Docker Image CI #1498
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker Image CI | |
| on: | |
| push: | |
| branches: [ main ] | |
| schedule: | |
| - cron: '0 19 * * *' | |
| env: | |
| PLATFORMS: "linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7,linux/ppc64le" | |
| # Declare default permissions as read only. | |
| permissions: read-all | |
| jobs: | |
| buildx: | |
| timeout-minutes: 30 | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Update submodules | |
| run: git clone --depth 1 https://gitlab.com/platynum/certification-authority/flows.git flows | |
| # https://github.com/docker/setup-qemu-action | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| # https://github.com/docker/setup-buildx-action | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Cache Docker layers | |
| uses: actions/cache@v4 | |
| id: cache | |
| with: | |
| path: .buildx-cache | |
| key: ${{ runner.os }}-buildx-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}-buildx- | |
| - name: Docker Buildx (build) | |
| run: | | |
| docker buildx build \ | |
| --cache-from "type=local,src=.buildx-cache" \ | |
| --cache-to "type=local,dest=.buildx-cache" \ | |
| --platform "$PLATFORMS" \ | |
| --output "type=image,push=false" \ | |
| --attest "type=provenance,mode=max" \ | |
| --label org.opencontainers.image.url="https://github.com/augjoh/certification-authority-docker" \ | |
| --label org.opencontainers.image.documentation="https://platynum.gitlab.io/certification-authority/documentation/" \ | |
| --label org.opencontainers.image.source="$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" \ | |
| --label org.opencontainers.image.version="$GITHUB_SHA" \ | |
| --label org.opencontainers.image.revision="$GITHUB_SHA" \ | |
| --tag platynum/certification-authority:latest \ | |
| --file Dockerfile . | |
| - name: Docker Login | |
| env: | |
| DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
| DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
| run: | | |
| echo "${DOCKER_PASSWORD}" | docker login --username "${DOCKER_USERNAME}" --password-stdin | |
| - name: Docker Buildx (push) | |
| run: | | |
| docker buildx build \ | |
| --cache-from "type=local,src=.buildx-cache" \ | |
| --platform "$PLATFORMS" \ | |
| --output "type=image,push=true" \ | |
| --build-arg GIT_COMMIT=$GITHUB_SHA \ | |
| --tag platynum/certification-authority:latest \ | |
| --file Dockerfile . | |
| - name: Docker Check Manifest | |
| run: | | |
| docker run --rm mplatform/mquery platynum/certification-authority:latest | |
| - name: Docker Check Provenance | |
| run: | | |
| docker buildx imagetools inspect platynum/certification-authority:latest \ | |
| --format "{{ json .Provenance }}" | |
| - name: Clear | |
| if: always() | |
| run: | | |
| rm -f ${HOME}/.docker/config.json |