Skip to content

Commit

Permalink
ci: release to GitHub registry (#721)
Browse files Browse the repository at this point in the history
Closes #695.
  • Loading branch information
jkowalleck authored Apr 20, 2024
2 parents 692b8ea + bfce1d1 commit 87218e6
Show file tree
Hide file tree
Showing 2 changed files with 45 additions and 25 deletions.
1 change: 1 addition & 0 deletions .github/workflows/docker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@ jobs:
VERSION: ${{ steps.bump-version.outputs.version }}
run: >
docker build -f Dockerfile
--label 'org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}'
--build-arg "VERSION=$VERSION"
-t "$DOCKER_TAG"
.
Expand Down
69 changes: 44 additions & 25 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ on:

concurrency:
group: release
cancel-in-progress: false # prevent hickups with semantic-release
cancel-in-progress: false # prevent hiccups with semantic-release

env:
REPORTS_DIR: CI_reports
Expand Down Expand Up @@ -151,8 +151,8 @@ jobs:
# see https://python-semantic-release.readthedocs.io/en/latest/configuration.html?highlight=remove_dist#remove-dist


release-DockerHub:
name: "Release: DockerHub"
release-container-image:
name: "Release: DockerHub & GitHubContainerRegistry"
needs:
- release-PyPI
if: |
Expand All @@ -165,7 +165,8 @@ jobs:
env:
VERSION: ${{ needs.release-PyPI.outputs.version }}
ARTIFACT_DOCKER_SBOM: 'docker-image-bom'
DOCKER_REPO: cyclonedx/cyclonedx-python
DOCKERHUB_REPO: cyclonedx/cyclonedx-python
GHCR_REPO: ghcr.io/${{ github.repository_owner }}/cyclonedx-python
steps:
- name: Checkout code (${{ env.TAG }})
# see https://github.com/actions/checkout
Expand All @@ -182,23 +183,26 @@ jobs:
with:
name: ${{ env.DIST_ARTIFACT }}
path: ${{ env.DIST_DIR }}/
- name: Build Docker Image (${{ env.VERSION }})
- name: Build Container Image (${{ env.VERSION }})
run: >
docker build -f Dockerfile
--label 'org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}'
--build-arg "VERSION=$VERSION"
-t "$DOCKER_REPO:$VERSION"
-t "$DOCKER_REPO:latest"
-t "$DOCKERHUB_REPO:$VERSION"
-t "$DOCKERHUB_REPO:latest"
-t "$GHCR_REPO:$VERSION"
-t "$GHCR_REPO:latest"
.
- name: Build own SBoM (XML)
run: >
docker run --rm "$DOCKER_REPO:$VERSION"
docker run --rm "$DOCKERHUB_REPO:$VERSION"
environment
-vvv
--output-format XML
> "$REPORTS_DIR/$ARTIFACT_DOCKER_SBOM.bom.xml"
- name: Build own SBoM (JSON)
run: >
docker run --rm "$DOCKER_REPO:$VERSION"
docker run --rm "$DOCKERHUB_REPO:$VERSION"
environment
-vvv
--output-format JSON
Expand All @@ -212,24 +216,39 @@ jobs:
path: ${{ env.REPORTS_DIR }}/*.bom.*
if-no-files-found: error
# publish AFTER the boms were build, as the bom-generation is kind of a test if the image works
- name: Docker login
run: docker login --username "$DOCKERHUB_USERNAME" --password "$DOCKERHUB_TOKEN"
env:
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Publish Docker Image for version "${{ env.VERSION }}"
run: docker push "$DOCKER_REPO:$VERSION"
- name: Publish Docker Image as "latest"
if: ${{ github.event.inputs.prerelease == 'false' }}
run: docker push "$DOCKER_REPO:latest"
- name: Login to DockerHub
# see hhttps://github.com/docker/login-action?tab=readme-ov-file#docker-hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Publish Container Image to DockerHub for version "${{ env.VERSION }}"
run: docker push "$DOCKERHUB_REPO:$VERSION"
- name: Publish Container Image to DockerHub as "latest"
if: ${{ !cancelled() && github.event.inputs.prerelease == 'false' }}
run: docker push "$DOCKERHUB_REPO:latest"
# endregion
# region publish to GHCR
- name: Login to GHCR
# see https://github.com/docker/login-action#github-container-registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Publish Container Image to GHCR for version "${{ env.VERSION }}"
run: docker push "$GHCR_REPO:$VERSION"
- name: Publish Container Image to GHCR as "latest"
if: ${{ !cancelled() && github.event.inputs.prerelease == 'false' }}
run: docker push "$GHCR_REPO:latest"
# endregion
# TODO: publish all files in $REPORTS_DIR as release assets - see https://github.com/actions/upload-release-asset
- name: Docker logout
if: ${{ always() }}
run: docker logout
- name: Destroy Docker image
- name: Destroy Container image
# run regardless of outcome
if: ${{ always() }}
run: >
docker rmi -f
"$DOCKER_REPO:$VERSION"
"$DOCKER_REPO:latest"
"$DOCKERHUB_REPO:$VERSION"
"$DOCKERHUB_REPO:latest"
"$GHCR_REPO:$VERSION"
"$GHCR_REPO:latest"

0 comments on commit 87218e6

Please sign in to comment.