v5.82.12 #74
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: multi-build | |
on: | |
release: | |
types: | |
- released | |
- edited | |
# paths: | |
# - "Dockerfile" | |
# - ".github/workflows/multi-build.yaml" | |
# - "entrypoint.js" | |
workflow_dispatch: | |
inputs: | |
manual-tag: | |
description: 'Manual Tag' | |
required: true | |
default: 'manual' | |
type: string | |
ghost_version: | |
description: 'Ghost version' | |
required: true | |
default: '5.82.9' | |
type: string | |
workflow_call: | |
env: | |
GHCR_IMAGE: ghcr.io/${{ github.repository }} | |
DOCKER_IMAGE: docker.io/${{ secrets.DOCKER_USER }}/${{ github.event.repository.name }} | |
permissions: | |
contents: read | |
jobs: | |
build: | |
permissions: | |
actions: write | |
checks: write | |
contents: write | |
deployments: none | |
id-token: write | |
issues: read | |
discussions: read | |
packages: write | |
pages: none | |
pull-requests: read | |
repository-projects: read | |
security-events: write | |
statuses: write | |
runs-on: ubuntu-22.04 | |
strategy: | |
fail-fast: true | |
matrix: | |
platform: | |
- linux/amd64 | |
- linux/arm64 | |
steps: | |
- | |
name: Prepare | |
id: prepare | |
run: | | |
platform=${{ matrix.platform }} | |
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV | |
- | |
name: Harden Runner | |
uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 | |
with: | |
egress-policy: audit | |
- | |
name: Checkout | |
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 | |
- | |
name: Set up GHOST_VERSION and MANUAL_TAG values, depending on event type (push or workflow_dispatch) | |
id: versions | |
env: | |
GITHUB_EVENT_NAME: ${{ github.event_name }} | |
run: | | |
if [ ${{ env.GITHUB_EVENT_NAME }} == workflow_dispatch ]; then | |
echo "GHOST_VERSION=${{ github.event.inputs.ghost_version }}" >> $GITHUB_OUTPUT | |
echo "MANUAL_TAG=${{ github.event.inputs.manual-tag }}" >> $GITHUB_OUTPUT | |
echo "GHOST_VERSION=${{ github.event.inputs.ghost_version }}" >> $GITHUB_ENV | |
echo "MANUAL_TAG=${{ github.event.inputs.manual-tag }}" >> $GITHUB_ENV | |
else | |
echo "GHOST_VERSION=$(curl -s https://api.github.com/repos/tryghost/ghost/releases/latest | jq '.name' | sed 's/\"//g')" >> $GITHUB_OUTPUT | |
echo "GHOST_VERSION=$(curl -s https://api.github.com/repos/tryghost/ghost/releases/latest | jq '.name' | sed 's/\"//g')" >> $GITHUB_ENV | |
fi | |
- | |
name: Show Ghost version | |
continue-on-error: true | |
run: | | |
echo "output of step for GHOST_VERSION=${{ steps.versions.outputs.GHOST_VERSION }}" | |
echo "output of step for MANUAL_TAG=${{ steps.versions.outputs.MANUAL_TAG }}" | |
echo "output of env for GHOST_VERSION=\"$(echo $GHOST_VERSION)\"" | |
echo "output of env for MANUAL_TAG=\"$(echo $MANUAL_TAG)\"" | |
- name: Docker meta default | |
id: meta | |
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 | |
with: | |
images: ${{ env.GHCR_IMAGE }} | |
- | |
name: Set up QEMU | |
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 | |
if: ${{ matrix.platform == 'linux/arm64' || env.PLATFORM_PAIR == 'linux-arm64' }} | |
continue-on-error: false | |
with: | |
platforms: arm64 | |
- | |
name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 | |
with: | |
driver-opts: | | |
network=host | |
- | |
name: Login to GitHub Container Registry | |
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 | |
with: | |
registry: ghcr.io | |
username: ${{ secrets.GHCR_USER }} | |
password: ${{ secrets.GHCR_PASS }} | |
- | |
name: Build and push by digest | |
id: build | |
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 | |
env: | |
DOCKER_BUILDKIT: 1 | |
with: | |
context: . | |
platforms: ${{ matrix.platform }} | |
labels: ${{ steps.meta.outputs.labels }} | |
annotations: ${{ steps.meta.outputs.annotations }} | |
build-args: GHOST_VERSION=${{ steps.versions.outputs.GHOST_VERSION }} | |
outputs: type=image,name=${{ env.GHCR_IMAGE }},push-by-digest=true,name-canonical=true,push=true,oci-mediatypes=true | |
provenance: false | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
- | |
name: Export digest | |
run: | | |
mkdir -p /tmp/digests | |
digest="${{ steps.build.outputs.digest }}" | |
touch "/tmp/digests/${digest#sha256:}" | |
- | |
name: Upload digest | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: digests-${{ env.PLATFORM_PAIR }} | |
path: /tmp/digests/* | |
if-no-files-found: error | |
retention-days: 1 | |
merge: | |
runs-on: ubuntu-22.04 | |
needs: | |
- build | |
permissions: | |
attestations: write | |
actions: write | |
checks: write | |
contents: write | |
deployments: none | |
id-token: write | |
issues: read | |
discussions: read | |
packages: write | |
pages: none | |
pull-requests: read | |
repository-projects: read | |
security-events: write | |
statuses: write | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 | |
with: | |
egress-policy: audit | |
- | |
name: Download digests | |
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 | |
with: | |
path: /tmp/digests | |
pattern: digests-* | |
merge-multiple: true | |
- | |
name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 | |
with: | |
driver-opts: | | |
network=host | |
- | |
name: Docker meta | |
id: meta | |
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 | |
with: | |
images: ${{ env.GHCR_IMAGE }} | |
annotations: | | |
type=org.opencontainers.image.description,value=${{ github.event.repository.description }} | |
tags: | | |
type=raw,value=main,enable={{is_default_branch}} | |
type=raw,value=latest,enable={{is_default_branch}} | |
type=raw,value=${{ github.event.inputs.manual-tag }},enable=${{ github.event_name == 'workflow_dispatch' }} | |
- | |
name: Login to GitHub Container Registry | |
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- | |
name: Create manifest list and pushs | |
working-directory: /tmp/digests | |
id: manifest | |
run: | | |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | |
$(printf '${{ env.GHCR_IMAGE }}@sha256:%s ' *) | |
# $(jq -cr '.annotations | map("--annotation " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | |
- | |
name: Inspect image | |
id: inspect | |
continue-on-error: true | |
run: | | |
docker buildx imagetools inspect ${{ env.GHCR_IMAGE }}:${{ steps.meta.outputs.version }} | |
- | |
name: Login to Docker Hub | |
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 | |
continue-on-error: true | |
with: | |
username: ${{ secrets.DOCKER_USER }} | |
password: ${{ secrets.DOCKER_PASS }} | |
- | |
name: Push to Docker Hub | |
continue-on-error: true | |
run: | | |
docker buildx imagetools create \ | |
--tag ${{ env.DOCKER_IMAGE }}:${{ steps.meta.outputs.version }} \ | |
--tag ${{ env.DOCKER_IMAGE }}:latest \ | |
${{ env.GHCR_IMAGE }}:${{ steps.meta.outputs.version }} |