Ripley/ssh-tunnel
1
0
Fork 0
mirror of https://github.com/RipleyBooya/ssh-tunnel.git synced 2025-12-11 07:28:39 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
ssh-tunnel/.github/workflows/docker-publish.yml
RipleyBooya 9308227d4a
Update docker-publish.yml
2025-02-25 19:15:54 +01:00

112 lines
4.3 KiB
YAML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

name: Build & Push Docker Images (Standard & Tailscale in One Repo)
on:
schedule:
- cron: '15 19 * * *' # Exécute automatiquement tous les jours à 19h15 UTC
push:
branches: [ "main" ] # Se déclenche à chaque push sur main
tags: [ 'v*.*.*' ] # Publie les tags s'ils suivent un format semver (ex: v1.2.3)
pull_request:
branches: [ "main" ] # Teste sur PR sans push
env:
REGISTRY_GHCR: ghcr.io
REGISTRY_DOCKERHUB: docker.io
IMAGE_NAME: ripleybooya/ssh-tunnel # Nom de limage Docker
jobs:
build-and-push:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write # Nécessaire pour la signature avec Cosign
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up QEMU for multi-platform builds
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
# 🔑 Connexion à GitHub Container Registry
- name: Log in to GitHub Container Registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY_GHCR }}
username: ${{ secrets.GHCR_USERNAME }}
password: ${{ secrets.GHCR_TOKEN }}
# 🔑 Connexion à Docker Hub
- name: Log in to Docker Hub
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
# 🏗 Build et push de l'image standard (latest)
- name: "Build and push standard Docker image (tag: latest)"
id: build-and-push
uses: docker/build-push-action@v5
with:
context: . # Utilisation du répertoire courant
push: ${{ github.event_name != 'pull_request' }}
platforms: linux/amd64,linux/arm64
tags: |
${{ env.REGISTRY_GHCR }}/${{ env.IMAGE_NAME }}:latest
${{ env.REGISTRY_DOCKERHUB }}/${{ env.IMAGE_NAME }}:latest
labels: |
org.opencontainers.image.source=https://github.com/${{ github.repository }}
cache-from: type=gha
cache-to: type=gha,mode=max
# 🏗 Build et push de la version Tailscale
- name: "Build and push Tailscale variant (tag: tailscale)"
id: build-and-push-tailscale
uses: docker/build-push-action@v5
with:
context: . # Utilisation du répertoire courant
file: Dockerfile.tailscale # Utilisation du Dockerfile spécifique
push: ${{ github.event_name != 'pull_request' }}
platforms: linux/amd64,linux/arm64
tags: |
${{ env.REGISTRY_GHCR }}/${{ env.IMAGE_NAME }}:tailscale
${{ env.REGISTRY_DOCKERHUB }}/${{ env.IMAGE_NAME }}:tailscale
labels: |
org.opencontainers.image.source=https://github.com/${{ github.repository }}
cache-from: type=gha
cache-to: type=gha,mode=max
# 🔒 Installer Cosign avant de signer les images
- name: Install cosign
uses: sigstore/cosign-installer@v3
# 🔒 Signature des images après le push
- name: Sign the published Docker images
if: ${{ github.event_name != 'pull_request' }}
env:
TAGS: |
${{ env.REGISTRY_GHCR }}/${{ env.IMAGE_NAME }}:latest
${{ env.REGISTRY_GHCR }}/${{ env.IMAGE_NAME }}:tailscale
${{ env.REGISTRY_DOCKERHUB }}/${{ env.IMAGE_NAME }}:latest
${{ env.REGISTRY_DOCKERHUB }}/${{ env.IMAGE_NAME }}:tailscale
DIGEST_LATEST: ${{ steps.build-and-push.outputs.digest }}
DIGEST_TAILSCALE: ${{ steps.build-and-push-tailscale.outputs.digest }}
run: |
echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST_LATEST}
echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST_TAILSCALE}
# 🔹 Mise à jour automatique de la description du repository Docker Hub
- name: Update Docker Hub Description
uses: peter-evans/dockerhub-description@v4
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
repository: ripleybooya/ssh-tunnel # Nom du repo Docker Hub
readme-filepath: ./README.md # Récupère la description depuis le README GitHub
Reference in a new issue View git blame Copy permalink