Skip to content
Docker Release

Docker Release 6.0.0 by @Davidmattei #152

Sign in to view logs

Docker Release 6.0.0 by @Davidmattei

Docker Release 6.0.0 by @Davidmattei #152

Workflow file for this run

.github/workflows/docker-release.yml at 7599d00
name: Docker Release
run-name: Docker Release ${{ github.ref_name }} by @${{ github.actor }}
on:
push:
tags:
- '[0-9]+.[0-9]+.[0-9]+*'
jobs:
init:
runs-on: ubuntu-20.04
outputs:
version-patch: ${{ steps.prep.outputs.version-patch }}
version-minor: ${{ steps.prep.outputs.version-minor }}
version-major: ${{ steps.prep.outputs.version-major }}
build-date: ${{ steps.prep.outputs.build-date }}
docker-image-name: ${{ steps.prep.outputs.docker-image-name }}
github-ci-run-id: ${{ steps.prep.outputs.github-ci-run-id }}
github-ci-sha-short: ${{ steps.prep.outputs.github-ci-sha-short }}
github-ci-sha: ${{ steps.prep.outputs.github-ci-sha }}
aws-cli-version: ${{ steps.prep.outputs.aws-cli-version }}
steps:
- uses: actions/checkout@v4
- name: Fill GitHub Environment Variables
uses: FranzDiebold/github-env-vars-action@v2
- name: Fill PHP Version Environment Variable
uses: c-py/action-dotenv-to-setenv@v5
with:
env-file: .build.env
- name: Prepare Workflow Environment
id: prep
run: |
VERSION_MAJOR_MINOR_PATCH=${GITHUB_REF_NAME}
VERSION_MAJOR_MINOR=${VERSION_MAJOR_MINOR_PATCH%.*}
VERSION_MAJOR=${VERSION_MAJOR_MINOR%.*}
echo "docker-image-name=${DOCKER_IMAGE_NAME}" >> $GITHUB_OUTPUT
echo "version-patch=${VERSION_MAJOR_MINOR_PATCH}" >> $GITHUB_OUTPUT
echo "version-minor=${VERSION_MAJOR_MINOR}" >> $GITHUB_OUTPUT
echo "version-major=${VERSION_MAJOR}" >> $GITHUB_OUTPUT
echo "build-date=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
echo "github-ci-sha-short=${CI_SHA_SHORT}" >> $GITHUB_OUTPUT
echo "github-ci-sha=${CI_SHA}" >> $GITHUB_OUTPUT
echo "github-ci-run-id=${CI_RUN_ID}" >> $GITHUB_OUTPUT
build:
strategy:
matrix:
image-variant: [prd,dev]
runs-on: ubuntu-20.04
needs: init
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
- name: Cache Docker layers
uses: actions/cache@v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Fill "${{ needs.init.outputs.docker-image-name }}" Docker Image metadata
id: meta
uses: docker/metadata-action@v5
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
images: "${{ needs.init.outputs.docker-image-name }}"
tags: |
type=raw,value=${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}
type=raw,value=${{ needs.init.outputs.version-patch }}-${{ matrix.image-variant }}
type=raw,value=${{ needs.init.outputs.version-minor }}-${{ matrix.image-variant }}
type=raw,value=${{ needs.init.outputs.version-major }}-${{ matrix.image-variant }}
- name: Create Dockerfile
run: |
make Dockerfile
- name: Build "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" Docker Image
id: build
uses: docker/build-push-action@v6
with:
builder: ${{ steps.buildx.outputs.name }}
context: .
file: Dockerfile
target: ${{ matrix.image-variant }}
build-args: |
VERSION_ARG=${{ needs.init.outputs.version-patch }}
RELEASE_ARG=${{ needs.init.outputs.github-ci-run-id }}
VCS_REF_ARG=${{ needs.init.outputs.github-ci-sha }}
BUILD_DATE_ARG=${{ needs.init.outputs.build-date }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
outputs: type=docker,dest=/tmp/builded.tar
- name: Upload "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" Docker image artifact
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.image-variant }}
path: /tmp/builded.tar
tests:
strategy:
matrix:
image-variant: [prd,dev]
runs-on: ubuntu-20.04
needs: [init,build]
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v4
with:
repository: ems-project/elasticms-demo
path: test/demo
ref: ${{ needs.init.outputs.version-patch }}
- name: Prepare Elasticms Demo Project
id: prep_demo
run: |
mkdir -p test/demo/dist
npm install --save-dev webpack --prefix test/demo test/demo
npm run --prefix test/demo prod
chmod 777 test/demo/skeleton
- name: Setup BATS testing framework
uses: zebby76/setup-bats@v2
with:
bats-version: 1.2.1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Download "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" Docker image artifact
uses: actions/download-artifact@v4
with:
name: ${{ matrix.image-variant }}
path: /tmp
- name: Load Docker image
run: |
docker load --input /tmp/builded.tar
docker image ls -a
- name: Scan "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" Docker image
uses: anchore/scan-action@v6
id: scan
with:
image: ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}
fail-build: false
severity-cutoff: critical
output-format: table
- name: Login to DockerHub
uses: docker/login-action@v3
with:
registry: docker.io
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Prepare Test Environment
id: prep-test
run: |
echo "image-flavor=${IMAGE_VARIANT%-*}" >> $GITHUB_OUTPUT
env:
IMAGE_VARIANT: ${{ matrix.image-variant }}
- name: Free Disk Space
run: |
echo "Disk space before post-build cleanup:"
df -h
sudo rm -rf /usr/local/.ghcup
sudo rm -rf /opt/hostedtoolcache/CodeQL
sudo rm -rf /usr/local/lib/android/sdk/ndk
sudo rm -rf /usr/share/dotnet
sudo apt-get clean
echo "Disk space after post-build cleanup:"
df -h
- name: Test "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" Docker Image
env:
DOCKER_IMAGE_NAME: ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}
EMS_VERSION: ${{ needs.init.outputs.version-patch }}
CONTAINER_ENGINE: docker
run: |
docker network create docker_default
docker pull docker.io/curlimages/curl:8.11.1
bats -r test/tests.bats
sign-dev:
strategy:
max-parallel: 1
matrix:
image-variant: [dev]
runs-on: ubuntu-20.04
needs: [init,tests]
steps:
- name: Install Dependencies
run: |
sudo apt update
sudo apt install -y notary
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Download "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" Docker image artifact
uses: actions/download-artifact@v4
with:
name: ${{ matrix.image-variant }}
path: /tmp
- name: Load Docker image
run: |
docker load --input /tmp/builded.tar
docker image ls -a
- name: Login to DockerHub
uses: docker/login-action@v3
with:
registry: docker.io
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}"
uses: sudo-bot/action-docker-sign@latest
with:
image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}"
private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}"
private-key: ${{ secrets.DOCKER_PRIVATE_KEY }}
private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }}
- name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ matrix.image-variant }}"
uses: sudo-bot/action-docker-sign@latest
with:
