Skip to content
.github/workflows/reusable_docker_pipeline.yml

nits #5

Sign in to view logs

nits

nits #5

Workflow file for this run

.github/workflows/reusable_docker_pipeline.yml at a6a83a7
name: Docker Build & Publish
on:
workflow_call:
inputs:
dockerfile:
required: false
type: string
description: "Path to Dockerfile"
default: "Dockerfile"
dockerContext:
required: false
type: string
description: "The Docker context"
default: "."
publish:
required: true
type: boolean
repoName:
required: false
type: string
description: "Custom repository name"
default: ""
go-private-repos-authentication:
description: 'Enable authentication for private repositories'
type: boolean
default: false
platforms:
required: false
type: string
description: "Target platforms for Docker build"
default: "linux/amd64,linux/arm64"
jobs:
prepare-metadata:
runs-on: ubuntu-22.04
outputs:
image-name: ${{ steps.set_image_name.outputs.IMAGE_NAME }}
steps:
- name: Determine image name
id: set_image_name
run: |
if [ -n "${{ inputs.repoName }}" ]; then
echo "IMAGE_NAME=${{ inputs.repoName }}" >> $GITHUB_OUTPUT
else
echo "IMAGE_NAME=$(echo $GITHUB_REPOSITORY | cut -d '/' -f 2)" >> $GITHUB_OUTPUT
fi
docker_build:
runs-on: ${{ matrix.runner }}
needs: prepare-metadata
strategy:
fail-fast: false
matrix:
platform:
- linux/amd64
- linux/arm64
runner:
- ubuntu-22.04
# - self-hosted
# exclude:
# - platform: linux/amd64
# runner: self-hosted
# - platform: linux/arm64
# runner: ubuntu-22.04
steps:
- name: Prepare
run: |
platform=${{ matrix.platform }}
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub
uses: docker/login-action@v3
if: inputs.publish
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to ECR
uses: docker/login-action@v3
if: inputs.publish
with:
registry: ${{ vars.AWS_ECR_REGISTRY_ID }}
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
# This block is used to not hard-coded the secrets in Build Docker image
# Secrets are only added when necessary
- name: Generate and mask build secrets
id: set-build-secrets
run: |
SECRETS=""
if [ -n "${{ inputs.go-private-repos-authentication }}" ]; then
SECRETS+='"GO_PRIVATE_TOKEN=${{ secrets.GO_PRIVATE_TOKEN }}"\n'
fi
echo "::add-mask::$SECRETS"
echo "SECRETS<<EOF" >> $GITHUB_OUTPUT
echo -e "$SECRETS" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
shell: bash
- name: Build and push by digest
id: build
uses: docker/build-push-action@v6
with:
platforms: ${{ matrix.platform }}
outputs: |
type=image,name=${{ vars.DOCKERHUB_REGISTRY_ID }}/${{ needs.prepare-metadata.outputs.image-name }},push-by-digest=true,push=${{ inputs.publish }}
type=image,name=${{ vars.AWS_ECR_REGISTRY_ID }}/${{ needs.prepare-metadata.outputs.image-name }},push-by-digest=true,push=${{ inputs.publish }}
secrets: ${{ steps.set-build-secrets.outputs.SECRETS }}
context: ${{ inputs.dockerContext }}
file: ${{ inputs.dockerfile }}
- name: Export digest
if: inputs.publish
run: |
mkdir -p /tmp/digests
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
- name: Upload digest
if: inputs.publish
uses: actions/upload-artifact@v4
with:
name: digests-${{ env.PLATFORM_PAIR }}
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1
merge_dockerhub:
runs-on: ubuntu-latest
if: inputs.publish
needs:
- docker_build
- prepare-metadata
steps:
- name: Download digests
uses: actions/download-artifact@v4
with:
path: /tmp/digests
pattern: digests-*
merge-multiple: true
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ vars.DOCKERHUB_REGISTRY_ID }}/${{ needs.prepare-metadata.outputs.image-name }}
${{ vars.AWS_ECR_REGISTRY_ID }}/${{ needs.prepare-metadata.outputs.image-name }}
tags: |
type=sha,enable=true,priority=100,prefix=,suffix=,format=long
type=ref,enable=true,priority=200,prefix=,suffix=,event=tag
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to ECR
uses: docker/login-action@v3
with:
registry: ${{ vars.AWS_ECR_REGISTRY_ID }}
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: Create manifest list and push
working-directory: /tmp/digests
run: |
tags=$(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON")
echo $tags
dockerhub_digests=$(printf "${{ vars.DOCKERHUB_REGISTRY_ID }}/${{ needs.prepare-metadata.outputs.image-name }}@sha256:%s " $(ls /tmp/digests))
ecr_digests=$(printf "${{ vars.AWS_ECR_REGISTRY_ID }}/${{ needs.prepare-metadata.outputs.image-name }}@sha256:%s " $(ls /tmp/digests))
echo $digests
docker buildx imagetools create $tags $dockerhub_digests
docker buildx imagetools create $tags $ecr_digests
- name: Inspect image
run: |
docker buildx imagetools inspect ${{ vars.DOCKERHUB_REGISTRY_ID }}/${{ needs.prepare-metadata.outputs.image-name }}:${{ steps.meta.outputs.version }}
merge_dockerhub:

