Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
71 changes: 71 additions & 0 deletions .github/workflows/docker_build_or_deploy.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
name: Docker Build (Reusable)

on:
workflow_call:
inputs:
push:
description: 'Push image to Docker Hub and attest it'
type: boolean
default: false
version:
description: 'Version tag for the image'
type: string
default: ''
secrets:
DOCKERHUB_TOKEN:
required: false

permissions:
id-token: write
attestations: write

jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
attestations: write
steps:
- name: Checkout
uses: actions/checkout@v7

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v4

# Only log in when we intend to push (keeps secrets out of PR builds)
- name: Log in to Docker Hub
if: inputs.push
uses: docker/login-action@v4
with:
username: tragiccode
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v6
with:
images: tragiccode/busly-cli
tags: |
${{ inputs.version }}
latest

- name: Build (and maybe push) Docker image
id: push
uses: docker/build-push-action@v7
with:
context: .
file: ./src/BuslyCLI.Console/Dockerfile
build-args: |
APP_VERSION=${{ inputs.version }}
push: ${{ inputs.push }}
tags: ${{ inputs.push && steps.meta.outputs.tags || '' }}
labels: ${{ steps.meta.outputs.labels }}

- name: Generate artifact attestation
if: inputs.push
uses: actions/attest-build-provenance@v4
with:
subject-name: index.docker.io/tragiccode/busly-cli
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true
82 changes: 20 additions & 62 deletions .github/workflows/docker_deploy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,69 +4,27 @@ on:
release:
types: [published]

permissions:
id-token: write
attestations: write

jobs:
build:
version:
runs-on: ubuntu-latest

outputs:
version: ${{ steps.version.outputs.version }}
steps:
- name: Checkout
uses: actions/checkout@v7

- name: Extract version (without v)
id: version
- id: version
run: |
if [ "${{ github.event_name }}" = "release" ]; then
# Extract version from release tag (remove any 'v' prefix)
VERSION="${{ github.event.release.tag_name }}"
VERSION=${VERSION#v} # Remove 'v' prefix if present
else
VERSION="${{ github.event.inputs.version }}"
VERSION=${VERSION#v} # Remove 'v' prefix if present
fi

echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "Syncing version: $VERSION"

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v4

- name: Log in to Docker Hub
uses: docker/login-action@v4
with:
username: tragiccode
password: ${{ secrets.DOCKERHUB_TOKEN }}

# Revisit this. We should probably be triggering this off of a tag event.
# Which would automatically tag the image with the version and latest and allow us to remove
# the manual 'tags' property below
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v6
with:
images: tragiccode/busly-cli
tags: |
${{ steps.version.outputs.version }}
latest

- name: Build and push Docker image
id: push
uses: docker/build-push-action@v7
with:
context: .
file: ./src/BuslyCLI.Console/Dockerfile
build-args: |
APP_VERSION=${{ steps.version.outputs.version }}
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}

- name: Generate artifact attestation
uses: actions/attest-build-provenance@v4
with:
subject-name: index.docker.io/tragiccode/busly-cli
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true
VERSION="${{ github.event.release.tag_name }}"
VERSION=${VERSION#v}
echo "version=$VERSION" >> "$GITHUB_OUTPUT"

docker:
needs: version
uses: ./.github/workflows/docker_build_or_deploy.yml
# permissions:
# contents: read
# id-token: write
# attestations: write
with:
push: true
version: ${{ needs.version.outputs.version }}
secrets:
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
15 changes: 15 additions & 0 deletions .github/workflows/docker_pull_request.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
name: Pull Request Docker Build

on:
pull_request:
# Can't do this because i don't have a pr number...
# schedule:
# # Runs every night at 2 AM UTC. This is to detect flakey builds
# - cron: "0 2 * * *"

jobs:
docker:
uses: ./.github/workflows/docker_build_or_deploy.yml
with:
push: false
version: 1.0.0-pr.${{ github.event.number }}.${{ github.sha }}
1 change: 1 addition & 0 deletions src/BuslyCLI.Console/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ ARG APP_VERSION=0.1.0
WORKDIR /src

COPY Directory.Build.props ./
COPY Directory.Packages.props ./

# Copy project file and restore dependencies (better layer caching)
COPY src/BuslyCLI.Console/BuslyCLI.Console.csproj ./BuslyCLI.Console/
Expand Down