Skip to content
publish-image

publish-image #95

Sign in to view logs

publish-image

publish-image #95

Workflow file for this run

.github/workflows/publish.yml at da54a37
name: 'publish-image'
on:
push:
tags:
- 'v*.*.*'
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
# build caddy first because it generates tls root cert. rest run in parallel
publish-image-pre:
runs-on: ubuntu-24.04
services:
registry:
image: registry:2
ports:
- 80:5000
permissions:
contents: read
packages: write
attestations: write
id-token: write
strategy:
matrix:
include:
- name: caddy
file: 'imags/caddy/Containerfile'
context: "imags/caddy"
tags: |
localhost/l7/caddy:latest
ghcr.io/legobeat/l7-devenv/caddy:latest
ghcr.io/legobeat/l7-devenv/caddy:alpine
ghcr.io/legobeat/l7-devenv/caddy:alpine-${{ github.ref_name }}
ghcr.io/legobeat/l7-devenv/caddy:${{ github.ref_name }}
# exact duplicate of publish steps for other images. yaml anchors not supported in gha
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Log in to the Container registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 #v3.3.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 #v5.5.1
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/${{ matrix.name }}
- name: allow cleartext http to localhost container registry
run: |
echo '{"insecure-registries" : [ "localhost" ]}' | sudo tee /etc/docker/daemon.json
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: network=host
- uses: actions/checkout@v4
with:
submodules: true
- name: Build and publish ${{ matrix.name }} image
uses: docker/build-push-action@v6
with:
context: ${{ matrix.context }}
file: '${{ matrix.file }}'
build-args: ${{ matrix.build-args }}
tags: ${{ matrix.tags }}
labels: ${{ steps.meta.outputs.labels }}
load: true
push: true
cache-from: type=gha
cache-to: type=gha,mode=max
publish-image-base:
needs: publish-image-pre
runs-on: ubuntu-24.04
services:
registry:
image: registry:2
ports:
- 80:5000
permissions:
contents: read
packages: write
attestations: write
id-token: write
strategy:
matrix:
include:
- name: slim
file: imags/alpine/Containerfile
context: .
tags: |
localhost/l7/alpine:3.20
ghcr.io/legobeat/l7-devenv/alpine:latest
ghcr.io/legobeat/l7-devenv/alpine:3.20
ghcr.io/legobeat/l7-devenv/alpine:${{ github.ref_name }}
ghcr.io/legobeat/l7-devenv/alpine:3.20-${{ github.ref_name }}
build-args: |
CADDY_IMAGE=ghcr.io/legobeat/l7-devenv/caddy:${{ github.ref_name }}
# exact duplicate of publish steps for other images. yaml anchors not supported in gha
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Log in to the Container registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 #v3.3.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 #v5.5.1
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/${{ matrix.name }}
- name: allow cleartext http to localhost container registry
run: |
echo '{"insecure-registries" : [ "localhost" ]}' | sudo tee /etc/docker/daemon.json
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: network=host
- uses: actions/checkout@v4
with:
submodules: true
- name: Build and publish ${{ matrix.name }} image
uses: docker/build-push-action@v6
with:
context: ${{ matrix.context }}
file: '${{ matrix.file }}'
build-args: ${{ matrix.build-args }}
tags: ${{ matrix.tags }}
labels: ${{ steps.meta.outputs.labels }}
load: true
push: true
cache-from: type=gha
cache-to: type=gha,mode=max
publish-image-podman-remote:
needs: publish-image-base
runs-on: ubuntu-24.04
services:
registry:
image: registry:2
ports:
- 80:5000
permissions:
