build(deps): Bump docker/login-action from 4.0.0 to 4.1.0 (#27) #28
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: publish | |
| on: | |
| push: | |
| branches: ['main'] | |
| tags: ['v*.*.*'] | |
| concurrency: ${{ github.ref }} | |
| env: | |
| DOCKER_IMAGE_NAME: blinklabs/subkey | |
| GHCR_IMAGE_NAME: ghcr.io/blinklabs-io/subkey | |
| jobs: | |
| build-amd64: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 https://github.com/actions/checkout/releases/tag/v6.0.2 | |
| - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 https://github.com/docker/setup-buildx-action/releases/tag/v4.0.0 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 https://github.com/docker/login-action/releases/tag/v4.1.0 | |
| with: | |
| username: blinklabs | |
| password: ${{ secrets.DOCKER_PASSWORD }} # uses token | |
| - name: Login to GHCR | |
| uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 https://github.com/docker/login-action/releases/tag/v4.1.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 https://github.com/actions/cache/releases/tag/v5.0.4 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ runner.os }}-${{ runner.arch }}-buildx-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}-${{ runner.arch }}-buildx- | |
| - id: meta | |
| uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 https://github.com/docker/metadata-action/releases/tag/v6.0.0 | |
| with: | |
| images: | | |
| ${{ env.DOCKER_IMAGE_NAME }} | |
| ${{ env.GHCR_IMAGE_NAME }} | |
| flavor: | | |
| latest=false | |
| suffix=-amd64 | |
| tags: | | |
| # Only version, no revision | |
| type=match,pattern=v(.*)-(.*),group=1 | |
| # branch | |
| type=ref,event=branch | |
| # semver | |
| type=semver,pattern={{version}} | |
| - name: push | |
| uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 https://github.com/docker/build-push-action/releases/tag/v7.0.0 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max | |
| # TEMP fix | |
| # https://github.com/docker/build-push-action/issues/252 | |
| # https://github.com/moby/buildkit/issues/1896 | |
| - name: cache | |
| run: | | |
| rm -rf /tmp/.buildx-cache | |
| mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
| # TEMP fix | |
| # Something strange is happening with the manifests when we push which | |
| # breaks the downstream multi-arch-manifest, so pull and push to work | |
| # around this by resubmitting manifests | |
| - name: pull-and-push | |
| run: | | |
| for t in `echo '${{ steps.meta.outputs.tags }}'`; do | |
| docker pull $t && docker push $t | |
| done | |
| build-arm64: | |
| runs-on: ubuntu-24.04-arm | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 https://github.com/actions/checkout/releases/tag/v6.0.2 | |
| - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 https://github.com/docker/setup-buildx-action/releases/tag/v4.0.0 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 https://github.com/docker/login-action/releases/tag/v4.1.0 | |
| with: | |
| username: blinklabs | |
| password: ${{ secrets.DOCKER_PASSWORD }} # uses token | |
| - name: Login to GHCR | |
| uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 https://github.com/docker/login-action/releases/tag/v4.1.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 https://github.com/actions/cache/releases/tag/v5.0.4 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ runner.os }}-${{ runner.arch }}-buildx-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}-${{ runner.arch }}-buildx- | |
| - id: meta | |
| uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 https://github.com/docker/metadata-action/releases/tag/v6.0.0 | |
| with: | |
| images: | | |
| ${{ env.DOCKER_IMAGE_NAME }} | |
| ${{ env.GHCR_IMAGE_NAME }} | |
| flavor: | | |
| latest=false | |
| suffix=-arm64v8 | |
| tags: | | |
| # Only version, no revision | |
| type=match,pattern=v(.*)-(.*),group=1 | |
| # branch | |
| type=ref,event=branch | |
| # semver | |
| type=semver,pattern={{version}} | |
| - name: push | |
| uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 https://github.com/docker/build-push-action/releases/tag/v7.0.0 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max | |
| # TEMP fix | |
| # https://github.com/docker/build-push-action/issues/252 | |
| # https://github.com/moby/buildkit/issues/1896 | |
| - name: cache | |
| run: | | |
| rm -rf /tmp/.buildx-cache | |
| mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
| # TEMP fix | |
| # Something strange is happening with the manifests when we push which | |
| # breaks the downstream multi-arch-manifest, so pull and push to work | |
| # around this by resubmitting manifests | |
| - name: pull-and-push | |
| run: | | |
| for t in `echo '${{ steps.meta.outputs.tags }}'`; do | |
| docker pull $t && docker push $t | |
| done | |
| multi-arch-manifest: | |
| runs-on: ubuntu-latest | |
| needs: [build-amd64, build-arm64] | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 https://github.com/actions/checkout/releases/tag/v6.0.2 | |
| - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 https://github.com/docker/setup-buildx-action/releases/tag/v4.0.0 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 https://github.com/docker/login-action/releases/tag/v4.1.0 | |
| with: | |
| username: blinklabs | |
| password: ${{ secrets.DOCKER_PASSWORD }} # uses token | |
