Update SBOM files for images: dublok/jackett:c942e02,dublok/jackett:m… #6
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 🐳 Docker Images | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- '**' | |
tags: | |
- '**' | |
paths: | |
- 'src/**' | |
schedule: | |
- cron: '0 0 * * 0' | |
env: | |
Repository: dublok/jackett | |
jobs: | |
build-and-push: | |
runs-on: ubuntu-latest | |
outputs: | |
SHA_SHORT: ${{ steps.fetch-sha.outputs.SHA_SHORT }} | |
BRANCH_NAME: ${{ steps.extract-branch-name.outputs.BRANCH_NAME }} | |
strategy: | |
matrix: | |
platform: [amd64, arm64] # arm64, s390x | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Log in to DockerHub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_TOKEN }} | |
- name: Fetch Commit SHA | |
id: fetch-sha | |
run: | | |
echo "SHA_SHORT=$(git rev-parse --short HEAD)" >> $GITHUB_ENV | |
echo "SHA_SHORT=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
- name: Extract Branch Name | |
id: extract-branch-name | |
run: | | |
echo "BRANCH_NAME=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV | |
echo "BRANCH_NAME=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_OUTPUT | |
- name: ENV Variables | |
run: | | |
source $GITHUB_ENV | |
echo "BRANCH_NAME: ${BRANCH_NAME}" | |
echo "SHA_SHORT: ${SHA_SHORT}" | |
echo "GITHUB_REF_NAME: ${GITHUB_REF_NAME}" | |
- name: Define Tags | |
run: | | |
source $GITHUB_ENV | |
TEMP_TAGS="${{ env.Repository }}:${SHA_SHORT}-${{ matrix.platform }}" | |
echo "TEMP_TAGS=${TEMP_TAGS}" >> $GITHUB_ENV | |
- name: Tags | |
run: | | |
source $GITHUB_ENV | |
echo "TEMP_TAGS: ${TEMP_TAGS}" | |
- name: Set Build Args | |
run: | | |
echo "BUILD_DATE=$(date -u +%Y-%m-%dT%H:%M:%SZ)" >> $GITHUB_ENV | |
SHA_SHORT=$(git rev-parse --short HEAD) | |
echo "VERSION=${GITHUB_REF_NAME}/${SHA_SHORT}" >> $GITHUB_ENV | |
echo "TARGETPLATFORM=${{ matrix.platform }}" >> $GITHUB_ENV | |
if [ "${{ matrix.platform }}" == "amd64" ]; then | |
echo "ARCH=x86_64" >> $GITHUB_ENV | |
elif [ "${{ matrix.platform }}" == "arm64" ]; then | |
echo "ARCH=aarch64" >> $GITHUB_ENV | |
fi | |
- name: Combine Build Args | |
run: | | |
echo "BUILD_ARGS=TARGETPLATFORM=${{ env.TARGETPLATFORM }} ARCH=${{ env.ARCH }} BUILD_DATE=${{ env.BUILD_DATE }} VERSION=${{ env.VERSION }}" >> $GITHUB_ENV | |
- name: Print Build Args | |
run: | | |
source $GITHUB_ENV | |
echo "BUILD_ARGS: ${BUILD_ARGS}" | |
- name: Build and Push Docker Images | |
uses: docker/build-push-action@v5.0.0 | |
with: | |
context: ./src | |
file: ./src/Dockerfile | |
push: true | |
platforms: ${{ matrix.platform }} | |
tags: ${{ env.TEMP_TAGS }} | |
build-args: | | |