contents: read
packages: write
attestations: write
id-token: write
strategy:
matrix:
include:
- name: podman-remote
file: imags/podman-remote/Containerfile
context: imags/podman-remote
tags: |
localhost/l7/podman-remote:latest
localhost/l7/podman-remote:alpine
ghcr.io/legobeat/l7-devenv/podman-remote:latest
ghcr.io/legobeat/l7-devenv/podman-remote:alpine
ghcr.io/legobeat/l7-devenv/podman-remote:${{ github.ref_name }}
ghcr.io/legobeat/l7-devenv/podman-remote:alpine-${{ github.ref_name }}
build-args: |
CADDY_IMAGE=ghcr.io/legobeat/l7-devenv/caddy:${{ github.ref_name }}
BASE_IMAGE=ghcr.io/legobeat/l7-devenv/alpine:${{ github.ref_name }}
# exact duplicate of publish steps for other images. yaml anchors not supported in gha
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Log in to the Container registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 #v3.3.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 #v5.5.1
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/${{ matrix.name }}
- name: allow cleartext http to localhost container registry
run: |
echo '{"insecure-registries" : [ "localhost" ]}' | sudo tee /etc/docker/daemon.json
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: network=host
- uses: actions/checkout@v4
with:
submodules: true
- name: Build and publish ${{ matrix.name }} image
uses: docker/build-push-action@v6
with:
context: ${{ matrix.context }}
file: '${{ matrix.file }}'
build-args: ${{ matrix.build-args }}
tags: ${{ matrix.tags }}
labels: ${{ steps.meta.outputs.labels }}
load: true
push: true
cache-from: type=gha
cache-to: type=gha,mode=max
publish-images:
needs: publish-image-podman-remote
runs-on: ubuntu-24.04
services:
registry:
image: registry:2
ports:
- 80:5000
permissions:
contents: read
packages: write
attestations: write
id-token: write
strategy:
fail-fast: true
matrix:
include:
- name: apt-cacher-ng
file: imags/apt-cacher-ng/Containerfile
context: imags/apt-cacher-ng
tags: |
ghcr.io/legobeat/l7-devenv/apt-cacher-ng:latest
ghcr.io/legobeat/l7-devenv/apt-cacher-ng:bookworm
ghcr.io/legobeat/l7-devenv/apt-cacher-ng:${{ github.ref_name }}
ghcr.io/legobeat/l7-devenv/apt-cacher-ng:bookworm-${{ github.ref_name }}
- name: auth-proxy
file: imags/git-auth-proxy/Dockerfile
context: imags/git-auth-proxy
tags: |
ghcr.io/legobeat/l7-devenv/auth-proxy:latest
ghcr.io/legobeat/l7-devenv/auth-proxy:${{ github.ref_name }}
- name: container-socket-proxy
file: imags/container-socket-proxy/Dockerfile
context: imags/container-socket-proxy
tags: |
ghcr.io/legobeat/l7-devenv/container-socket-proxy:latest
ghcr.io/legobeat/l7-devenv/container-socket-proxy:${{ github.ref_name }}
- name: dnsmasq
file: imags/dnsmasq/Containerfile
context: imags/dnsmasq
tags: |
ghcr.io/legobeat/l7-devenv/dnsmasq:latest
ghcr.io/legobeat/l7-devenv/dnsmasq:alpine
ghcr.io/legobeat/l7-devenv/dnsmasq:${{ github.ref_name }}
ghcr.io/legobeat/l7-devenv/dnsmasq:alpine-${{ github.ref_name }}
- name: gpg-vault
file: imags/gpg-vault-pk/Containerfile
context: .
tags: |
ghcr.io/legobeat/l7-devenv/gpg-vault:latest
ghcr.io/legobeat/l7-devenv/gpg-vault:alpine
ghcr.io/legobeat/l7-devenv/gpg-vault:${{ github.ref_name }}
ghcr.io/legobeat/l7-devenv/gpg-vault:alpine-${{ github.ref_name }}
- name: node
file: imags/node-runner/Containerfile
context: .
tags: |
localhost/l7/node:20-bookworm
ghcr.io/legobeat/l7-devenv/node:latest
ghcr.io/legobeat/l7-devenv/node:20-bookworm
ghcr.io/legobeat/l7-devenv/node:20-${{ github.ref_name }}
build-args: |
CADDY_IMAGE=ghcr.io/legobeat/l7-devenv/caddy:${{ github.ref_name }}
