feat(dockerhub): 添加 DockerHub 仓库路由 (#17691) #6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'Docker Release' | |
on: | |
push: | |
branches: | |
- master | |
paths: | |
- '.github/workflows/docker-release.yml' | |
- 'lib/**' | |
- '!lib/**/*.test.ts' | |
- 'Dockerfile' | |
workflow_dispatch: {} | |
jobs: | |
check-env: | |
permissions: | |
contents: none | |
runs-on: ubuntu-latest | |
timeout-minutes: 5 | |
outputs: | |
check-docker: ${{ steps.check-docker.outputs.defined }} | |
steps: | |
- id: check-docker | |
env: | |
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
if: ${{ env.DOCKER_USERNAME != '' }} | |
run: echo "defined=true" >> $GITHUB_OUTPUT | |
release: | |
runs-on: ubuntu-latest | |
needs: check-env | |
if: needs.check-env.outputs.check-docker == 'true' | |
timeout-minutes: 60 | |
permissions: | |
packages: write | |
id-token: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install cosign | |
if: github.event_name != 'pull_request' | |
uses: sigstore/cosign-installer@v3 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Log in to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Log in to the Container registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Extract Docker metadata (ordinary version) | |
id: meta-ordinary | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
${{ secrets.DOCKER_USERNAME }}/rsshub | |
ghcr.io/${{ github.repository }} | |
tags: | | |
type=raw,value=latest,enable=true | |
type=raw,value={{date 'YYYY-MM-DD'}},enable=true | |
type=sha,format=long,prefix=,enable=true | |
flavor: latest=false | |
- name: Build and push Docker image (ordinary version) | |
id: build-and-push | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
push: true | |
tags: ${{ steps.meta-ordinary.outputs.tags }} | |
labels: ${{ steps.meta-ordinary.outputs.labels }} | |
platforms: linux/amd64,linux/arm/v7,linux/arm64 | |
cache-from: type=gha,scope=docker-release | |
cache-to: type=gha,mode=max,scope=docker-release | |
- name: Sign the published Docker image | |
if: ${{ github.event_name != 'pull_request' }} | |
env: | |
COSIGN_EXPERIMENTAL: 'true' | |
run: echo "${{ steps.meta-ordinary.outputs.tags }}" | xargs -I {} cosign sign --yes {}@${{ steps.build-and-push.outputs.digest }} | |
- name: Extract Docker metadata (Chromium-bundled version) | |
id: meta-chromium-bundled | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
${{ secrets.DOCKER_USERNAME }}/rsshub | |
ghcr.io/${{ github.repository }} | |
tags: | | |
type=raw,value=chromium-bundled,enable=true | |
type=raw,value=chromium-bundled-{{date 'YYYY-MM-DD'}},enable=true | |
type=sha,format=long,prefix=chromium-bundled-,enable=true | |
flavor: latest=false | |
- name: Build and push Docker image (Chromium-bundled version) | |
id: build-and-push-chromium | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
build-args: PUPPETEER_SKIP_DOWNLOAD=0 | |
push: true | |
tags: ${{ steps.meta-chromium-bundled.outputs.tags }} | |
labels: ${{ steps.meta-chromium-bundled.outputs.labels }} | |
platforms: linux/amd64,linux/arm/v7,linux/arm64 | |
cache-from: | | |
type=registry,ref=${{ secrets.DOCKER_USERNAME }}/rsshub:chromium-bundled | |
cache-to: type=inline,ref=${{ secrets.DOCKER_USERNAME }}/rsshub:chromium-bundled # inline cache is enough | |
- name: Sign the published Docker image | |
if: ${{ github.event_name != 'pull_request' }} | |
env: | |
COSIGN_EXPERIMENTAL: 'true' | |
run: echo "${{ steps.meta-chromium-bundled.outputs.tags }}" | xargs -I {} cosign sign --yes {}@${{ steps.build-and-push-chromium.outputs.digest }} | |
description: | |
runs-on: ubuntu-latest | |
needs: check-env | |
if: needs.check-env.outputs.check-docker == 'true' | |
timeout-minutes: 5 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Docker Hub Description | |
uses: peter-evans/dockerhub-description@v4 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
repository: ${{ secrets.DOCKER_USERNAME }}/rsshub |