diff --git a/.github/workflows/docker_build_or_deploy.yml b/.github/workflows/docker_build_or_deploy.yml new file mode 100644 index 00000000..c8b9b824 --- /dev/null +++ b/.github/workflows/docker_build_or_deploy.yml @@ -0,0 +1,71 @@ +name: Docker Build (Reusable) + +on: + workflow_call: + inputs: + push: + description: 'Push image to Docker Hub and attest it' + type: boolean + default: false + version: + description: 'Version tag for the image' + type: string + default: '' + secrets: + DOCKERHUB_TOKEN: + required: false + +permissions: + id-token: write + attestations: write + +jobs: + build: + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + attestations: write + steps: + - name: Checkout + uses: actions/checkout@v7 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v4 + + # Only log in when we intend to push (keeps secrets out of PR builds) + - name: Log in to Docker Hub + if: inputs.push + uses: docker/login-action@v4 + with: + username: tragiccode + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v6 + with: + images: tragiccode/busly-cli + tags: | + ${{ inputs.version }} + latest + + - name: Build (and maybe push) Docker image + id: push + uses: docker/build-push-action@v7 + with: + context: . + file: ./src/BuslyCLI.Console/Dockerfile + build-args: | + APP_VERSION=${{ inputs.version }} + push: ${{ inputs.push }} + tags: ${{ inputs.push && steps.meta.outputs.tags || '' }} + labels: ${{ steps.meta.outputs.labels }} + + - name: Generate artifact attestation + if: inputs.push + uses: actions/attest-build-provenance@v4 + with: + subject-name: index.docker.io/tragiccode/busly-cli + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true \ No newline at end of file diff --git a/.github/workflows/docker_deploy.yml b/.github/workflows/docker_deploy.yml index e6dd8b11..c8f20733 100644 --- a/.github/workflows/docker_deploy.yml +++ b/.github/workflows/docker_deploy.yml @@ -4,69 +4,27 @@ on: release: types: [published] -permissions: - id-token: write - attestations: write - jobs: - build: + version: runs-on: ubuntu-latest - + outputs: + version: ${{ steps.version.outputs.version }} steps: - - name: Checkout - uses: actions/checkout@v7 - - - name: Extract version (without v) - id: version + - id: version run: | - if [ "${{ github.event_name }}" = "release" ]; then - # Extract version from release tag (remove any 'v' prefix) - VERSION="${{ github.event.release.tag_name }}" - VERSION=${VERSION#v} # Remove 'v' prefix if present - else - VERSION="${{ github.event.inputs.version }}" - VERSION=${VERSION#v} # Remove 'v' prefix if present - fi - - echo "version=$VERSION" >> $GITHUB_OUTPUT - echo "Syncing version: $VERSION" - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v4 - - - name: Log in to Docker Hub - uses: docker/login-action@v4 - with: - username: tragiccode - password: ${{ secrets.DOCKERHUB_TOKEN }} - - # Revisit this. We should probably be triggering this off of a tag event. - # Which would automatically tag the image with the version and latest and allow us to remove - # the manual 'tags' property below - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@v6 - with: - images: tragiccode/busly-cli - tags: | - ${{ steps.version.outputs.version }} - latest - - - name: Build and push Docker image - id: push - uses: docker/build-push-action@v7 - with: - context: . - file: ./src/BuslyCLI.Console/Dockerfile - build-args: | - APP_VERSION=${{ steps.version.outputs.version }} - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - - - name: Generate artifact attestation - uses: actions/attest-build-provenance@v4 - with: - subject-name: index.docker.io/tragiccode/busly-cli - subject-digest: ${{ steps.push.outputs.digest }} - push-to-registry: true + VERSION="${{ github.event.release.tag_name }}" + VERSION=${VERSION#v} + echo "version=$VERSION" >> "$GITHUB_OUTPUT" + + docker: + needs: version + uses: ./.github/workflows/docker_build_or_deploy.yml + # permissions: + # contents: read + # id-token: write + # attestations: write + with: + push: true + version: ${{ needs.version.outputs.version }} + secrets: + DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/docker_pull_request.yml b/.github/workflows/docker_pull_request.yml new file mode 100644 index 00000000..64868913 --- /dev/null +++ b/.github/workflows/docker_pull_request.yml @@ -0,0 +1,15 @@ +name: Pull Request Docker Build + +on: + pull_request: +# Can't do this because i don't have a pr number... +# schedule: +# # Runs every night at 2 AM UTC. This is to detect flakey builds +# - cron: "0 2 * * *" + +jobs: + docker: + uses: ./.github/workflows/docker_build_or_deploy.yml + with: + push: false + version: 1.0.0-pr.${{ github.event.number }}.${{ github.sha }} \ No newline at end of file diff --git a/src/BuslyCLI.Console/Dockerfile b/src/BuslyCLI.Console/Dockerfile index 46b1f08f..bccac34e 100644 --- a/src/BuslyCLI.Console/Dockerfile +++ b/src/BuslyCLI.Console/Dockerfile @@ -5,6 +5,7 @@ ARG APP_VERSION=0.1.0 WORKDIR /src COPY Directory.Build.props ./ +COPY Directory.Packages.props ./ # Copy project file and restore dependencies (better layer caching) COPY src/BuslyCLI.Console/BuslyCLI.Console.csproj ./BuslyCLI.Console/