Skip to content

Build and publish container images onto Docker Cloud #17

Build and publish container images onto Docker Cloud

Build and publish container images onto Docker Cloud #17

#
# File: https://github.com/cpp-projects-showcase/docker-images/blob/main/.github/workflows/container-build-and-publish.yml
#
# On Docker Hub:
# * https://hub.docker.com/repository/docker/infrahelpers/cpppython/tags
#
# Dockerfiles:
# * CentOS Stream 9: https://github.com/cpp-projects-showcase/docker-images/blob/main/centos9/Dockerfile
# * Usual tags on Docker Hub: infrahelpers/cpppython:centos9
# * Rocky 9: https://github.com/cpp-projects-showcase/docker-images/blob/main/rocky9/Dockerfile
# * Usual tags on Docker Hub: infrahelpers/cpppython:rocky9
#
# Docker Cloud builds
# -------------------
# The number of build minutes are limited per month, and increasing
# that limit is expensive. The activation of Docker Cloud builds is
# therefore commented throughout this CI/CD pipeline.
# References:
# * https://docs.docker.com/build-cloud/
# * https://docs.docker.com/build-cloud/ci/
# * Cloud builders: https://app.docker.com/build/accounts/infrahelpers/builders
#
# SBOM and attestations of provenance
# -----------------------------------
# * https://docs.docker.com/scout/policy/#supply-chain-attestations
# * https://docs.docker.com/build/metadata/attestations/
# * With GitHub Actions:
# https://docs.docker.com/build/ci/github-actions/attestations/
#
# Scheduling builds
# -----------------
# * https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows
# * https://crontab.guru/#0_2_*_*_*
#
name: Build and publish container images onto Docker Cloud
on:
push:
branches:
- main
schedule:
- cron: "0 2 * * *" # Trigeer a build every 1st day of the month at 02:00 UTC
workflow_dispatch:
env:
ORG_NAME: infrahelpers
IMAGE_NAME: infrahelpers/cpppython
jobs:
# CentOS Stream 9
build_centos9_image:
# https://github.com/cpp-projects-showcase/docker-images/settings/environments/4430897264/edit
environment: docker-hub
runs-on: ubuntu-latest
steps:
# https://github.com/actions/checkout
- name: Checkout
uses: actions/checkout@v4
# https://github.com/docker/setup-qemu-action
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
# https://github.com/docker/login-action
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
# https://github.com/docker/setup-buildx-action
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
# Uncomment the following to activate the Docker Cloud builds
#with:
# version: "lab:latest"
# driver: cloud
# endpoint: "${{ env.ORG_NAME}}/default"
# install: true
# https://github.com/docker/metadata-action
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.IMAGE_NAME }}:centos9
- name: Run privileged
run: sudo docker run --privileged --rm tonistiigi/binfmt --install arm64
# https://github.com/docker/build-push-action
- name: Build CentOS Stream 9 image
id: docker_build_centos9
uses: docker/build-push-action@v6
with:
builder: ${{ steps.buildx.outputs.name }}
context: ./centos9
file: ./centos9/Dockerfile
push: true
provenance: mode=max
sbom: true
tags: |
${{ env.IMAGE_NAME }}:centos9
# For pull requests, export results to the build cache.
# Otherwise, push to a registry.
# Uncomment the following 3 lines to activate the Docker Cloud builds
#outputs: ${{ github.event_name == 'pull_request' && 'type=cacheonly' || 'type=registry' }}
#cache-from: type=registry,ref=${{ env.IMAGE_NAME }}:build-cache-centos9
#cache-to: type=registry,ref=${{ env.IMAGE_NAME }}:build-cache-centos9,mode=max
# Comment the following 2 lines when activating the Docker Cloud builds
cache-from: type=gha
cache-to: type=gha,mode=max
platforms: linux/amd64,linux/arm64/v8
# Rocky 9
build_rocky9_image:
# https://github.com/cpp-projects-showcase/docker-images/settings/environments/4430897264/edit
environment: docker-hub
runs-on: ubuntu-latest
steps:
# https://github.com/actions/checkout
- name: Checkout
uses: actions/checkout@v4
# https://github.com/docker/setup-qemu-action
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
# https://github.com/docker/login-action
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
# https://github.com/docker/setup-buildx-action
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
# Uncomment the following to activate the Docker Cloud builds
#with:
# version: "lab:latest"
# driver: cloud
# endpoint: "${{ env.ORG_NAME}}/default"
# install: true
# https://github.com/docker/metadata-action
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.IMAGE_NAME }}:rocky9
- name: Run privileged
run: sudo docker run --privileged --rm tonistiigi/binfmt --install arm64
# https://github.com/docker/build-push-action
- name: Build Rocky 9 image
id: docker_build_rocky9
uses: docker/build-push-action@v6
with:
builder: ${{ steps.buildx.outputs.name }}
context: ./rocky9
file: ./rocky9/Dockerfile
push: true
provenance: mode=max
sbom: true
tags: |
${{ env.IMAGE_NAME }}:rocky9
# For pull requests, export results to the build cache.
# Otherwise, push to a registry.
# Uncomment the following 3 lines to activate the Docker Cloud builds
#outputs: ${{ github.event_name == 'pull_request' && 'type=cacheonly' || 'type=registry' }}
#cache-from: type=registry,ref=${{ env.IMAGE_NAME }}:build-cache-rocky9
#cache-to: type=registry,ref=${{ env.IMAGE_NAME }}:build-cache-rocky9,mode=max
# Comment the following 2 lines when activating the Docker Cloud builds
cache-from: type=gha
cache-to: type=gha,mode=max
platforms: linux/amd64,linux/arm64/v8