| - name: Login to GHCR | |
| uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 https://github.com/docker/login-action/releases/tag/v4.1.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - id: meta-dockerhub | |
| name: Metadata - Docker Hub | |
| uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 https://github.com/docker/metadata-action/releases/tag/v6.0.0 | |
| with: | |
| images: ${{ env.DOCKER_IMAGE_NAME }} | |
| flavor: | | |
| latest=false | |
| tags: | | |
| # Only version, no revision | |
| type=match,pattern=v(.*)-(.*),group=1 | |
| # branch | |
| type=ref,event=branch | |
| # semver | |
| type=semver,pattern={{version}} | |
| - id: meta-dockerhub-tag | |
| name: Metadata - Docker Hub (Tags) | |
| uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 https://github.com/docker/metadata-action/releases/tag/v6.0.0 | |
| with: | |
| images: | | |
| ${{ env.DOCKER_IMAGE_NAME }} | |
| flavor: | | |
| latest=false | |
| tags: | | |
| # Only version, no revision | |
| type=match,pattern=v(.*)-(.*),group=1 | |
| - id: meta-ghcr | |
| name: Metadata - GHCR | |
| uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 https://github.com/docker/metadata-action/releases/tag/v6.0.0 | |
| with: | |
| images: ${{ env.GHCR_IMAGE_NAME }} | |
| flavor: | | |
| latest=false | |
| tags: | | |
| # Only version, no revision | |
| type=match,pattern=v(.*)-(.*),group=1 | |
| # branch | |
| type=ref,event=branch | |
| # semver | |
| type=semver,pattern={{version}} | |
| - id: meta-ghcr-tag | |
| name: Metadata - GHCR (Tags) | |
| uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 https://github.com/docker/metadata-action/releases/tag/v6.0.0 | |
| with: | |
| images: | | |
| ${{ env.GHCR_IMAGE_NAME }} | |
| flavor: | | |
| latest=false | |
| tags: | | |
| # Only version, no revision | |
| type=match,pattern=v(.*)-(.*),group=1 | |
| # First, create manifests and push to GHCR | |
| # Manifest for either branch or semver | |
| - name: manifest-ghcr | |
| run: | | |
| for t in `echo '${{ steps.meta-ghcr.outputs.tags }}'`; do | |
| docker manifest create ${t} --amend ${t}-amd64 --amend ${t}-arm64v8 | |
| done | |
| # Optional manifest for tag versions (includes revisions) | |
| - name: manifest-ghcr-tags | |
| run: | | |
| for t in `echo '${{ steps.meta-ghcr-tag.outputs.tags }}'`; do | |
| docker manifest create ${t} --amend ${t}-amd64 --amend ${t}-arm64v8 | |
| docker manifest create ${{ env.GHCR_IMAGE_NAME }}:latest --amend ${t}-amd64 --amend ${t}-arm64v8 | |
| done | |
| if: startsWith(github.ref, 'refs/tags/') | |
| # Push various manifests | |
| - name: push-ghcr | |
| run: | | |
| for t in `echo '${{ steps.meta-ghcr.outputs.tags }}'`; do | |
| docker manifest push ${t} | |
| done | |
| - name: push-ghcr-tags | |
| run: | | |
| docker manifest push ${{ env.GHCR_IMAGE_NAME }}:latest | |
| for t in `echo '${{ steps.meta-ghcr-tag.outputs.tags }}'`; do | |
| docker manifest push ${t} | |
| done | |
| if: startsWith(github.ref, 'refs/tags/') | |
| # Now, create manifests for Docker Hub | |
| - name: manifest-dockerhub | |
| run: | | |
| for t in `echo '${{ steps.meta-dockerhub.outputs.tags }}'`; do | |
| docker manifest create ${t} --amend ${t}-amd64 --amend ${t}-arm64v8 | |
| done | |
| - name: manifest-dockerhub-tags | |
| run: | | |
| for t in `echo '${{ steps.meta-dockerhub-tag.outputs.tags }}'`; do | |
| docker manifest create ${t} --amend ${t}-amd64 --amend ${t}-arm64v8 | |
| docker manifest create ${{ env.DOCKER_IMAGE_NAME }}:latest --amend ${t}-amd64 --amend ${t}-arm64v8 | |
| done | |
| if: startsWith(github.ref, 'refs/tags/') | |
| - name: push-dockerhub | |
| run: | | |
| for t in `echo '${{ steps.meta-dockerhub.outputs.tags }}'`; do | |
| docker manifest push ${t} | |
| done | |
| - name: push-dockerhub-tags | |
| run: | | |
| docker manifest push ${{ env.DOCKER_IMAGE_NAME }}:latest | |
| for t in `echo '${{ steps.meta-dockerhub-tag.outputs.tags }}'`; do | |
| docker manifest push ${t} | |
| done | |
| if: startsWith(github.ref, 'refs/tags/') | |
| # Update Docker Hub from README | |
| - name: Docker Hub Description | |
| uses: peter-evans/dockerhub-description@1b9a80c056b620d92cedb9d9b5a223409c68ddfa # v5.0.0 https://github.com/peter-evans/dockerhub-description/releases/tag/v5.0.0 | |
| with: | |
| username: blinklabs | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| repository: ${{ env.DOCKER_IMAGE_NAME }} | |
| readme-filepath: ./README.md | |
| short-description: "Polkadot SDK subkey binary built from source on Debian" | |
| github-release: | |
| runs-on: ubuntu-latest | |
| needs: [multi-arch-manifest] | |
| steps: | |
| - run: "echo \"RELEASE_TAG=${GITHUB_REF#refs/tags/}\" >> $GITHUB_ENV" | |
| - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 https://github.com/actions/github-script/releases/tag/v8.0.0 | |
| if: startsWith(github.ref, 'refs/tags/') | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| try { | |
| await github.rest.repos.createRelease({ | |
| draft: false, | |
| generate_release_notes: true, | |
| name: process.env.RELEASE_TAG, | |
| owner: context.repo.owner, | |
| prerelease: false, | |
| repo: context.repo.repo, | |
| tag_name: process.env.RELEASE_TAG, | |
| }); | |
| } catch (error) { | |
| core.setFailed(error.message); | |
| } |