diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 56482f76..03621474 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -36,7 +36,7 @@ jobs: AC_PASSWORD: ${{ secrets.AC_PASSWORD }} id: release run: | - brew install mitchellh/gon/gon jq + brew install mitchellh/gon/gon make signdmg - name: upload artifacts uses: actions/upload-artifact@v4 @@ -64,7 +64,7 @@ jobs: - name: make-release id: release run: | - sudo apt install -y rpm fakeroot zip debsigs gnupg jq + sudo apt install -y rpm fakeroot zip debsigs gnupg jq sudo gem install --no-document fpm echo "${GPG_SIGNING_KEY}" | gpg --import - make release @@ -180,3 +180,71 @@ jobs: run: bash init/archlinux/aur-deploy.sh env: DEPLOY_KEY: ${{ secrets.AUR_DEPLOY_KEY }} + + docker-ghcr-build-push: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + # This is used to complete the identity challenge + # with sigstore/fulcio when running outside of PRs. + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + # Workaround: https://github.com/docker/build-push-action/issues/461 + - name: Setup Docker buildx + uses: docker/setup-buildx-action@v3 + + # Login against a Docker registry except on PR + # https://github.com/docker/login-action + - name: Log into registry ghcr.io + if: github.event_name != 'pull_request' + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ghcr.io/${{ github.repository }} + + - name: Set docker build-args + run: >- + git fetch --force --tags; + source ./settings.sh; + for item in DATE COMMIT VERSION ITERATION BRANCH LICENSE DESC VENDOR MAINT SOURCE_URL; do + eval echo "settings.sh build-arg: ${item}=\$${item}"; + eval echo "${item}=\$${item}" >> $GITHUB_ENV; + done + + # Build and push Docker image with Buildx (don't push on PR) + # https://github.com/docker/build-push-action + - name: Build and push Docker image + id: build-and-push + uses: docker/build-push-action@v5 + with: + context: . + file: init/docker/Dockerfile + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + cache-from: type=gha + cache-to: type=gha,mode=max + build-args: | + BUILD_DATE=${{ env.DATE }} + COMMIT=${{ env.COMMIT }} + VERSION=${{ env.VERSION }} + ITERATION=${{ env.ITERATION }} + BRANCH=${{ env.BRANCH }} + LICENSE=${{ env.LICENSE }} + DESC=${{ env.DESC }} + VENDOR=${{ env.VENDOR }} + AUTHOR=${{ env.MAINT }} + SOURCE_URL=${{ env.SOURCE_URL }} diff --git a/settings.sh b/settings.sh index 76e67e95..af81ec6e 100644 --- a/settings.sh +++ b/settings.sh @@ -8,7 +8,7 @@ VENDOR="Go Lift " export MAINT DESC LICENSE SOURCE_URL VENDOR DATE="$(date -u +%Y-%m-%dT%H:%M:00Z)" -VERSION=$(git describe --abbrev=0 --tags $(git rev-list --tags --max-count=1) | tr -d v) +VERSION=$(git tag --sort version:refname | tail -n1 | tr -d v) [ "$VERSION" != "" ] || VERSION=development # This produces a 0 in some environments (like Homebrew), but it's only used for packages. ITERATION=$(git rev-list --count --all || echo 0) @@ -20,8 +20,9 @@ export DATE VERSION ITERATION COMMIT BRANCH ### Optional ### # Import this signing key only if it's in the keyring. -gpg --list-keys 2>/dev/null | grep -q B93DD66EF98E54E2EAE025BA0166AD34ABC5A57C -[ "$?" != "0" ] || export SIGNING_KEY=B93DD66EF98E54E2EAE025BA0166AD34ABC5A57C +if gpg --list-keys 2>/dev/null | grep -q B93DD66EF98E54E2EAE025BA0166AD34ABC5A57C; then + export SIGNING_KEY=B93DD66EF98E54E2EAE025BA0166AD34ABC5A57C +fi # Make sure Docker builds work locally. # These do not affect automated builds, just allow the docker build scripts to run from a local clone.