Skip to content

Update Dockerfile and deployment files to use new installation and co… #107

Update Dockerfile and deployment files to use new installation and co…

Update Dockerfile and deployment files to use new installation and co… #107

Workflow file for this run

name: multi-build
on:
push:
branches:
- main
- attestations
paths:
- Dockerfile
- entrypoint.js
- .github/workflows/multi-build.yaml
tags:
- v*
release:
types:
- edited
workflow_dispatch:
inputs:
manual-tag:
description: 'Manual Tag'
required: true
default: 'manual'
type: string
ghost_version:
description: 'Ghost version'
required: true
default: '5.88.1'
type: string
workflow_call:
env:
GHCR_IMAGE: ghcr.io/${{ github.repository }}
DOCKER_IMAGE: docker.io/${{ secrets.DOCKER_USER }}/${{ github.event.repository.name }}
permissions:
contents: read
jobs:
build:
if: ${{ github.actor == github.event.repository.owner.login }} || ${{ github.actor == 'ngeorger' }}
permissions:
actions: write
checks: write
contents: write
deployments: none
id-token: write
issues: read
discussions: read
packages: write
pages: none
pull-requests: read
repository-projects: read
security-events: read
statuses: read
attestations: write
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
platform:
- linux/amd64
- linux/arm64
steps:
-
name: Harden Runner
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit
-
name: Prepare
id: prepare
run: |
platform=${{ matrix.platform }}
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
-
name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-
name: Set up GHOST_VERSION and MANUAL_TAG values, depending on event type (push or workflow_dispatch)
id: versions
env:
GITHUB_EVENT_NAME: ${{ github.event_name }}
run: |
if [ ${{ env.GITHUB_EVENT_NAME }} == workflow_dispatch ]; then
echo "GHOST_VERSION=${{ github.event.inputs.ghost_version }}" >> $GITHUB_OUTPUT
echo "MANUAL_TAG=${{ github.event.inputs.manual-tag }}" >> $GITHUB_OUTPUT
echo "GHOST_VERSION=${{ github.event.inputs.ghost_version }}" >> $GITHUB_ENV
echo "MANUAL_TAG=${{ github.event.inputs.manual-tag }}" >> $GITHUB_ENV
else
echo "GHOST_VERSION=$(curl -s https://api.github.com/repos/tryghost/ghost/releases/latest | jq '.name' | sed 's/\"//g')" >> $GITHUB_OUTPUT
echo "GHOST_VERSION=$(curl -s https://api.github.com/repos/tryghost/ghost/releases/latest | jq '.name' | sed 's/\"//g')" >> $GITHUB_ENV
fi
-
name: Show Ghost version
continue-on-error: true
env:
GITHUB_EVENT_NAME: ${{ github.event_name }}
run: |
if [ ${{ env.GITHUB_EVENT_NAME }} == workflow_dispatch ]; then
echo "output of step for GHOST_VERSION=$GHOST_VERSION"
echo "output of step for MANUAL_TAG=$MANUAL_TAG"
else
echo "output of step for GHOST_VERSION=${{ steps.versions.outputs.GHOST_VERSION }}"
fi
- name: Docker meta default
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
with:
images: |
${{ env.GHCR_IMAGE }}
annotations: |
type=org.opencontainers.image.description,value='${{ github.event.repository.description }}'
type=org.opencontainers.image.url,value='${{ github.event.repository.html_url }}'
type=org.opencontainers.image.source,value='${{ github.event.repository.clone_url }}'
type=org.opencontainers.image.documentation,value='${{ github.event.repository.html_url }}/blob/main/README.md'
type=org.opencontainers.image.licenses,value='${{ github.event.repository.license.spdx_id }}'
type=org.opencontainers.image.version,value='v${{ steps.versions.outputs.GHOST_VERSION }}'
type=org.opencontainers.image.vendor,value='${{ github.event.repository.organization }}'
io.artifacthub.package.readme-url,value='${{ github.event.repository.html_url }}/blob/main/README.md'
-
name: Set up QEMU
uses: docker/setup-qemu-action@5927c834f5b4fdf503fca6f4c7eccda82949e1ee # v3.1.0
if: ${{ matrix.platform == 'linux/arm64' || env.PLATFORM_PAIR == 'linux-arm64' }}
continue-on-error: false
with:
platforms: arm64
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
with:
driver-opts: |
network=host
-
name: Login to GitHub Container Registry
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
registry: ghcr.io
username: ${{ secrets.GHCR_USER }}
password: ${{ secrets.GHCR_PASS }}
-
name: Build and push by digest
id: build
uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
env:
DOCKER_BUILDKIT: 1
with:
context: .
platforms: ${{ matrix.platform }}
labels: ${{ steps.meta.outputs.labels }}
annotations: ${{ steps.meta.outputs.annotations }}
build-args: GHOST_VERSION=${{ steps.versions.outputs.GHOST_VERSION }}
outputs: type=image,name=${{ env.GHCR_IMAGE }},push-by-digest=true,name-canonical=true,push=true,oci-mediatypes=true
provenance: false
cache-from: type=gha,ignore-error=true
cache-to: type=gha,mode=max,ignore-error=true
-
name: Export digest
run: |
mkdir -p /tmp/digests
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
-
name: Upload digest
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
with:
name: digests-${{ env.PLATFORM_PAIR }}
path: /tmp/digests/*
