From e63b9ef6ff3759f7bef333e14ec115f90efbdd30 Mon Sep 17 00:00:00 2001 From: Ali Mihandoost Date: Sun, 28 Aug 2022 03:16:30 +0430 Subject: [PATCH] feat(container): alpine with CI deploy workflow --- .github/workflows/publish-container.yml | 90 +++++++++++++++++++++++++ packages/container/alpine/Dockerfile | 22 ++++++ 2 files changed, 112 insertions(+) create mode 100644 .github/workflows/publish-container.yml create mode 100644 packages/container/alpine/Dockerfile diff --git a/.github/workflows/publish-container.yml b/.github/workflows/publish-container.yml new file mode 100644 index 000000000..dfd1fc0d9 --- /dev/null +++ b/.github/workflows/publish-container.yml @@ -0,0 +1,90 @@ +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json + +name: Container Publish + +on: + push: + branches: + - next + tags: + - 'v*.*.*' + + pull_request: + paths: + - 'packages/container/**' + branches: + - next + +env: + REGISTRY: ghcr.io + +jobs: + build: + if: github.repository_owner == 'AliMD' + + name: Build & Publish Containers + runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + include: + - image: alpine + + permissions: + contents: read + packages: write + # This is used to complete the identity challenge + # with sigstore/fulcio when running outside of PRs. + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v4 + with: + images: ${{env.REGISTRY}}/${{github.repository_owner}}/${{matrix.image}} + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + + - run: echo '${{ toJSON(steps.meta.outputs) }}' + + # Install the cosign tool except on PR + # https://github.com/sigstore/cosign-installer + - name: Install cosign + if: github.event_name != 'pull_request' + uses: sigstore/cosign-installer@main + + - name: Setup Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Log into registry ${{env.REGISTRY}} + if: github.event_name != 'pull_request' + uses: docker/login-action@v2 + with: + registry: ${{env.REGISTRY}} + username: ${{github.repository_owner}} + password: ${{secrets.GITHUB_TOKEN}} + + - name: Build and push container image + id: build-and-push + uses: docker/build-push-action@v3 + with: + context: packages/container/${{matrix.image}} + push: ${{github.event_name != 'pull_request'}} + tags: ${{steps.meta.outputs.tags}} + labels: ${{steps.meta.outputs.labels}} + + - name: Sign the published container image + if: ${{github.event_name != 'pull_request'}} + env: + COSIGN_EXPERIMENTAL: "true" + # This step uses the identity token to provision an ephemeral certificate + # against the sigstore community Fulcio instance. + run: echo "${{steps.meta.outputs.tags}}" | xargs -I {} cosign sign {}@${{steps.build-and-push.outputs.digest}} diff --git a/packages/container/alpine/Dockerfile b/packages/container/alpine/Dockerfile new file mode 100644 index 000000000..f5d953c5a --- /dev/null +++ b/packages/container/alpine/Dockerfile @@ -0,0 +1,22 @@ +ARG ALPINE_VERSION=3.16 +FROM docker.io/alpine:${ALPINE_VERSION} + +ARG APK_TESTING +RUN set -ex; \ + if [ "$APK_TESTING" != "1" ]; then \ + echo "Skip alpine edge testing repository"; \ + else \ + echo "Add alpine edge testing repository"; \ + echo 'https://dl-cdn.alpinelinux.org/alpine/edge/testing/' >> /etc/apk/repositories; \ + fi + +ARG APK_INSTALL +RUN set -ex; \ + if [ "$APK_INSTALL" != "1" ]; then \ + echo "Skip apk install"; \ + else \ + echo "Add alpine edge testing repository"; \ + apk add --no-cache ${APK_INSTALL}; \ + fi + +CMD ["/bin/sh"]