From 29057f8922541fa3c6b9fcbabea3a063faead5d6 Mon Sep 17 00:00:00 2001 From: RipleyBooya Date: Tue, 25 Feb 2025 18:57:29 +0100 Subject: [PATCH] Create docker-publish.yml --- .github/workflows/docker-publish.yml | 105 +++++++++++++++++++++++++++ 1 file changed, 105 insertions(+) create mode 100644 .github/workflows/docker-publish.yml diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml new file mode 100644 index 0000000..2e376f2 --- /dev/null +++ b/.github/workflows/docker-publish.yml @@ -0,0 +1,105 @@ +name: Build & Push Docker Images (Standard & Tailscale in One Repo) + +on: + schedule: + - cron: '15 19 * * *' # Exécute automatiquement tous les jours à 19h15 UTC + push: + branches: [ "main" ] # Se déclenche à chaque push sur main + tags: [ 'v*.*.*' ] # Publie les tags s'ils suivent un format semver (ex: v1.2.3) + pull_request: + branches: [ "main" ] # Teste sur PR sans push + +env: + REGISTRY_GHCR: ghcr.io + REGISTRY_DOCKERHUB: docker.io + IMAGE_NAME: ripleybooya/ssh-tunnel # Nom de l’image Docker + +jobs: + build-and-push: + runs-on: ubuntu-latest + + permissions: + contents: read + packages: write + id-token: write # Nécessaire pour la signature avec Cosign + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up QEMU for multi-platform builds + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + # 🔑 Connexion à GitHub Container Registry + - name: Log in to GitHub Container Registry + if: github.event_name != 'pull_request' + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY_GHCR }} + username: ${{ secrets.GHCR_USERNAME }} + password: ${{ secrets.GHCR_TOKEN }} + + # 🔑 Connexion à Docker Hub + - name: Log in to Docker Hub + if: github.event_name != 'pull_request' + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_TOKEN }} + + # 🏗 Build et push de l'image standard (latest) et version Tailscale (tailscale) + - name: Build and push standard & tailscale Docker images + id: build-and-push + uses: docker/build-push-action@v5 + with: + context: . # Utilisation du répertoire courant + push: ${{ github.event_name != 'pull_request' }} + platforms: linux/amd64,linux/arm64 + tags: | + ${{ env.REGISTRY_GHCR }}/${{ env.IMAGE_NAME }}:latest + ${{ env.REGISTRY_DOCKERHUB }}/${{ env.IMAGE_NAME }}:latest + labels: | + org.opencontainers.image.source=${{ github.repositoryUrl }} + cache-from: type=gha + cache-to: type=gha,mode=max + + - name: Build and push Tailscale variant (tag: tailscale) + id: build-and-push-tailscale + uses: docker/build-push-action@v5 + with: + context: . # Utilisation du répertoire courant + file: Dockerfile.tailscale # Utilisation du Dockerfile spécifique + push: ${{ github.event_name != 'pull_request' }} + platforms: linux/amd64,linux/arm64 + tags: | + ${{ env.REGISTRY_GHCR }}/${{ env.IMAGE_NAME }}:tailscale + ${{ env.REGISTRY_DOCKERHUB }}/${{ env.IMAGE_NAME }}:tailscale + labels: | + org.opencontainers.image.source=${{ github.repositoryUrl }} + cache-from: type=gha + cache-to: type=gha,mode=max + + # 🔒 Signature de l’image avec Cosign + - name: Sign the published Docker images + if: ${{ github.event_name != 'pull_request' }} + env: + TAGS: | + ${{ env.REGISTRY_GHCR }}/${{ env.IMAGE_NAME }}:latest + ${{ env.REGISTRY_GHCR }}/${{ env.IMAGE_NAME }}:tailscale + ${{ env.REGISTRY_DOCKERHUB }}/${{ env.IMAGE_NAME }}:latest + ${{ env.REGISTRY_DOCKERHUB }}/${{ env.IMAGE_NAME }}:tailscale + DIGEST: ${{ steps.build-and-push.outputs.digest }} + run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} + + # 🔹 Mise à jour automatique de la description du repository Docker Hub + - name: Update Docker Hub Description + uses: peter-evans/dockerhub-description@v4 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_TOKEN }} + repository: ripleybooya/ssh-tunnel # Remplace par ton namespace/nom de repo sur Docker Hub + readme-filepath: ./README.md # Récupère la description depuis le README GitHub +