TARGETPLATFORM=${{ env.TARGETPLATFORM }} | |
ARCH=${{ env.ARCH }} | |
BUILD_DATE=${{ env.BUILD_DATE }} | |
VERSION=${{ env.VERSION }} | |
create-and-push-manifest: | |
needs: build-and-push | |
runs-on: ubuntu-latest | |
env: | |
SHA_SHORT: ${{ needs.build-and-push.outputs.SHA_SHORT }} | |
BRANCH_NAME: ${{ needs.build-and-push.outputs.BRANCH_NAME }} | |
steps: | |
- name: Print ENV Variables | |
run: | | |
echo "SHA_SHORT: ${{ env.SHA_SHORT }}" | |
echo "BRANCH_NAME: ${{ env.BRANCH_NAME }}" | |
echo "GITHUB_REF_NAME: ${GITHUB_REF_NAME}" | |
- name: Fetch Tags from Docker Hub | |
id: fetch-tags | |
run: | | |
SHA_SHORT=${{ env.SHA_SHORT }} | |
RESPONSE=$(curl -s -H "Authorization: Bearer ${{ secrets.DOCKER_TOKEN }}" "https://hub.docker.com/v2/repositories/${{ env.Repository }}/tags?name=$SHA_SHORT") | |
TAGS=$(echo $RESPONSE | jq -r '.results[].name' | tr '\n' ',' | sed 's/,$//') | |
echo "Fetched tags: $TAGS" | |
echo "TAGS=$TAGS" >> $GITHUB_ENV | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Log in to Docker Hub | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_TOKEN }} | |
- name: Create and push multi-arch manifest | |
id: create_manifest | |
run: | | |
TAGS=${{ env.TAGS }} | |
IFS=',' read -r -a TAG_ARRAY <<< "$TAGS" | |
IMAGETOOLS_CMD="docker buildx imagetools create --tag ${{ env.Repository }}:${{ env.SHA_SHORT }} --tag ${{ env.Repository }}:${GITHUB_REF_NAME} " | |
IMAGE_LIST="${{ env.Repository }}:${{ env.SHA_SHORT }},${{ env.Repository }}:${GITHUB_REF_NAME}" | |
if [[ "${GITHUB_REF_NAME}" == v* ]]; then | |
# Extract major version (e.g., v1 from v1.0.2, v1.0.2.1, etc.) | |
if [[ "${GITHUB_REF_NAME}" =~ ^v([0-9]+) ]]; then | |
MAJOR_VERSION="v${BASH_REMATCH[1]}" | |
# Extract additional version components | |
VERSION_REGEX='^v([0-9]+)(\.[0-9]+)?(\.[0-9]+)?(\.[0-9]+)?([aA-zZ])?$' | |
if [[ "${GITHUB_REF_NAME}" =~ $VERSION_REGEX ]]; then | |
MAJOR_MINOR_VERSION="v${BASH_REMATCH[1]}${BASH_REMATCH[2]}" | |
MAJOR_MINOR_PATCH_VERSION="v${BASH_REMATCH[1]}${BASH_REMATCH[2]}${BASH_REMATCH[3]}" | |
FULL_VERSION="v${BASH_REMATCH[1]}${BASH_REMATCH[2]}${BASH_REMATCH[3]}${BASH_REMATCH[4]}" | |
if [[ -n "${BASH_REMATCH[5]}" ]]; then | |
SUFFIX="${BASH_REMATCH[5]}" | |
FULL_VERSION_WITH_SUFFIX="${FULL_VERSION}${SUFFIX}" | |
else | |
SUFFIX="" | |
FULL_VERSION_WITH_SUFFIX="${FULL_VERSION}" | |
fi | |
fi | |
if [[ "${SUFFIX}" =~ [aA] ]]; then | |
if [[ -n "$FULL_VERSION" ]]; then | |
IMAGETOOLS_CMD+="--tag ${{ env.Repository }}:${FULL_VERSION}-alpha " | |
IMAGE_LIST+=",${{ env.Repository }}:${FULL_VERSION}-alpha" | |
fi | |
if [[ -n "$MAJOR_MINOR_PATCH_VERSION" ]]; then | |
