-
-
Notifications
You must be signed in to change notification settings - Fork 9.9k
107 lines (97 loc) · 4.43 KB
/
docker.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
name: Docker
on:
pull_request:
paths:
- .github/workflows/docker.yml
- Dockerfile
push:
paths:
- .github/workflows/docker.yml
- Dockerfile
branches-ignore:
- master
release:
types:
- published
permissions:
contents: read
jobs:
ubuntu:
if: startsWith(github.repository, 'Homebrew/')
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
version: ["18.04", "20.04", "22.04", "24.04"]
permissions:
contents: read # for code access
attestations: write # for actions/attest-build-provenance
id-token: write # for actions/attest-build-provenance
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
fetch-depth: 0
persist-credentials: false
- name: Fetch origin/master from Git
run: git fetch origin master
- name: Build Docker image
run: |
brew_version="$(git describe --tags --dirty --abbrev=7)"
echo "Building for Homebrew ${brew_version}"
docker build -t brew \
--build-arg=version=${{matrix.version}} \
--label org.opencontainers.image.created="$(date --rfc-3339=seconds --utc)" \
--label org.opencontainers.image.url="https://brew.sh" \
--label org.opencontainers.image.documentation="https://docs.brew.sh" \
--label org.opencontainers.image.source="https://github.com/${GITHUB_REPOSITORY}" \
--label org.opencontainers.image.version="${brew_version}" \
--label org.opencontainers.image.revision="${GITHUB_SHA}" \
--label org.opencontainers.image.vendor="${GITHUB_REPOSITORY_OWNER}" \
--label org.opencontainers.image.licenses="BSD-2-Clause" \
.
- name: Run brew test-bot --only-setup
run: docker run --rm brew brew test-bot --only-setup
- run: docker image inspect --format=json brew
- run: docker image inspect --format='{{.Id}}' brew
- run: docker images --digests brew
- run: docker images --digests brew --format='{{.Digest}}'
- name: Generate image digest
id: digest
run: echo "digest=$(docker image inspect --format='{{.Digest}}' brew)" >> "$GITHUB_OUTPUT"
- name: Generate build provenance
uses: actions/attest-build-provenance@5e9cb68e95676991667494a6a4e59b8a2f13e1d0 # v1.3.3
id: attest
with:
subject-name: ghcr.io/homebrew/ubuntu${{matrix.version}}
subject-digest: ${{ steps.digest.outputs.digest }}
push-to-registry: ${{ startsWith(github.ref, 'refs/tags/') }}
- name: Deploy the tagged Docker image to GitHub Packages
if: startsWith(github.ref, 'refs/tags/')
run: |
brew_version="${GITHUB_REF:10}"
echo "brew_version=${brew_version}" >> "${GITHUB_ENV}"
echo ${{secrets.HOMEBREW_BREW_GITHUB_PACKAGES_TOKEN}} | docker login ghcr.io -u BrewTestBot --password-stdin
docker tag brew "ghcr.io/homebrew/ubuntu${{matrix.version}}:${brew_version}"
docker push "ghcr.io/homebrew/ubuntu${{matrix.version}}:${brew_version}"
docker tag brew "ghcr.io/homebrew/ubuntu${{matrix.version}}:latest"
docker push "ghcr.io/homebrew/ubuntu${{matrix.version}}:latest"
- name: Deploy the tagged Docker image to Docker Hub
if: startsWith(github.ref, 'refs/tags/')
run: |
echo ${{secrets.HOMEBREW_BREW_DOCKER_TOKEN}} | docker login -u brewtestbot --password-stdin
docker tag brew "homebrew/ubuntu${{matrix.version}}:${brew_version}"
docker push "homebrew/ubuntu${{matrix.version}}:${brew_version}"
docker tag brew "homebrew/ubuntu${{matrix.version}}:latest"
docker push "homebrew/ubuntu${{matrix.version}}:latest"
- name: Deploy the homebrew/brew Docker image to GitHub Packages and Docker Hub
if: startsWith(github.ref, 'refs/tags/') && matrix.version == '22.04'
run: |
docker tag brew "ghcr.io/homebrew/brew:${brew_version}"
docker push "ghcr.io/homebrew/brew:${brew_version}"
docker tag brew "ghcr.io/homebrew/brew:latest"
docker push "ghcr.io/homebrew/brew:latest"
docker tag brew "homebrew/brew:${brew_version}"
docker push "homebrew/brew:${brew_version}"
docker tag brew "homebrew/brew:latest"
docker push "homebrew/brew:latest"