name: Docker CI # This workflow uses actions that are not certified by GitHub. # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. on: schedule: - cron: '30 22 * * *' push: pull_request: branches: [ "main" ] env: # github.repository as / IMAGE_NAME: ${{ github.repository }} jobs: build-ci: name: Build environment for GitLab CI/CD runs-on: ubuntu-latest permissions: contents: read packages: write # This is used to complete the identity challenge # with sigstore/fulcio when running outside of PRs. id-token: write steps: - name: Checkout repository uses: actions/checkout@v3 # Workaround: https://github.com/docker/build-push-action/issues/461 - name: Setup Docker buildx uses: docker/setup-buildx-action@v2 with: buildkitd-flags: --debug # Login against a Docker registry except on PR # https://github.com/docker/login-action - name: Log into GHCR if: github.event_name != 'pull_request' uses: docker/login-action@v2 with: registry: ghcr.io username: ${{ secrets.HUB_USERNAME }} password: ${{ secrets.HUB_TOKEN }} - name: Log into RHQCR if: github.event_name != 'pull_request' uses: docker/login-action@v2 with: registry: quay.io username: ${{ secrets.RHQCR_BOT_USERNAME }} password: ${{ secrets.RHQCR_BOT_TOKEN }} # Extract metadata (tags, labels) for Docker # https://github.com/docker/metadata-action - name: Extract Docker metadata id: meta uses: docker/metadata-action@v4 with: images: | ghcr.io/${{ env.IMAGE_NAME }}/build-ci quay.io/ajhalili2006/mkdocs-material-build-ci tags: | type=raw,value=latest,enable={{is_default_branch}} type=sha,enable=true,priority=100,prefix=commit-,suffix=,format=long type=schedule,pattern=nightly type=raw,prefix=branch-,value={{branch}} - uses: hadolint/hadolint-action@v3.1.0 with: dockerfile: docker/Dockerfile # Build and push Docker image with Buildx (don't push on PR) # https://github.com/docker/build-push-action - name: Build and push Docker image id: build-and-push uses: docker/build-push-action@v4.1.1 with: context: docker platforms: linux/amd64 #file: Dockerfile # workaround: https://github.com/moby/buildkit/issues/2713#issuecomment-1068540101 push: false load: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: | type=registry,ref=quay.io/ajhalili2006/mkdocs-material-build-ci:buildkit-cache-web type=registry,ref=quay.io/ajhalili2006/mkdocs-material-build-ci:branch-main type=registry,ref=quay.io/ajhalili2006/mkdocs-material-build-ci:latest cache-to: type=registry,ref=quay.io/ajhalili2006/mkdocs-material-build-ci:buildkit-cache-web - name: Workaround pushbot for misbehaving reverse proxies if: ${{ github.event_name != 'pull_request' }} run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} docker push {} devenv: name: Generate Gitpod workspace image snapshot runs-on: ubuntu-latest permissions: contents: read packages: write # This is used to complete the identity challenge # with sigstore/fulcio when running outside of PRs. id-token: write steps: - name: Checkout repository uses: actions/checkout@v3 # Workaround: https://github.com/docker/build-push-action/issues/461 - name: Setup Docker buildx uses: docker/setup-buildx-action@v2 with: buildkitd-flags: --debug # Login against a Docker registry except on PR # https://github.com/docker/login-action - name: Log into GHCR if: github.event_name != 'pull_request' uses: docker/login-action@v2 with: registry: ghcr.io username: ${{ secrets.HUB_USERNAME }} password: ${{ secrets.HUB_TOKEN }} - name: Log into RHQCR if: github.event_name != 'pull_request' uses: docker/login-action@v2 with: registry: quay.io username: ${{ secrets.RHQCR_BOT_USERNAME }} password: ${{ secrets.RHQCR_BOT_TOKEN }} # Extract metadata (tags, labels) for Docker # https://github.com/docker/metadata-action - name: Extract Docker metadata id: meta uses: docker/metadata-action@v4 with: images: | ghcr.io/${{ env.IMAGE_NAME }}/devenv tags: | type=raw,value=latest,enable={{is_default_branch}} type=sha,enable=true,priority=100,prefix=commit-,suffix=,format=long type=schedule,pattern=nightly type=raw,prefix=branch-,value={{branch}} - uses: hadolint/hadolint-action@v3.1.0 with: dockerfile: .gitpod.Dockerfile # Build and push Docker image with Buildx (don't push on PR) # https://github.com/docker/build-push-action - name: Build and push Docker image id: build-and-push uses: docker/build-push-action@v4.1.1 with: context: . file: .gitpod.Dockerfile platforms: linux/amd64 # workaround: https://github.com/moby/buildkit/issues/2713#issuecomment-1068540101 push: false load: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: | type=registry,ref=quay.io/ajhalili2006/gitpod-workspace:buildkit-cache-web type=registry,ref=ghcr.io/ajhalili2006/ajhalili2006.github.io/devenv:nightly type=registry,ref=cr.io/ajhalili2006/ajhalili2006.github.io/devenv:branch-main cache-to: type=registry,ref=quay.io/ajhalili2006/gitpod-workspace:buildkit-cache-web - name: Workaround pushbot for misbehaving reverse proxies if: ${{ github.event_name != 'pull_request' }} run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} docker push {}