IMAGETOOLS_CMD+="--tag ${{ env.Repository }}:${MAJOR_MINOR_PATCH_VERSION}-alpha " | |
IMAGE_LIST+=",${{ env.Repository }}:${MAJOR_MINOR_PATCH_VERSION}-alpha" | |
fi | |
if [[ -n "$MAJOR_MINOR_VERSION" ]]; then | |
IMAGETOOLS_CMD+="--tag ${{ env.Repository }}:${MAJOR_MINOR_VERSION}-alpha " | |
IMAGE_LIST+=",${{ env.Repository }}:${MAJOR_MINOR_VERSION}-alpha" | |
fi | |
IMAGETOOLS_CMD+="--tag ${{ env.Repository }}:${MAJOR_VERSION}-alpha " | |
IMAGE_LIST+=",${{ env.Repository }}:${MAJOR_VERSION}-alpha" | |
elif [[ "${SUFFIX}" =~ [bB] ]]; then | |
if [[ -n "$FULL_VERSION" ]]; then | |
IMAGETOOLS_CMD+="--tag ${{ env.Repository }}:${FULL_VERSION}-beta " | |
IMAGE_LIST+=",${{ env.Repository }}:${FULL_VERSION}-beta" | |
fi | |
if [[ -n "$MAJOR_MINOR_PATCH_VERSION" ]]; then | |
IMAGETOOLS_CMD+="--tag ${{ env.Repository }}:${MAJOR_MINOR_PATCH_VERSION}-beta " | |
IMAGE_LIST+=",${{ env.Repository }}:${MAJOR_MINOR_PATCH_VERSION}-beta" | |
fi | |
if [[ -n "$MAJOR_MINOR_VERSION" ]]; then | |
IMAGETOOLS_CMD+="--tag ${{ env.Repository }}:${MAJOR_MINOR_VERSION}-beta " | |
IMAGE_LIST+=",${{ env.Repository }}:${MAJOR_MINOR_VERSION}-beta" | |
fi | |
IMAGETOOLS_CMD+="--tag ${{ env.Repository }}:${MAJOR_VERSION}-beta " | |
IMAGE_LIST+=",${{ env.Repository }}:${MAJOR_VERSION}-beta" | |
else | |
if [[ -n "$FULL_VERSION" ]]; then | |
IMAGETOOLS_CMD+="--tag ${{ env.Repository }}:${FULL_VERSION} " | |
IMAGE_LIST+=",${{ env.Repository }}:${FULL_VERSION}" | |
fi | |
if [[ -n "$MAJOR_MINOR_PATCH_VERSION" ]]; then | |
IMAGETOOLS_CMD+="--tag ${{ env.Repository }}:${MAJOR_MINOR_PATCH_VERSION} " | |
IMAGE_LIST+=",${{ env.Repository }}:${MAJOR_MINOR_PATCH_VERSION}" | |
fi | |
if [[ -n "$MAJOR_MINOR_VERSION" ]]; then | |
IMAGETOOLS_CMD+="--tag ${{ env.Repository }}:${MAJOR_MINOR_VERSION} " | |
IMAGE_LIST+=",${{ env.Repository }}:${MAJOR_MINOR_VERSION}" | |
fi | |
IMAGETOOLS_CMD+="--tag ${{ env.Repository }}:${MAJOR_VERSION} " | |
IMAGETOOLS_CMD+="--tag ${{ env.Repository }}:latest " | |
IMAGE_LIST+=",${{ env.Repository }}:${MAJOR_VERSION}" | |
IMAGE_LIST+=",${{ env.Repository }}:latest" | |
fi | |
fi | |
fi | |
for TAG in "${TAG_ARRAY[@]}"; do | |
IMAGETOOLS_CMD+="${{ env.Repository }}:$TAG " | |
done | |
echo "IMAGE_LIST=$IMAGE_LIST" >> $GITHUB_ENV | |
echo "Running command: $IMAGETOOLS_CMD" | |
eval $IMAGETOOLS_CMD | |
- name: Run Docker Package Versions Action | |
uses: DockForge/SBOMinify@latest | |
with: | |
images: ${{ env.IMAGE_LIST }} | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
output_path: "sboms" | |
sbom_file_prefix: "" | |
sbom_file_suffix: "" | |
sbom_file_name: "[TAG]" | |