyun.outputs.skip != 'true' env: SRC_IMAGE: oci-archive:./image.tar DEST_REPO: ${{ env.acr_registry }}/${{ env.image_org }}/${{ env.package_name }} DEST_TAG: ${{ needs.build.outputs.tag }} run: | skopeo copy --all $SRC_IMAGE docker://$DEST_REPO:$DEST_TAG skopeo copy --all $SRC_IMAGE docker://$DEST_REPO:latest sync-to-tencent: needs: build runs-on: ubuntu-24.04 continue-on-error: true steps: - name: Check Tencent credentials id: check_tencent run: | if [ -z "${{ secrets.TENCENT_USERNAME }}" ] || [ -z "${{ secrets.TENCENT_TOKEN }}" ]; then echo "Tencent credentials not configured, skipping..." echo "skip=true" >> $GITHUB_OUTPUT else echo "skip=false" >> $GITHUB_OUTPUT fi - name: Install Skopeo if: steps.check_tencent.outputs.skip != 'true' uses: jetsung/install-skopeo@v1 - name: Check Skopeo if: steps.check_tencent.outputs.skip != 'true' run: | skopeo --version - name: Login to Tencent if: steps.check_tencent.outputs.skip != 'true' uses: docker/login-action@v4 with: registry: ${{ env.tcr_registry }} username: ${{ secrets.TENCENT_USERNAME }} password: ${{ secrets.TENCENT_TOKEN }} - name: Download image artifact if: steps.check_tencent.outputs.skip != 'true' uses: actions/download-artifact@v8 with: name: docker-image path: . - name: Sync to Tencent if: steps.check_tencent.outputs.skip != 'true' env: SRC_IMAGE: oci-archive:./image.tar DEST_REPO: ${{ env.tcr_registry }}/${{ env.image_org }}/${{ env.package_name }} DEST_TAG: ${{ needs.build.outputs.tag }} run: | skopeo copy --all $SRC_IMAGE docker://$DEST_REPO:$DEST_TAG skopeo copy --all $SRC_IMAGE docker://$DEST_REPO:latest