Update Dockerfile and deployment files to use new installation and co… #107
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: multi-build | |
on: | |
push: | |
branches: | |
- main | |
- attestations | |
paths: | |
- Dockerfile | |
- entrypoint.js | |
- .github/workflows/multi-build.yaml | |
tags: | |
- v* | |
release: | |
types: | |
- edited | |
workflow_dispatch: | |
inputs: | |
manual-tag: | |
description: 'Manual Tag' | |
required: true | |
default: 'manual' | |
type: string | |
ghost_version: | |
description: 'Ghost version' | |
required: true | |
default: '5.88.1' | |
type: string | |
workflow_call: | |
env: | |
GHCR_IMAGE: ghcr.io/${{ github.repository }} | |
DOCKER_IMAGE: docker.io/${{ secrets.DOCKER_USER }}/${{ github.event.repository.name }} | |
permissions: | |
contents: read | |
jobs: | |
build: | |
if: ${{ github.actor == github.event.repository.owner.login }} || ${{ github.actor == 'ngeorger' }} | |
permissions: | |
actions: write | |
checks: write | |
contents: write | |
deployments: none | |
id-token: write | |
issues: read | |
discussions: read | |
packages: write | |
pages: none | |
pull-requests: read | |
repository-projects: read | |
security-events: read | |
statuses: read | |
attestations: write | |
runs-on: ubuntu-22.04 | |
strategy: | |
fail-fast: false | |
matrix: | |
platform: | |
- linux/amd64 | |
- linux/arm64 | |
steps: | |
- | |
name: Harden Runner | |
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 | |
with: | |
egress-policy: audit | |
- | |
name: Prepare | |
id: prepare | |
run: | | |
platform=${{ matrix.platform }} | |
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV | |
- | |
name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- | |
name: Set up GHOST_VERSION and MANUAL_TAG values, depending on event type (push or workflow_dispatch) | |
id: versions | |
env: | |
GITHUB_EVENT_NAME: ${{ github.event_name }} | |
run: | | |
if [ ${{ env.GITHUB_EVENT_NAME }} == workflow_dispatch ]; then | |
echo "GHOST_VERSION=${{ github.event.inputs.ghost_version }}" >> $GITHUB_OUTPUT | |
echo "MANUAL_TAG=${{ github.event.inputs.manual-tag }}" >> $GITHUB_OUTPUT | |
echo "GHOST_VERSION=${{ github.event.inputs.ghost_version }}" >> $GITHUB_ENV | |
echo "MANUAL_TAG=${{ github.event.inputs.manual-tag }}" >> $GITHUB_ENV | |
else | |
echo "GHOST_VERSION=$(curl -s https://api.github.com/repos/tryghost/ghost/releases/latest | jq '.name' | sed 's/\"//g')" >> $GITHUB_OUTPUT | |
echo "GHOST_VERSION=$(curl -s https://api.github.com/repos/tryghost/ghost/releases/latest | jq '.name' | sed 's/\"//g')" >> $GITHUB_ENV | |
fi | |
- | |
name: Show Ghost version | |
continue-on-error: true | |
env: | |
GITHUB_EVENT_NAME: ${{ github.event_name }} | |
run: | | |
if [ ${{ env.GITHUB_EVENT_NAME }} == workflow_dispatch ]; then | |
echo "output of step for GHOST_VERSION=$GHOST_VERSION" | |
echo "output of step for MANUAL_TAG=$MANUAL_TAG" | |
else | |
echo "output of step for GHOST_VERSION=${{ steps.versions.outputs.GHOST_VERSION }}" | |
fi | |
- name: Docker meta default | |
id: meta | |
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 | |
with: | |
images: | | |
${{ env.GHCR_IMAGE }} | |
annotations: | | |
type=org.opencontainers.image.description,value='${{ github.event.repository.description }}' | |
type=org.opencontainers.image.url,value='${{ github.event.repository.html_url }}' | |
type=org.opencontainers.image.source,value='${{ github.event.repository.clone_url }}' | |
type=org.opencontainers.image.documentation,value='${{ github.event.repository.html_url }}/blob/main/README.md' | |
type=org.opencontainers.image.licenses,value='${{ github.event.repository.license.spdx_id }}' | |
