Add Docker Hub (#11)

vincetse · web-flow · commit 082739ac34a1 · 2023-06-07T21:54:33.000-07:00
Push image to both Docker Hub and GitHub Container Registry as:

1. infrastructureascode/hello-world
2. ghcr.io/infrastructure-as-code/hello-world
diff --git a/.github/workflows/dockerhub.yml b/.github/workflows/dockerhub.yml
@@ -0,0 +1,230 @@
+name: Docker Hub
+on:
+  push:
+    branches:
+      - "master"
+      - "dev"
+      - "dev/*"
+    tags:
+      - "[0-9]+.[0-9]+.[0-9]+"
+
+env:
+  IMAGE_NAME: infrastructureascode/hello-world
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v3
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: '^1.20.0'
+
+      - name: gofmt
+        run: |
+          test -z `gofmt -s -l .`
+
+      - name: go vet
+        run: |
+          go vet ./...
+
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v3
+
+      - uses: dominikh/staticcheck-action@v1.3.0
+        with:
+          version: "2022.1.3"
+
+      - name: Run tests
+        run: |
+          GIN_MODE=debug go test
+
+  build:
+    runs-on: ubuntu-latest
+    needs:
+      - check
+    permissions:
+      contents: read
+      packages: write
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - platform: linux/amd64
+            goarch: amd64
+            dockerenv:
+          - platform: linux/arm/v6
+            goarch: arm
+            dockerenv: -e QEMU_CPU=arm1176
+          - platform: linux/arm/v8
+            goarch: arm64
+            dockerenv: -e QEMU_CPU=cortex-a53
+
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v3
+
+      # Cross-compile the golang app first and generate
+      # the sha1sum to help with the provenance of the
+      # binary in the images.
+      - uses: actions/setup-go@v4
+        with:
+          go-version: '^1.20.0'
+
+      - name: Compile the app
+        run: |
+          export GOOS=linux GOARCH=${{ matrix.goarch }}
+          CGO_ENABLED=0 go build -a -o hello_world
+      - name: Show binary info
+        run: |
+          file hello_world
+          sha1sum hello_world
+
+      - name: Log in to the container registry
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      # do a local build to make sure the image runs
+      # before it is pushed to the registry
+      - name: Build and run image locally as cross-compile test
+        run: |
+          docker build --rm \
+            --platform ${{ matrix.platform }} \
+            --tag test-image \
+            .
+          docker run --rm \
+            --tty \
+            ${{ matrix.dockerenv }} \
+            test-image \
+            --version
+
+      # Build and push to registry since we have validated
+      # that the image can be run
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ env.IMAGE_NAME }}
+
+      - name: Build and push Docker image
+        id: build
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          platforms: ${{ matrix.platform }}
+          push: ${{ github.event_name != 'pull_request' }}
+          labels: ${{ steps.meta.outputs.labels }}
+          outputs: type=image,name=${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true,push=true
+
+      - name: Export digest
+        run: |
+          mkdir -p /tmp/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "/tmp/digests/${digest#sha256:}"
+
+      - name: Upload digest
+        uses: actions/upload-artifact@v3
+        with:
+          name: digests
+          path: /tmp/digests/*
+          if-no-files-found: error
+          retention-days: 1
+
+  merge:
+    runs-on: ubuntu-latest
+    needs:
+      - build
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Download digests
+        uses: actions/download-artifact@v3
+        with:
+          name: digests
+          path: /tmp/digests
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
+            type=raw,value=${{ github.ref_name }}
+
+      - name: Log in to the container registry
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - run: |
+          ls -l
+        working-directory: /tmp/digests
+
+      - name: Create manifest list and push
+        working-directory: /tmp/digests
+        run: |
+          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf '${{ env.IMAGE_NAME }}@sha256:%s ' *)
+      -
+        name: Inspect image
+        run: |
+          docker buildx imagetools inspect ${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }}
+
+  # run the Buildx-built images as a sanity check
+  test-run:
+    runs-on: ubuntu-latest
+    needs:
+      - merge
+    permissions:
+      contents: read
+      packages: read
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - platform: linux/amd64
+            dockerenv:
+          - platform: linux/arm/v6
+            dockerenv: -e QEMU_CPU=arm1176
+          - platform: linux/arm/v8
+            dockerenv: -e QEMU_CPU=cortex-a53
+
+    steps:
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
+            type=raw,value=${{ github.ref_name }}
+
+      - name: Docker run
+        run: |
+          docker run --rm \
+            --tty \
+            --platform ${{ matrix.platform }} \
+            ${{ matrix.dockerenv }} \
+            ${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }} \
+            --version
diff --git a/.github/workflows/ghcr.yml b/.github/workflows/ghcr.yml
@@ -1,3 +1,4 @@
+name: GHCR
 on:
   push:
     branches:
@@ -127,6 +128,8 @@ jobs:
           push: ${{ github.event_name != 'pull_request' }}
           labels: ${{ steps.meta.outputs.labels }}
           outputs: type=image,name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true,push=true
+          sbom: true
+          provenance: true
 
       - name: Export digest
         run: |
diff --git a/README.md b/README.md
@@ -1,8 +1,19 @@
-[![Build Status](https://github.com/infrastructure-as-code/docker-hello-world/actions/workflows/build-images.yml/badge.svg?branch=master)](https://github.com/infrastructure-as-code/docker-hello-world/actions/workflows/build-images.yml)
+[![GHCR Build Status](https://github.com/infrastructure-as-code/docker-hello-world/actions/workflows/ghcr.yml/badge.svg?branch=main)](https://github.com/infrastructure-as-code/docker-hello-world/actions/workflows/ghcr.yml)
+[![Docker Hub Build Status](https://github.com/infrastructure-as-code/docker-hello-world/actions/workflows/dockerhub.yml/badge.svg?branch=main)](https://github.com/infrastructure-as-code/docker-hello-world/actions/workflows/dockerhub.yml)
+
 
 # ghcr.io/infrastructure-as-code/hello-world
 
-A [Prometheus](https://prometheus.io/)-instrumented Docker "Hello World" web server.  This image began life as [infrastructureascode/hello-world](https://hub.docker.com/r/infrastructureascode/hello-world) on Docker Hub, but has since been migrated to the GitHub Container Registry.  The image is now `ghcr.io/infrastructure-as-code/hello-world`.
+A [Prometheus](https://prometheus.io/)-instrumented Docker "Hello World" web server.  This image began life as [infrastructureascode/hello-world](https://hub.docker.com/r/infrastructureascode/hello-world) on Docker Hub, and is now also available on the GitHub Container Registry as `ghcr.io/infrastructure-as-code/hello-world`.
+
+
+## Images
+
+| Registry Name | Image Name |
+|---------------|------------|
+| GitHub Container Registry | `ghcr.io/infrastructure-as-code/hello-world` |
+| Docker Hub | `infrastructureascode/hello-world` |
+
 
 ## Features
 
