-
-
Notifications
You must be signed in to change notification settings - Fork 138
131 lines (114 loc) · 4.07 KB
/
build.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: Container Images
on:
push:
branches:
- main
pull_request:
release:
types: [published]
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
attestations: write
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
type=ref,event=tag
type=raw,value=stable,enable=${{ startsWith(github.ref, 'refs/tags/') }}
type=ref,event=pr
- name: Show tags
continue-on-error: true
run: |
echo "Tags generated by metadata-action:\n"
for tag in ${{ steps.metadata.output.tags }}; do
echo $tag
done
- name: Extract version from tag
if: startsWith(github.ref, 'refs/tags/')
run: echo "VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV
- name: Log into GitHub Container Registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v2
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push slim
uses: docker/build-push-action@v4
with:
context: .
file: ./Dockerfile.slim
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}-slim
labels: ${{ steps.meta.outputs.labels }}
build-args: |
BUILD_DATE=${{ github.event.repository.updated_at }}
VCS_REF=${{ github.sha }}
VERSION=${{ env.VERSION }}
- name: Build and push
uses: docker/build-push-action@v4
with:
context: .
file: ./Dockerfile
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: |
SLIM_IMAGE=${{ steps.meta.outputs.tags }}-slim
- name: Fetch all tags and store them
run: |
# List all tags
tags=$(git tag -l)
echo "All tags:"
echo "$tags"
# Save tags in an environment variable for later use
echo "ALL_TAGS=$(echo $tags | tr '\n' ' ')" >> $GITHUB_ENV
- name: Retain last two minor versions
run: |
# Fetch all tags in the format X.Y.Z
echo "Using stored tags..."
all_tags="${{ env.ALL_TAGS }}"
echo "All tags:"
echo "$all_tags"
# Extract the minor versions (X.Y) from tags in the format vX.X.X
latest_two_minors=$(echo "$all_tags" | tr ' ' '\n' | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$' | sed -E 's/^v([0-9]+\.[0-9]+)\.[0-9]+$/\1/' | uniq | tail -n 2)
echo "Last two minor versions:"
echo "$latest_two_minors"
keep_tags=""
for minor in $latest_two_minors; do
echo "Processing minor version: $minor"
patches=$(echo "$all_tags" | tr ' ' '\n' | grep "^v$minor\.")
echo "Latest patch for $minor: $patches"
keep_tags="$keep_tags $patches"
done
# Store the tags in the environment variable
keep_tags=$(echo $keep_tags | tr ' ' '\n' | paste -sd ',' -)
echo "Tags to keep: $keep_tags"
echo "keep_tags=$keep_tags" >> $GITHUB_ENV
echo "keep_tags=$keep_tags"
- name: Run container retention policy
if: github.ref == 'refs/heads/main'
uses: snok/[email protected]
with:
account: ApeWorX
token: ${{ secrets.GITHUB_TOKEN }}
image-tags: "!stable* !latest* !${{ env.keep_tags }}"
tag-selection: both
cut-off: 4w
dry-run: true