Check failure on line 192 in .github/workflows/reusable_docker_pipeline.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/reusable_docker_pipeline.yml

Invalid workflow file 

You have an error in your yaml syntax on line 192
runs-on: ubuntu-latest
if: inputs.publish
needs:
- docker_build
- prepare-metadata
steps:
- name: Download digests
uses: actions/download-artifact@v4
with:
path: /tmp/digests
pattern: digests-*
merge-multiple: true
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ vars.DOCKERHUB_REGISTRY_ID }}/${{ needs.prepare-metadata.outputs.image-name }}
ags: |
type=sha,enable=true,priority=100,prefix=,suffix=,format=long
type=ref,enable=true,priority=200,prefix=,suffix=,event=tag
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Create manifest list and push
working-directory: /tmp/digests
run: |
tags=$(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON")
digests=$(printf "${{ vars.DOCKERHUB_REGISTRY_ID }}/${{ needs.prepare-metadata.outputs.image-name }}@sha256:%s " $(ls /tmp/digests))
docker buildx imagetools create $tags $digests
- name: Inspect image
run: |
docker buildx imagetools inspect ${{ vars.DOCKERHUB_REGISTRY_ID }}/${{ needs.prepare-metadata.outputs.image-name }}:${{ steps.meta.outputs.version }}
merge_ecr:
runs-on: ubuntu-latest
if: inputs.publish
needs:
- docker_build
- prepare-metadata
steps:
- name: Download digests
uses: actions/download-artifact@v4
with:
path: /tmp/digests
pattern: digests-*
merge-multiple: true
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ vars.AWS_ECR_REGISTRY_ID }}/${{ needs.prepare-metadata.outputs.image-name }}
tags: |
type=sha,enable=true,priority=100,prefix=,suffix=,format=long
type=ref,enable=true,priority=200,prefix=,suffix=,event=tag
- name: Login to ECR
uses: docker/login-action@v3
with:
registry: ${{ vars.AWS_ECR_REGISTRY_ID }}
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: Create manifest list and push
working-directory: /tmp/digests
run: |
tags=$(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON")
digests=$(printf "${{ vars.AWS_ECR_REGISTRY_ID }}/${{ needs.prepare-metadata.outputs.image-name }}@sha256:%s " $(ls /tmp/digests))
docker buildx imagetools create $tags $digests
- name: Inspect image
run: |
docker buildx imagetools inspect ${{ vars.AWS_ECR_REGISTRY_ID }}/${{ needs.prepare-metadata.outputs.image-name }}:${{ steps.meta.outputs.version }}