if-no-files-found: error
retention-days: 15
merge:
runs-on: ubuntu-22.04
needs:
- build
permissions:
attestations: write
actions: write
checks: write
contents: write
deployments: none
id-token: write
issues: read
discussions: read
packages: write
pages: none
pull-requests: read
repository-projects: read
security-events: read
statuses: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit
-
name: Download digests
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
path: /tmp/digests
pattern: digests-*
merge-multiple: true
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
with:
driver-opts: |
network=host
-
name: Set up GHOST_VERSION and MANUAL_TAG values, depending on event type (push or workflow_dispatch)
id: versions
env:
GITHUB_EVENT_NAME: ${{ github.event_name }}
run: |
if [ ${{ env.GITHUB_EVENT_NAME }} == workflow_dispatch ]; then
echo "GHOST_VERSION=${{ github.event.inputs.ghost_version }}" >> $GITHUB_OUTPUT
echo "MANUAL_TAG=${{ github.event.inputs.manual-tag }}" >> $GITHUB_OUTPUT
echo "GHOST_VERSION=${{ github.event.inputs.ghost_version }}" >> $GITHUB_ENV
echo "MANUAL_TAG=${{ github.event.inputs.manual-tag }}" >> $GITHUB_ENV
else
echo "GHOST_VERSION=$(curl -s https://api.github.com/repos/tryghost/ghost/releases/latest | jq '.name' | sed 's/\"//g')" >> $GITHUB_OUTPUT
echo "GHOST_VERSION=$(curl -s https://api.github.com/repos/tryghost/ghost/releases/latest | jq '.name' | sed 's/\"//g')" >> $GITHUB_ENV
fi
-
name: Docker meta
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
env:
GHOST_VERSION: "v${{ steps.versions.outputs.GHOST_VERSION }}"
with:
images: ${{ env.GHCR_IMAGE }}
annotations: |
type=org.opencontainers.image.description,value='${{ github.event.repository.description }}'
type=org.opencontainers.image.url,value='${{ github.event.repository.html_url }}'
type=org.opencontainers.image.source,value='${{ github.event.repository.clone_url }}'
type=org.opencontainers.image.documentation,value='${{ github.event.repository.html_url }}/blob/main/README.md'
type=org.opencontainers.image.licenses,value='${{ github.event.repository.license.spdx_id }}'
type=org.opencontainers.image.version,value='v${{ steps.versions.outputs.GHOST_VERSION }}'
type=org.opencontainers.image.vendor,value='${{ github.event.repository.organization }}'
io.artifacthub.package.readme-url,value='${{ github.event.repository.html_url }}/blob/main/README.md'
tags: |
type=ref,event=branch
type=ref,event=tag
type=sha,format=long
type=raw,value=main,enable=${{ github.event_name != 'workflow_dispatch' }}
type=raw,value=latest,enable=${{ github.event_name != 'workflow_dispatch' }}
type=raw,value=${{ env.GHOST_VERSION }},enable=${{ github.event_name != 'workflow_dispatch' }}
type=raw,value=${{ github.event.inputs.manual-tag }},enable=${{ github.event_name == 'workflow_dispatch' }}
-
name: Login to GitHub Container Registry
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
-
name: Create manifest list and pushs
working-directory: /tmp/digests
id: manifest-annotate
continue-on-error: true
env:
GHOST_VERSION: "v${{ steps.versions.outputs.GHOST_VERSION }}"
run: |
docker buildx imagetools create \
$(jq -cr '.tags | map(ascii_downcase | "-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
--annotation type=org.opencontainers.image.description,value='${{ github.event.repository.description }}' \
--annotation type=org.opencontainers.image.url,value='${{ github.event.repository.html_url }}' \
--annotation type=org.opencontainers.image.source,value='${{ github.event.repository.clone_url }}' \
--annotation type=org.opencontainers.image.documentation,value='${{ github.event.repository.html_url }}/blob/main/README.md' \
--annotation type=org.opencontainers.image.licenses,value='${{ github.event.repository.license.spdx_id }}' \
--annotation type=org.opencontainers.image.version,value='v${{ steps.versions.outputs.GHOST_VERSION }}' \
--annotation type=org.opencontainers.image.vendor,value='${{ github.event.repository.organization }}' \
--annotation io.artifacthub.package.readme-url,value='${{ github.event.repository.html_url }}/blob/main/README.md' \
$(printf '${{ env.GHCR_IMAGE }}@sha256:%s ' *)
-
name: Create manifest list and pushs
working-directory: /tmp/digests
id: manifest
if: steps.manifest-annotate.outcome == 'failure'
run: |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ env.GHCR_IMAGE }}@sha256:%s ' *)
-
name: Inspect image
id: inspect
continue-on-error: true
run: |
docker buildx imagetools inspect ${{ env.GHCR_IMAGE }}:${{ steps.meta.outputs.version }}
-
name: Login to Docker Hub
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
continue-on-error: true
with:
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_PASS }}
-
name: Push to Docker Hub
continue-on-error: true
run: |
docker buildx imagetools create \
--tag ${{ env.DOCKER_IMAGE }}:${{ steps.meta.outputs.version }} \
--tag ${{ env.DOCKER_IMAGE }}:latest \
${{ env.GHCR_IMAGE }}:${{ steps.meta.outputs.version }}