Build and publish container images onto Docker Cloud #17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# File: https://github.com/cpp-projects-showcase/docker-images/blob/main/.github/workflows/container-build-and-publish.yml | |
# | |
# On Docker Hub: | |
# * https://hub.docker.com/repository/docker/infrahelpers/cpppython/tags | |
# | |
# Dockerfiles: | |
# * CentOS Stream 9: https://github.com/cpp-projects-showcase/docker-images/blob/main/centos9/Dockerfile | |
# * Usual tags on Docker Hub: infrahelpers/cpppython:centos9 | |
# * Rocky 9: https://github.com/cpp-projects-showcase/docker-images/blob/main/rocky9/Dockerfile | |
# * Usual tags on Docker Hub: infrahelpers/cpppython:rocky9 | |
# | |
# Docker Cloud builds | |
# ------------------- | |
# The number of build minutes are limited per month, and increasing | |
# that limit is expensive. The activation of Docker Cloud builds is | |
# therefore commented throughout this CI/CD pipeline. | |
# References: | |
# * https://docs.docker.com/build-cloud/ | |
# * https://docs.docker.com/build-cloud/ci/ | |
# * Cloud builders: https://app.docker.com/build/accounts/infrahelpers/builders | |
# | |
# SBOM and attestations of provenance | |
# ----------------------------------- | |
# * https://docs.docker.com/scout/policy/#supply-chain-attestations | |
# * https://docs.docker.com/build/metadata/attestations/ | |
# * With GitHub Actions: | |
# https://docs.docker.com/build/ci/github-actions/attestations/ | |
# | |
# Scheduling builds | |
# ----------------- | |
# * https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows | |
# * https://crontab.guru/#0_2_*_*_* | |
# | |
name: Build and publish container images onto Docker Cloud | |
on: | |
push: | |
branches: | |
- main | |
schedule: | |
- cron: "0 2 * * *" # Trigeer a build every 1st day of the month at 02:00 UTC | |
workflow_dispatch: | |
env: | |
ORG_NAME: infrahelpers | |
IMAGE_NAME: infrahelpers/cpppython | |
jobs: | |
# CentOS Stream 9 | |
build_centos9_image: | |
# https://github.com/cpp-projects-showcase/docker-images/settings/environments/4430897264/edit | |
environment: docker-hub | |
runs-on: ubuntu-latest | |
steps: | |
# https://github.com/actions/checkout | |
- name: Checkout | |
uses: actions/checkout@v4 | |
# https://github.com/docker/setup-qemu-action | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
# https://github.com/docker/login-action | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
# https://github.com/docker/setup-buildx-action | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v3 | |
# Uncomment the following to activate the Docker Cloud builds | |
#with: | |
# version: "lab:latest" | |
# driver: cloud | |
# endpoint: "${{ env.ORG_NAME}}/default" | |
# install: true | |
# https://github.com/docker/metadata-action | |
- name: Extract metadata | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ env.IMAGE_NAME }}:centos9 | |
- name: Run privileged | |
run: sudo docker run --privileged --rm tonistiigi/binfmt --install arm64 | |
# https://github.com/docker/build-push-action | |
- name: Build CentOS Stream 9 image | |
id: docker_build_centos9 | |
uses: docker/build-push-action@v6 | |
with: | |
builder: ${{ steps.buildx.outputs.name }} | |
context: ./centos9 | |
file: ./centos9/Dockerfile | |
push: true | |
provenance: mode=max | |
sbom: true | |
tags: | | |
${{ env.IMAGE_NAME }}:centos9 | |
# For pull requests, export results to the build cache. | |
# Otherwise, push to a registry. | |
# Uncomment the following 3 lines to activate the Docker Cloud builds | |
#outputs: ${{ github.event_name == 'pull_request' && 'type=cacheonly' || 'type=registry' }} | |
#cache-from: type=registry,ref=${{ env.IMAGE_NAME }}:build-cache-centos9 | |
#cache-to: type=registry,ref=${{ env.IMAGE_NAME }}:build-cache-centos9,mode=max | |
# Comment the following 2 lines when activating the Docker Cloud builds | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
platforms: linux/amd64,linux/arm64/v8 | |
# Rocky 9 | |
build_rocky9_image: | |
# https://github.com/cpp-projects-showcase/docker-images/settings/environments/4430897264/edit | |
environment: docker-hub | |
runs-on: ubuntu-latest | |
steps: | |
# https://github.com/actions/checkout | |
- name: Checkout | |
uses: actions/checkout@v4 | |
# https://github.com/docker/setup-qemu-action | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
# https://github.com/docker/login-action | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
# https://github.com/docker/setup-buildx-action | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v3 | |
# Uncomment the following to activate the Docker Cloud builds | |
#with: | |
# version: "lab:latest" | |
# driver: cloud | |
# endpoint: "${{ env.ORG_NAME}}/default" | |
# install: true | |
# https://github.com/docker/metadata-action | |
- name: Extract metadata | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ env.IMAGE_NAME }}:rocky9 | |
- name: Run privileged | |
run: sudo docker run --privileged --rm tonistiigi/binfmt --install arm64 | |
# https://github.com/docker/build-push-action | |
- name: Build Rocky 9 image | |
id: docker_build_rocky9 | |
uses: docker/build-push-action@v6 | |
with: | |
builder: ${{ steps.buildx.outputs.name }} | |
context: ./rocky9 | |
file: ./rocky9/Dockerfile | |
push: true | |
provenance: mode=max | |
sbom: true | |
tags: | | |
${{ env.IMAGE_NAME }}:rocky9 | |
# For pull requests, export results to the build cache. | |
# Otherwise, push to a registry. | |
# Uncomment the following 3 lines to activate the Docker Cloud builds | |
#outputs: ${{ github.event_name == 'pull_request' && 'type=cacheonly' || 'type=registry' }} | |
#cache-from: type=registry,ref=${{ env.IMAGE_NAME }}:build-cache-rocky9 | |
#cache-to: type=registry,ref=${{ env.IMAGE_NAME }}:build-cache-rocky9,mode=max | |
# Comment the following 2 lines when activating the Docker Cloud builds | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
platforms: linux/amd64,linux/arm64/v8 | |