docker #885
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: docker | |
# https://docs.github.com/de/actions/using-workflows/workflow-syntax-for-github-actions | |
# https://docs.github.com/en/actions/using-workflows | |
# https://docs.github.com/en/actions/learn-github-actions/contexts | |
# https://docs.github.com/en/actions/learn-github-actions/expressions | |
# How to setup: https://event-driven.io/en/how_to_buid_and_push_docker_image_with_github_actions/ | |
# How to run: https://aschmelyun.com/blog/using-docker-run-inside-of-github-actions/ | |
on: | |
# run it on push to the default repository branch | |
push: | |
paths-ignore: | |
- 'docs/**' | |
- '**.md' | |
tags-ignore: | |
- '**' | |
# branches is needed if tags-ignore is used | |
branches: | |
- '**' | |
schedule: | |
# Run weekly on default branch | |
- cron: '47 3 * * 6' | |
jobs: | |
build-and-push-docker-debian-image: | |
name: Build Docker Bookworm image and push to repositories | |
# run only when code is compiling and tests are passing | |
runs-on: ubuntu-latest | |
# steps to perform in job | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
# avoid building if there are testing errors | |
- name: Run smoke test | |
run: | | |
sudo apt-get install -y libzbar0 | |
python -m pip install --upgrade pip | |
pip install -U -r requirements-dev.txt | |
pip install -U . | |
pytest | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
# setup Docker build action | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v3 | |
# Workaround for failing builds: https://github.com/docker/build-push-action/issues/761#issuecomment-1383822381 | |
# TODO remove workaround when fixed | |
with: | |
driver-opts: | | |
image=moby/buildkit:v0.10.6 | |
- name: Login to DockerHub | |
uses: docker/login-action@v3 | |
if: github.secret_source == 'Actions' | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Login to Github Packages | |
uses: docker/login-action@v3 | |
if: github.secret_source == 'Actions' | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GHCR_IO_TOKEN }} | |
- name: "Build image and push to Docker Hub and GitHub Container Registry" | |
id: docker_build_qr_reader_latest | |
uses: docker/build-push-action@v5 | |
with: | |
platforms: linux/amd64,linux/arm64 | |
# relative path to the place where source code with Dockerfile is located | |
# TODO file:, move to docker/ | |
context: . | |
file: docker/Dockerfile | |
# builder: ${{ steps.buildx.outputs.name }} | |
# Note: tags has to be all lower-case | |
build-args: | | |
BASE_IMAGE=python:3.13-slim-bookworm | |
pull: true | |
tags: | | |
scit0/extract_otp_secrets:latest | |
scit0/extract_otp_secrets:bookworm | |
ghcr.io/scito/extract_otp_secrets:latest | |
ghcr.io/scito/extract_otp_secrets:bookworm | |
# build on feature branches, push only on master branch | |
push: ${{ github.ref == 'refs/heads/master' && github.secret_source == 'Actions'}} | |
- name: Image digest | |
# TODO upload digests to assets | |
run: | | |
echo "extract_otp_secrets digests: ${{ steps.docker_build_qr_reader_latest.outputs.digest }}" | |
echo "${{ steps.docker_build_qr_reader_latest.outputs.digest }}" > digests.txt | |
- name: Save docker digests as artifacts | |
if: github.ref == 'refs/heads/master' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: debian_digests | |
path: digests.txt | |
build-and-push-docker-alpine-image: | |
name: Build Docker Alpine image and push to repositories | |
# run only when code is compiling and tests are passing | |
runs-on: ubuntu-latest | |
# steps to perform in job | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
# avoid building if there are testing errors | |
- name: Run smoke test | |
run: | | |
sudo apt-get install -y libzbar0 | |
python -m pip install --upgrade pip | |
pip install -U -r requirements-dev.txt | |
pip install -U . | |
pytest | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
# setup Docker build action | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to DockerHub | |
uses: docker/login-action@v3 | |
if: github.secret_source == 'Actions' | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Login to Github Packages | |
uses: docker/login-action@v3 | |
if: github.secret_source == 'Actions' | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GHCR_IO_TOKEN }} | |
- name: "only_txt: Build image and push to Docker Hub and GitHub Container Registry" | |
id: docker_build_only_txt | |
uses: docker/build-push-action@v5 | |
with: | |
# relative path to the place where source code with Dockerfile is located | |
platforms: linux/amd64,linux/arm64 | |
context: . | |
file: docker/Dockerfile_only_txt | |
# builder: ${{ steps.buildx.outputs.name }} | |
# Note: tags has to be all lower-case | |
pull: true | |
tags: | | |
scit0/extract_otp_secrets:only-txt | |
scit0/extract_otp_secrets:alpine | |
ghcr.io/scito/extract_otp_secrets:only-txt | |
ghcr.io/scito/extract_otp_secrets:alpine | |
# build on feature branches, push only on master branch | |
push: ${{ github.ref == 'refs/heads/master' && github.secret_source == 'Actions'}} | |
build-args: | | |
RUN_TESTS=true | |
- name: Image digest | |
# TODO upload digests to assets | |
run: | | |
echo "extract_otp_secrets:only-txt digests: ${{ steps.docker_build_only_txt.outputs.digest }}" | |
echo "${{ steps.docker_build_qr_reader_latest.outputs.digest }}" > digests.txt | |
- name: Save docker digests as artifacts | |
if: github.ref == 'refs/heads/master' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: alpine_digests | |
path: digests.txt | |
build-and-push-docker-bullseye-image: | |
name: Build Docker Bullseye image (for PyInstsaller) and push to repositories | |
# run only when code is compiling and tests are passing | |
runs-on: ubuntu-latest | |
# steps to perform in job | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
# avoid building if there are testing errors | |
- name: Run smoke test | |
run: | | |
sudo apt-get install -y libzbar0 | |
python -m pip install --upgrade pip | |
pip install -U -r requirements-dev.txt | |
pip install -U . | |
pytest | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
# setup Docker build action | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v3 | |
# Workaround for failing builds: https://github.com/docker/build-push-action/issues/761#issuecomment-1383822381 | |
# TODO remove workaround when fixed | |
with: | |
driver-opts: | | |
image=moby/buildkit:v0.10.6 | |
- name: Login to DockerHub | |
uses: docker/login-action@v3 | |
if: github.secret_source == 'Actions' | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Login to Github Packages | |
uses: docker/login-action@v3 | |
if: github.secret_source == 'Actions' | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GHCR_IO_TOKEN }} | |
- name: "Build image from Bullseye and push to GitHub Container Registry" | |
id: docker_build_bullseye | |
if: github.ref == 'refs/heads/master' | |
uses: docker/build-push-action@v5 | |
with: | |
platforms: linux/amd64,linux/arm64 | |
# relative path to the place where source code with Dockerfile is located | |
context: . | |
file: docker/Dockerfile | |
# builder: ${{ steps.buildx.outputs.name }} | |
build-args: | | |
BASE_IMAGE=python:3.13-slim-bullseye | |
# Note: tags has to be all lower-case | |
pull: true | |
tags: | | |
scit0/extract_otp_secrets:bullseye | |
push: ${{ github.secret_source == 'Actions' }} | |
- name: Image digest | |
# TODO upload digests to assets | |
run: | | |
echo "extract_otp_secrets digests: ${{ steps.docker_build_qr_reader_latest.outputs.digest }}" | |
echo "${{ steps.docker_build_qr_reader_latest.outputs.digest }}" > digests.txt | |
- name: Save docker digests as artifacts | |
if: github.ref == 'refs/heads/master' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: bullseye_digests | |
path: digests.txt |