Build and Push to Docker Hub #718
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Push to Docker Hub | |
on: | |
push: | |
branches: [ main ] | |
schedule: | |
- cron: "30 12 * * 0" # Run once every Sunday | |
env: | |
REPO: ultraviolet-node | |
PLATFORMS: linux/amd64,linux/arm64 | |
jobs: | |
build_and_push_docker_images: | |
name: Push Docker image to Docker Hub | |
permissions: | |
packages: write | |
contents: read | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repo | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
- name: Build Test Image | |
uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 # v2 | |
with: | |
image: ${{ env.REPO }} | |
tags: test | |
containerfiles: | | |
./docker/Dockerfile | |
build-args: | | |
NPM_BUILD=pnpm install --prod | |
- name: Test | |
run: | | |
podman run --rm -d -p 8080:8080 localhost/${{ env.REPO }}:test | |
chmod +x ./docker/test.sh | |
./docker/test.sh -p 8080 -h 0.0.0.0 -t 15 | |
- name: Install qemu | |
if: github.event_name != 'pull_request' | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y qemu-user-static | |
- name: Build Production Images | |
if: github.event_name != 'pull_request' | |
id: build-image | |
uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 # v2 | |
with: | |
image: ${{ env.REPO }} | |
tags: latest ${{ github.sha }} | |
containerfiles: | | |
./docker/Dockerfile | |
platforms: ${{ env.PLATFORMS }} | |
build-args: | | |
NPM_BUILD=pnpm install --prod | |
# PUSH | |
- uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 | |
- name: Write Cosign Key | |
run: | | |
echo "${{ env.COSIGN_PRIVATE_KEY }}" > cosign.key; | |
wc -c cosign.key; | |
env: | |
COSIGN_EXPERIMENTAL: false | |
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} | |
- name: Push To Docker Hub | |
id: push-to-docker | |
uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
image: ${{ steps.build-image.outputs.image }} | |
tags: ${{ steps.build-image.outputs.tags }} | |
registry: docker.io/${{ secrets.DOCKER_USERNAME }} | |
- name: Sign Docker Hub Image | |
run: | | |
cosign login docker.io -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }} | |
cosign sign -y --key cosign.key docker.io/${{ secrets.DOCKER_USERNAME }}/${{ steps.build-image.outputs.image }}@${DOCKER_TAGS} | |
env: | |
COSIGN_EXPERIMENTAL: false | |
DOCKER_TAGS: ${{ steps.push-to-docker.outputs.digest }} | |
- name: Push To GHCR | |
id: push-to-ghcr | |
uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2 | |
with: | |
username: ${{ github.actor }} | |
password: ${{ github.token }} | |
image: ${{ steps.build-image.outputs.image }} | |
tags: ${{ steps.build-image.outputs.tags }} | |
registry: ghcr.io/${{ github.repository_owner }} | |
- name: Sign GHCR Image | |
run: | | |
cosign login ghcr.io -u ${{ github.actor }} -p ${{ github.token }} | |
cosign sign -y --key cosign.key ghcr.io/${{ github.repository_owner }}/${{ steps.build-image.outputs.image }}@${GHCR_TAGS} | |
env: | |
COSIGN_EXPERIMENTAL: false | |
GHCR_TAGS: ${{ steps.push-to-ghcr.outputs.digest }} | |
- name: Print image URLs | |
run: | | |
echo "Image pushed to ${{ steps.push-to-docker.outputs.registry-paths }}" | |
echo "Image pushed to ${{ steps.push-to-ghcr.outputs.registry-paths }}" |