image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ matrix.image-variant }}"
private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}"
private-key: ${{ secrets.DOCKER_PRIVATE_KEY }}
private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }}
- name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ matrix.image-variant }}"
uses: sudo-bot/action-docker-sign@latest
with:
image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ matrix.image-variant }}"
private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}"
private-key: ${{ secrets.DOCKER_PRIVATE_KEY }}
private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }}
- name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-major }}-${{ matrix.image-variant }}"
uses: sudo-bot/action-docker-sign@latest
with:
image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-major }}-${{ matrix.image-variant }}"
private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}"
private-key: ${{ secrets.DOCKER_PRIVATE_KEY }}
private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }}
- name: Check Docker Images pull's
run: |
docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}
docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ matrix.image-variant }}
docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ matrix.image-variant }}
docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-major }}-${{ matrix.image-variant }}
sign-prd:
strategy:
max-parallel: 1
matrix:
image-variant: [prd]
runs-on: ubuntu-20.04
needs: [init,tests]
steps:
- name: Install Dependencies
run: |
sudo apt update
sudo apt install -y notary
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Download "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}" Docker image artifact
uses: actions/download-artifact@v4
with:
name: ${{ matrix.image-variant }}
path: /tmp
- name: Load Docker image
run: |
docker load --input /tmp/builded.tar
docker image ls -a
- name: Login to DockerHub
uses: docker/login-action@v3
with:
registry: docker.io
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Tag docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }} for release"
id: prep-sign-tagging
run: |
docker tag ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }} \
${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}
docker tag ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ matrix.image-variant }} \
${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}
docker tag ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ matrix.image-variant }} \
${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}
docker tag ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-major }}-${{ matrix.image-variant }} \
${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-major }}
- name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}"
uses: sudo-bot/action-docker-sign@latest
with:
image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}"
private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}"
private-key: ${{ secrets.DOCKER_PRIVATE_KEY }}
private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }}
- name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}"
uses: sudo-bot/action-docker-sign@latest
with:
image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}"
private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}"
private-key: ${{ secrets.DOCKER_PRIVATE_KEY }}
private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }}
- name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ matrix.image-variant }}"
uses: sudo-bot/action-docker-sign@latest
with:
image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ matrix.image-variant }}"
private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}"
private-key: ${{ secrets.DOCKER_PRIVATE_KEY }}
private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }}
- name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}"
uses: sudo-bot/action-docker-sign@latest
with:
image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}"
private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}"
private-key: ${{ secrets.DOCKER_PRIVATE_KEY }}
private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }}
- name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ matrix.image-variant }}"
uses: sudo-bot/action-docker-sign@latest
with:
image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ matrix.image-variant }}"
private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}"
private-key: ${{ secrets.DOCKER_PRIVATE_KEY }}
private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }}
- name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}"
uses: sudo-bot/action-docker-sign@latest
with:
image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}"
private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}"
private-key: ${{ secrets.DOCKER_PRIVATE_KEY }}
private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }}
- name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-major }}-${{ matrix.image-variant }}"
uses: sudo-bot/action-docker-sign@latest
with:
image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-major }}-${{ matrix.image-variant }}"
private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}"
private-key: ${{ secrets.DOCKER_PRIVATE_KEY }}
private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }}
- name: Sign and push docker image "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-major }}"
uses: sudo-bot/action-docker-sign@latest
with:
image-ref: "${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-major }}"
private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}"
private-key: ${{ secrets.DOCKER_PRIVATE_KEY }}
private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }}
- name: Check Docker Images pull's
run: |
docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}-${{ matrix.image-variant }}
docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.github-ci-sha-short }}
docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}-${{ matrix.image-variant }}
docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-patch }}
docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}-${{ matrix.image-variant }}
docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-minor }}
docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-major }}-${{ matrix.image-variant }}
docker pull ${{ needs.init.outputs.docker-image-name }}:${{ needs.init.outputs.version-major }}
cleanup:
strategy:
matrix:
image-variant: [prd,dev]
runs-on: ubuntu-20.04
needs: [sign-prd,sign-dev]
steps:
- uses: geekyeggo/delete-artifact@v5
with:
name: ${{ matrix.image-variant }}
failOnError: false