- name: nvim
file: imags/nvim/Containerfile
context: .
tags: |
ghcr.io/legobeat/l7-devenv/nvim:latest
ghcr.io/legobeat/l7-devenv/nvim:${{ github.ref_name }}
build-args: |
BASE_IMAGE=ghcr.io/legobeat/l7-devenv/podman-remote:${{ github.ref_name }}
CADDY_IMAGE=ghcr.io/legobeat/l7-devenv/caddy:${{ github.ref_name }}
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Log in to the Container registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 #v3.3.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 #v5.5.1
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/${{ matrix.name }}
- name: allow cleartext http to localhost container registry
run: |
echo '{"insecure-registries" : [ "localhost" ]}' | sudo tee /etc/docker/daemon.json
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: network=host
- uses: actions/checkout@v4
with:
submodules: true
- name: Build and publish ${{ matrix.name }} image
uses: docker/build-push-action@v6
with:
context: ${{ matrix.context }}
file: ${{ matrix.file }}
build-args: ${{ matrix.build-args }}
tags: ${{ matrix.tags }}
labels: ${{ steps.meta.outputs.labels }}
load: true
push: true
cache-from: type=gha
cache-to: type=gha,mode=max
# node-runner is used as base for lsp
publish-image-post:
needs: publish-images
runs-on: ubuntu-24.04
services:
registry:
image: registry:2
ports:
- 80:5000
permissions:
contents: read
packages: write
attestations: write
id-token: write
strategy:
fail-fast: true
matrix:
include:
- name: dev-shell
file: imags/dev-shell/Containerfile
context: .
tags: |
ghcr.io/legobeat/l7-devenv/dev-shell:latest
ghcr.io/legobeat/l7-devenv/dev-shell:alpine
ghcr.io/legobeat/l7-devenv/dev-shell:nvim
ghcr.io/legobeat/l7-devenv/dev-shell:${{ github.ref_name }}
build-args: |
BASE_IMAGE=ghcr.io/legobeat/l7-devenv/nvim:${{ github.ref_name }}
CADDY_IMAGE=ghcr.io/legobeat/l7-devenv/caddy:${{ github.ref_name }}
- name: lsp-typescript
file: imags/node-runner/Containerfile.lsp
context: .
tags: |
ghcr.io/legobeat/l7-devenv/lsp/typescript:latest
ghcr.io/legobeat/l7-devenv/lsp/typescript:${{ github.ref_name }}
ghcr.io/legobeat/l7-devenv/node:lsp-latest
ghcr.io/legobeat/l7-devenv/node:lsp-20-bookworm
ghcr.io/legobeat/l7-devenv/node:lsp-20-${{ github.ref_name }}
build-args: |
CADDY_IMAGE=ghcr.io/legobeat/l7-devenv/caddy:${{ github.ref_name }}
BASE_IMAGE=ghcr.io/legobeat/l7-devenv/node:20-${{ github.ref_name }}
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Log in to the Container registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 #v3.3.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 #v5.5.1
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/${{ matrix.name }}
- name: allow cleartext http to localhost container registry
run: |
echo '{"insecure-registries" : [ "localhost" ]}' | sudo tee /etc/docker/daemon.json
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: network=host
- uses: actions/checkout@v4
with:
submodules: true
- name: Build and publish hub image
uses: docker/build-push-action@v6
with:
context: imags/hub
file: imags/hub/Containerfile
tags: |
localhost/l7/hub:latest
ghcr.io/legobeat/l7-devenv/hub:latest
load: true
push: true
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Build and publish ${{ matrix.name }} image
uses: docker/build-push-action@v6
with:
context: ${{ matrix.context }}
file: ${{ matrix.file }}
build-args: ${{ matrix.build-args }}
tags: ${{ matrix.tags }}
labels: ${{ steps.meta.outputs.labels }}
load: true
push: true
cache-from: type=gha
cache-to: type=gha,mode=max