mirror of
https://github.com/pixelfed/pixelfed.git
synced 2024-11-26 08:13:16 +00:00
176 lines
6.2 KiB
YAML
176 lines
6.2 KiB
YAML
---
|
|
name: Docker
|
|
|
|
on:
|
|
# See: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch
|
|
workflow_dispatch:
|
|
|
|
# See: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#push
|
|
push:
|
|
branches:
|
|
- dev
|
|
- jippi-fork # TODO(jippi): remove me before merge
|
|
tags:
|
|
- "*"
|
|
|
|
# See: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request
|
|
pull_request:
|
|
types:
|
|
- labeled
|
|
- opened
|
|
- ready_for_review
|
|
- reopened
|
|
- synchronize
|
|
|
|
jobs:
|
|
lint:
|
|
runs-on: ubuntu-latest
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
steps:
|
|
- name: Checkout Code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Docker Lint
|
|
uses: hadolint/hadolint-action@v3.1.0
|
|
with:
|
|
dockerfile: contrib/docker/Dockerfile
|
|
failure-threshold: error
|
|
|
|
build:
|
|
runs-on: ubuntu-latest
|
|
|
|
strategy:
|
|
fail-fast: false
|
|
|
|
# See: https://docs.github.com/en/actions/using-jobs/using-a-matrix-for-your-jobs
|
|
matrix:
|
|
php_version:
|
|
- 8.1
|
|
- 8.2
|
|
- 8.3
|
|
target_runtime:
|
|
- apache
|
|
- fpm
|
|
- nginx
|
|
php_base:
|
|
- apache
|
|
- fpm
|
|
|
|
# See: https://docs.github.com/en/actions/using-jobs/using-a-matrix-for-your-jobs#excluding-matrix-configurations
|
|
# See: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstrategymatrixexclude
|
|
exclude:
|
|
# Broken for imagick on arm64 due to https://github.com/Imagick/imagick/pull/641
|
|
# Could probably figure out how to do a matrix only ignoring 8.3 + linux/arm64, but this is easier atm
|
|
- php_version: 8.3
|
|
|
|
# targeting [apache] runtime with [fpm] base type doesn't make sense
|
|
- target_runtime: apache
|
|
php_base: fpm
|
|
|
|
# targeting [fpm] runtime with [apache] base type doesn't make sense
|
|
- target_runtime: fpm
|
|
php_base: apache
|
|
|
|
# targeting [nginx] runtime with [apache] base type doesn't make sense
|
|
- target_runtime: nginx
|
|
php_base: apache
|
|
|
|
# See: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-concurrency-and-the-default-behavior
|
|
concurrency:
|
|
group: docker-build-${{ github.ref }}-${{ matrix.php_base }}-${{ matrix.php_version }}-${{ matrix.target_runtime }}
|
|
cancel-in-progress: true
|
|
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
|
|
env:
|
|
# Set the repo variable [DOCKER_HUB_USERNAME] to override the default at https://github.com/<user>/<project>/settings/variables/actions
|
|
#
|
|
# NOTE: no login attempt will happen with Docker Hub until this secret is set
|
|
DOCKER_HUB_USERNAME: ${{ vars.DOCKER_HUB_USERNAME || 'pixelfed' }}
|
|
|
|
# Set the repo variable [DOCKER_HUB_ORGANISATION] to override the default at https://github.com/<user>/<project>/settings/variables/actions
|
|
#
|
|
# NOTE: no login attempt will happen with Docker Hub until this secret is set
|
|
DOCKER_HUB_ORGANISATION: ${{ vars.DOCKER_HUB_ORGANISATION || 'pixelfed' }}
|
|
|
|
# Set the repo variable [DOCKER_HUB_REPO] to override the default at https://github.com/<user>/<project>/settings/variables/actions
|
|
#
|
|
# NOTE: no login attempt will happen with Docker Hub until this secret is set
|
|
DOCKER_HUB_REPO: ${{ vars.DOCKER_HUB_REPO || 'pixelfed' }}
|
|
|
|
# For Docker Hub pushing to work, you need the secret [DOCKER_HUB_TOKEN]
|
|
# set to your Personal Access Token at https://github.com/<user>/<project>/settings/secrets/actions
|
|
#
|
|
# NOTE: no login attempt will happen with Docker Hub until this secret is set
|
|
HAS_DOCKER_HUB_TOKEN: ${{ secrets.DOCKER_HUB_TOKEN != '' }}
|
|
|
|
steps:
|
|
- name: Checkout Code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@v3
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
id: buildx
|
|
with:
|
|
version: v0.12.0 # *or* newer, needed for annotations to work
|
|
|
|
- name: Log in to the GitHub Container registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Login to Docker Hub registry (conditionally)
|
|
uses: docker/login-action@v3
|
|
with:
|
|
username: ${{ env.DOCKER_HUB_USERNAME }}
|
|
password: ${{ secrets.DOCKER_HUB_TOKEN }}
|
|
if: ${{ env.HAS_DOCKER_HUB_TOKEN == true }}
|
|
|
|
- name: Docker meta
|
|
uses: docker/metadata-action@v5
|
|
id: meta
|
|
with:
|
|
images: |
|
|
name=ghcr.io/${{ github.repository }},enable=true
|
|
name=${{ env.DOCKER_HUB_ORGANISATION }}/${{ env.DOCKER_HUB_REPO }},enable=${{ env.HAS_DOCKER_HUB_TOKEN }}
|
|
flavor: |
|
|
latest=auto
|
|
suffix=-${{ matrix.target_runtime }}-${{ matrix.php_version }}
|
|
tags: |
|
|
type=edge,branch=dev
|
|
type=pep440,pattern={{raw}}
|
|
type=pep440,pattern=v{{major}}.{{minor}}
|
|
type=ref,event=branch,prefix=branch-
|
|
type=ref,event=pr,prefix=pr-
|
|
type=ref,event=tag
|
|
env:
|
|
DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
|
|
|
|
- name: Build and push Docker image
|
|
uses: docker/build-push-action@v5
|
|
with:
|
|
context: .
|
|
file: contrib/docker/Dockerfile
|
|
target: ${{ matrix.target_runtime }}-runtime
|
|
platforms: linux/amd64,linux/arm64
|
|
builder: ${{ steps.buildx.outputs.name }}
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
annotations: ${{ steps.meta.outputs.annotations }}
|
|
push: true
|
|
sbom: true
|
|
provenance: true
|
|
build-args: |
|
|
PHP_VERSION=${{ matrix.php_version }}
|
|
PHP_BASE_TYPE=${{ matrix.php_base }}
|
|
cache-from: type=gha,scope=${{ matrix.target_runtime }}-${{ matrix.php_base }}-${{ matrix.php_version }}
|
|
cache-to: type=gha,mode=max,scope=${{ matrix.target_runtime }}-${{ matrix.php_base }}-${{ matrix.php_version }}
|