From 4344be93e82eaa8bb178b99e0bf6284a603dcbcc Mon Sep 17 00:00:00 2001 From: Catalan Lover <48515417+FSG-Cat@users.noreply.github.com> Date: Fri, 13 Mar 2026 15:25:21 +0100 Subject: [PATCH] Upgrade CI to publish to ghcr.io and Dockerhub (#901) * GHCR Separate Workflows * GHCR Standalone Publishing Refinements * Docker Hub Publishing Refinements * Add Development Build Artefact Generation and Publishing This only runs against non Excluded branches as to be practical. * Fix GHCR Deployment due to Uppercase Names and Main Branch Exclusion * Fix Github ignoring Branch filters for Develop Workflow * Harmonise Development Artifact Workflows * Improve Docker Hub Development Artefact Metadata --- .github/workflows/docker-hub-develop.yml | 9 +++ .github/workflows/docker-hub-latest.yml | 7 ++ .github/workflows/docker-hub-release.yml | 7 ++ .github/workflows/ghcr-all-dev-branches.yml | 76 +++++++++++++++++++++ .github/workflows/ghcr-latest.yml | 64 +++++++++++++++++ .github/workflows/ghcr-release.yml | 64 +++++++++++++++++ 6 files changed, 227 insertions(+) create mode 100644 .github/workflows/ghcr-all-dev-branches.yml create mode 100644 .github/workflows/ghcr-latest.yml create mode 100644 .github/workflows/ghcr-release.yml diff --git a/.github/workflows/docker-hub-develop.yml b/.github/workflows/docker-hub-develop.yml index 173a22a..d605ba1 100644 --- a/.github/workflows/docker-hub-develop.yml +++ b/.github/workflows/docker-hub-develop.yml @@ -1,4 +1,5 @@ # SPDX-FileCopyrightText: 2024 Gnuxie +# SPDX-FileCopyrightText: 2026 Catalan Lover # # SPDX-License-Identifier: CC0-1.0 @@ -16,6 +17,7 @@ env: PLATFORMS: linux/amd64,linux/arm64 # Only push if this is main, otherwise we just want to build PUSH: ${{ github.ref == 'refs/heads/main' }} + IMG_SOURCE: https://github.com/${{ github.repository }} jobs: docker-latest: @@ -54,5 +56,12 @@ jobs: file: ./Dockerfile platforms: ${{ env.PLATFORMS }} push: ${{ env.PUSH }} + labels: | + org.opencontainers.image.source=${{ env.IMG_SOURCE }} + org.opencontainers.image.revision=${{ github.sha }} + org.opencontainers.image.version=${{ github.ref_name }}-${{ github.sha }} + org.opencontainers.image.ref.name=${{ github.ref_name }} + org.opencontainers.image.licenses=AFL-3.0 + sbom: true tags: | ${{ env.DOCKER_NAMESPACE }}/draupnir:develop diff --git a/.github/workflows/docker-hub-latest.yml b/.github/workflows/docker-hub-latest.yml index cfa0af3..274b538 100644 --- a/.github/workflows/docker-hub-latest.yml +++ b/.github/workflows/docker-hub-latest.yml @@ -1,4 +1,5 @@ # SPDX-FileCopyrightText: 2024 Gnuxie +# SPDX-FileCopyrightText: 2026 Catalan Lover # # SPDX-License-Identifier: CC0-1.0 @@ -14,6 +15,7 @@ on: env: DOCKER_NAMESPACE: gnuxie PLATFORMS: linux/amd64,linux/arm64 + IMG_SOURCE: https://github.com/${{ github.repository }} jobs: docker-release: @@ -53,6 +55,11 @@ jobs: file: ./Dockerfile platforms: ${{ env.PLATFORMS }} push: true + labels: | + org.opencontainers.image.source=${{ env.IMG_SOURCE }} + org.opencontainers.image.revision=${{ github.sha }} + org.opencontainers.image.version=${{ github.ref_name }} + org.opencontainers.image.licenses=AFL-3.0 sbom: true tags: | ${{ env.DOCKER_NAMESPACE }}/draupnir:latest diff --git a/.github/workflows/docker-hub-release.yml b/.github/workflows/docker-hub-release.yml index b19e59e..3cb8b28 100644 --- a/.github/workflows/docker-hub-release.yml +++ b/.github/workflows/docker-hub-release.yml @@ -1,4 +1,5 @@ # SPDX-FileCopyrightText: 2024 Gnuxie +# SPDX-FileCopyrightText: 2026 Catalan Lover # # SPDX-License-Identifier: CC0-1.0 @@ -14,6 +15,7 @@ on: env: DOCKER_NAMESPACE: gnuxie PLATFORMS: linux/amd64,linux/arm64 + IMG_SOURCE: https://github.com/${{ github.repository }} jobs: docker-release: @@ -54,6 +56,11 @@ jobs: file: ./Dockerfile platforms: ${{ env.PLATFORMS }} push: true + labels: | + org.opencontainers.image.source=${{ env.IMG_SOURCE }} + org.opencontainers.image.revision=${{ github.sha }} + org.opencontainers.image.version=${{ github.ref_name }} + org.opencontainers.image.licenses=AFL-3.0 sbom: true tags: | ${{ env.DOCKER_NAMESPACE }}/draupnir:${{ env.RELEASE_VERSION }} diff --git a/.github/workflows/ghcr-all-dev-branches.yml b/.github/workflows/ghcr-all-dev-branches.yml new file mode 100644 index 0000000..886529e --- /dev/null +++ b/.github/workflows/ghcr-all-dev-branches.yml @@ -0,0 +1,76 @@ +# SPDX-FileCopyrightText: 2026 Catalan Lover +# +# SPDX-License-Identifier: CC0-1.0 +# This file is derived from the docker-hub-develop.yml workflow, but instead of pushing to Docker Hub, it pushes to GHCR. It also runs on all non excluded branches to allow easier access to development builds. + +name: "GHCR - Development Branches" + +on: + push: + branches-ignore: + - "dependabot/**" + - "renovate/**" + - "github-actions/**" + +env: + IMAGE_NAME: draupnir + PLATFORMS: linux/amd64,linux/arm64 + IMG_SOURCE: https://github.com/${{ github.repository }} + +jobs: + ghcr-publish: + runs-on: ubuntu-latest + permissions: + id-token: write + packages: write + contents: read + attestations: write + steps: + - name: Check out + uses: actions/checkout@v4 + - name: Unshallow for git describe so we can create version.txt + run: git fetch --prune --unshallow --tags --all --force + - name: Set lowercase image owner + run: echo "IMAGE_OWNER=$(echo '${{ github.repository_owner }}' | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV + + # Needed for multi platform builds + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + with: + platforms: ${{ env.PLATFORMS }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to GHCR + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Derive image tags + id: meta + uses: docker/metadata-action@v5 + with: + images: ghcr.io/${{ env.IMAGE_OWNER }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=branch + type=sha,prefix=sha- + + - name: Build image + id: push + uses: docker/build-push-action@v5 + with: + context: . + file: ./Dockerfile + platforms: ${{ env.PLATFORMS }} + push: true + labels: | + org.opencontainers.image.source=${{ env.IMG_SOURCE }} + org.opencontainers.image.revision=${{ github.sha }} + org.opencontainers.image.version=${{ github.ref_name }}-${{ github.sha }} + org.opencontainers.image.ref.name=${{ github.ref_name }} + org.opencontainers.image.licenses=AFL-3.0 + sbom: true + tags: ${{ steps.meta.outputs.tags }} diff --git a/.github/workflows/ghcr-latest.yml b/.github/workflows/ghcr-latest.yml new file mode 100644 index 0000000..d64e3bf --- /dev/null +++ b/.github/workflows/ghcr-latest.yml @@ -0,0 +1,64 @@ +# SPDX-FileCopyrightText: 2026 Catalan Lover +# +# SPDX-License-Identifier: CC0-1.0 + +name: "GHCR - Latest" + +on: + release: + types: [released] + +env: + PLATFORMS: linux/amd64,linux/arm64 + IMG_SOURCE: https://github.com/${{ github.repository }} + +jobs: + ghcr-latest: + runs-on: ubuntu-latest + permissions: + id-token: write + packages: write + contents: read + attestations: write + steps: + - name: Check out + uses: actions/checkout@v4 + - name: Get release tag + run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV + - name: Unshallow for git describe so we can create version.txt + run: git fetch --prune --unshallow --tags --all --force + - name: Set lowercase image owner + run: echo "IMAGE_OWNER=$(echo '${{ github.repository_owner }}' | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV + + # Needed for multi platform builds + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + with: + platforms: ${{ env.PLATFORMS }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to GHCR + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push image to GHCR + id: push_ghcr + uses: docker/build-push-action@v5 + with: + context: . + file: ./Dockerfile + platforms: ${{ env.PLATFORMS }} + push: true + labels: | + org.opencontainers.image.source=${{ env.IMG_SOURCE }} + org.opencontainers.image.revision=${{ github.sha }} + org.opencontainers.image.version=${{ github.ref_name }} + org.opencontainers.image.licenses=AFL-3.0 + sbom: true + tags: | + ghcr.io/${{ env.IMAGE_OWNER }}/draupnir:latest diff --git a/.github/workflows/ghcr-release.yml b/.github/workflows/ghcr-release.yml new file mode 100644 index 0000000..d0e0770 --- /dev/null +++ b/.github/workflows/ghcr-release.yml @@ -0,0 +1,64 @@ +# SPDX-FileCopyrightText: 2026 Catalan Lover +# +# SPDX-License-Identifier: CC0-1.0 + +name: "GHCR - Release" + +on: + release: + types: [published] + +env: + PLATFORMS: linux/amd64,linux/arm64 + IMG_SOURCE: https://github.com/${{ github.repository }} + +jobs: + ghcr-release: + runs-on: ubuntu-latest + permissions: + id-token: write + packages: write + contents: read + attestations: write + steps: + - name: Check out + uses: actions/checkout@v4 + - name: Get release tag + run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV + - name: Unshallow for git describe so we can create version.txt + run: git fetch --prune --unshallow --tags --all --force + - name: Set lowercase image owner + run: echo "IMAGE_OWNER=$(echo '${{ github.repository_owner }}' | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV + + # Needed for multi platform builds + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + with: + platforms: ${{ env.PLATFORMS }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to GHCR + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push image to GHCR + id: push_ghcr + uses: docker/build-push-action@v5 + with: + context: . + file: ./Dockerfile + platforms: ${{ env.PLATFORMS }} + push: true + labels: | + org.opencontainers.image.source=${{ env.IMG_SOURCE }} + org.opencontainers.image.revision=${{ github.sha }} + org.opencontainers.image.version=${{ github.ref_name }} + org.opencontainers.image.licenses=AFL-3.0 + sbom: true + tags: | + ghcr.io/${{ env.IMAGE_OWNER }}/draupnir:${{ env.RELEASE_VERSION }}