type=org.opencontainers.image.version,value='v${{ steps.versions.outputs.GHOST_VERSION }}' | |
type=org.opencontainers.image.vendor,value='${{ github.event.repository.organization }}' | |
io.artifacthub.package.readme-url,value='${{ github.event.repository.html_url }}/blob/main/README.md' | |
- | |
name: Set up QEMU | |
uses: docker/setup-qemu-action@5927c834f5b4fdf503fca6f4c7eccda82949e1ee # v3.1.0 | |
if: ${{ matrix.platform == 'linux/arm64' || env.PLATFORM_PAIR == 'linux-arm64' }} | |
continue-on-error: false | |
with: | |
platforms: arm64 | |
- | |
name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0 | |
with: | |
driver-opts: | | |
network=host | |
- | |
name: Login to GitHub Container Registry | |
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 | |
with: | |
registry: ghcr.io | |
username: ${{ secrets.GHCR_USER }} | |
password: ${{ secrets.GHCR_PASS }} | |
- | |
name: Build and push by digest | |
id: build | |
uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1 | |
env: | |
DOCKER_BUILDKIT: 1 | |
with: | |
context: . | |
platforms: ${{ matrix.platform }} | |
labels: ${{ steps.meta.outputs.labels }} | |
annotations: ${{ steps.meta.outputs.annotations }} | |
build-args: GHOST_VERSION=${{ steps.versions.outputs.GHOST_VERSION }} | |
outputs: type=image,name=${{ env.GHCR_IMAGE }},push-by-digest=true,name-canonical=true,push=true,oci-mediatypes=true | |
provenance: false | |
cache-from: type=gha,ignore-error=true | |
cache-to: type=gha,mode=max,ignore-error=true | |
- | |
name: Export digest | |
run: | | |
mkdir -p /tmp/digests | |
digest="${{ steps.build.outputs.digest }}" | |
touch "/tmp/digests/${digest#sha256:}" | |
- | |
name: Upload digest | |
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 | |
with: | |
name: digests-${{ env.PLATFORM_PAIR }} | |
path: /tmp/digests/* | |
if-no-files-found: error | |
retention-days: 15 | |
merge: | |
runs-on: ubuntu-22.04 | |
needs: | |
- build | |
permissions: | |
attestations: write | |
actions: write | |
checks: write | |
contents: write | |
deployments: none | |
id-token: write | |
issues: read | |
discussions: read | |
packages: write | |
pages: none | |
pull-requests: read | |
repository-projects: read | |
security-events: read | |
statuses: read | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 | |
with: | |
egress-policy: audit | |
- | |
name: Download digests | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
path: /tmp/digests | |
pattern: digests-* | |
merge-multiple: true | |
- | |
name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0 | |
with: | |
driver-opts: | | |
network=host | |
- | |
name: Set up GHOST_VERSION and MANUAL_TAG values, depending on event type (push or workflow_dispatch) | |
id: versions | |
env: | |
GITHUB_EVENT_NAME: ${{ github.event_name }} | |
run: | | |
if [ ${{ env.GITHUB_EVENT_NAME }} == workflow_dispatch ]; then | |
echo "GHOST_VERSION=${{ github.event.inputs.ghost_version }}" >> $GITHUB_OUTPUT | |
echo "MANUAL_TAG=${{ github.event.inputs.manual-tag }}" >> $GITHUB_OUTPUT | |
echo "GHOST_VERSION=${{ github.event.inputs.ghost_version }}" >> $GITHUB_ENV | |
echo "MANUAL_TAG=${{ github.event.inputs.manual-tag }}" >> $GITHUB_ENV | |
else | |
echo "GHOST_VERSION=$(curl -s https://api.github.com/repos/tryghost/ghost/releases/latest | jq '.name' | sed 's/\"//g')" >> $GITHUB_OUTPUT | |
echo "GHOST_VERSION=$(curl -s https://api.github.com/repos/tryghost/ghost/releases/latest | jq '.name' | sed 's/\"//g')" >> $GITHUB_ENV | |
fi | |
- | |
name: Docker meta | |
id: meta | |
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 | |
env: | |
GHOST_VERSION: "v${{ steps.versions.outputs.GHOST_VERSION }}" | |
