| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142 |
- name: Docker build and publish
- # 参见: https://docs.docker.com/build/ci/github-actions/multi-platform/
- on:
- push:
- branches: [ "beta" ]
- # Publish semver tags as releases.
- tags: [ 'v*.*.*' ]
- pull_request:
- branches: [ "master" ]
- env:
- # Use docker.io for Docker Hub if empty
- REGISTRY: docker.io
- # github.repository as <account>/<repo>
- IMAGE_NAME: ${{ github.repository }}
- jobs:
- build:
- runs-on: ubuntu-latest
- strategy:
- fail-fast: false
- matrix:
- platform:
- - linux/i386
- - linux/amd64
- - linux/arm/v6
- - linux/arm/v7
- - linux/arm64
- permissions:
- contents: read
- packages: write
- # This is used to complete the identity challenge
- # with sigstore/fulcio when running outside of PRs.
- id-token: write
- steps:
- - name: Prepare
- run: |
- platform=${{ matrix.platform }}
- echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
- - name: Checkout repository
- uses: actions/checkout@v4
- # Install the cosign tool except on PR
- # https://github.com/sigstore/cosign-installer
- - name: Install cosign
- if: github.event_name != 'pull_request'
- uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 #v3.1.1
- with:
- cosign-release: 'v2.1.1'
- - name: Docker meta
- id: meta
- uses: docker/metadata-action@v5
- with:
- images: ${{ env.IMAGE_NAME }}
- - name: Set up QEMU
- uses: docker/setup-qemu-action@v3
- # Set up BuildKit Docker container builder to be able to build
- # multi-platform images and export cache
- # https://github.com/docker/setup-buildx-action
- - name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v3
- # Login against a Docker registry except on PR
- # https://github.com/docker/login-action
- - name: Log into registry ${{ env.REGISTRY }}
- if: github.event_name != 'pull_request'
- uses: docker/login-action@v3
- with:
- registry: ${{ env.REGISTRY }}
- username: ${{ github.actor }}
- password: ${{ secrets.DOCKER_HUB_TOKEN }}
- # Build and push Docker image with Buildx (don't push on PR)
- # https://github.com/docker/build-push-action
- - name: Build and push Docker image
- id: build
- uses: docker/build-push-action@v5
- with:
- context: .
- platforms: ${{ matrix.platform }}
- push: ${{ github.event_name != 'pull_request' }}
- labels: ${{ steps.meta.outputs.labels }}
- outputs: type=image,name=${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true,push=true
- - name: Export digest
- run: |
- mkdir -p /tmp/digests
- digest="${{ steps.build.outputs.digest }}"
- touch "/tmp/digests/${digest#sha256:}"
- - name: Upload digest
- uses: actions/upload-artifact@v4
- with:
- name: digests-${{ env.PLATFORM_PAIR }}
- path: /tmp/digests/*
- if-no-files-found: error
- retention-days: 1
- merge:
- runs-on: ubuntu-latest
- needs:
- - build
- steps:
- - name: Download digests
- uses: actions/download-artifact@v4
- with:
- path: /tmp/digests
- pattern: digests-*
- merge-multiple: true
- - name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v3
- - name: Docker meta
- id: meta
- uses: docker/metadata-action@v5
- with:
- images: ${{ env.IMAGE_NAME }}
- - name: Login to Docker Hub
- uses: docker/login-action@v3
- with:
- username: ${{ github.actor }}
- password: ${{ secrets.DOCKER_HUB_TOKEN }}
- - name: Create manifest list and push
- working-directory: /tmp/digests
- run: |
- docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
- $(printf '${{ env.IMAGE_NAME }}@sha256:%s ' *)
- - name: Inspect image
- run: |
- docker buildx imagetools inspect ${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }}
|