with: | |
images: ${{ env.GHCR_IMAGE }} | |
annotations: | | |
type=org.opencontainers.image.description,value='${{ github.event.repository.description }}' | |
type=org.opencontainers.image.url,value='${{ github.event.repository.html_url }}' | |
type=org.opencontainers.image.source,value='${{ github.event.repository.clone_url }}' | |
type=org.opencontainers.image.documentation,value='${{ github.event.repository.html_url }}/blob/main/README.md' | |
type=org.opencontainers.image.licenses,value='${{ github.event.repository.license.spdx_id }}' | |
type=org.opencontainers.image.version,value='v${{ steps.versions.outputs.GHOST_VERSION }}' | |
type=org.opencontainers.image.vendor,value='${{ github.event.repository.organization }}' | |
io.artifacthub.package.readme-url,value='${{ github.event.repository.html_url }}/blob/main/README.md' | |
tags: | | |
type=ref,event=branch | |
type=ref,event=tag | |
type=sha,format=long | |
type=raw,value=main,enable=${{ github.event_name != 'workflow_dispatch' }} | |
type=raw,value=latest,enable=${{ github.event_name != 'workflow_dispatch' }} | |
type=raw,value=${{ env.GHOST_VERSION }},enable=${{ github.event_name != 'workflow_dispatch' }} | |
type=raw,value=${{ github.event.inputs.manual-tag }},enable=${{ github.event_name == 'workflow_dispatch' }} | |
- | |
name: Login to GitHub Container Registry | |
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- | |
name: Create manifest list and pushs | |
working-directory: /tmp/digests | |
id: manifest-annotate | |
continue-on-error: true | |
env: | |
GHOST_VERSION: "v${{ steps.versions.outputs.GHOST_VERSION }}" | |
run: | | |
docker buildx imagetools create \ | |
$(jq -cr '.tags | map(ascii_downcase | "-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | |
--annotation type=org.opencontainers.image.description,value='${{ github.event.repository.description }}' \ | |
--annotation type=org.opencontainers.image.url,value='${{ github.event.repository.html_url }}' \ | |
--annotation type=org.opencontainers.image.source,value='${{ github.event.repository.clone_url }}' \ | |
--annotation type=org.opencontainers.image.documentation,value='${{ github.event.repository.html_url }}/blob/main/README.md' \ | |
--annotation type=org.opencontainers.image.licenses,value='${{ github.event.repository.license.spdx_id }}' \ | |
--annotation type=org.opencontainers.image.version,value='v${{ steps.versions.outputs.GHOST_VERSION }}' \ | |
--annotation type=org.opencontainers.image.vendor,value='${{ github.event.repository.organization }}' \ | |
--annotation io.artifacthub.package.readme-url,value='${{ github.event.repository.html_url }}/blob/main/README.md' \ | |
$(printf '${{ env.GHCR_IMAGE }}@sha256:%s ' *) | |
- | |
name: Create manifest list and pushs | |
working-directory: /tmp/digests | |
id: manifest | |
if: steps.manifest-annotate.outcome == 'failure' | |
run: | | |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | |
$(printf '${{ env.GHCR_IMAGE }}@sha256:%s ' *) | |
- | |
name: Inspect image | |
id: inspect | |
continue-on-error: true | |
run: | | |
docker buildx imagetools inspect ${{ env.GHCR_IMAGE }}:${{ steps.meta.outputs.version }} | |
- | |
name: Login to Docker Hub | |
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 | |
continue-on-error: true | |
with: | |
username: ${{ secrets.DOCKER_USER }} | |
password: ${{ secrets.DOCKER_PASS }} | |
- | |
name: Push to Docker Hub | |
continue-on-error: true | |
run: | | |
docker buildx imagetools create \ | |
--tag ${{ env.DOCKER_IMAGE }}:${{ steps.meta.outputs.version }} \ | |
--tag ${{ env.DOCKER_IMAGE }}:latest \ | |
${{ env.GHCR_IMAGE }}:${{ steps.meta.outputs.version }} |