Merge pull request #78 from LedgerHQ/tdejoigny-dockerfile #157
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Build the docker images and push them to GitHub Packages | |
name: Publish Docker images | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- master | |
pull_request: | |
env: | |
REGISTRY: ghcr.io | |
REPO_PATH: ${{ github.repository }} | |
REPO_NAME: ${{ github.event.repository.name }} | |
BUILD_PLATFORMS: linux/amd64,linux/arm64 | |
jobs: | |
check_changelog: | |
name: Check changelog versions | |
runs-on: ubuntu-latest | |
steps: | |
- name: Clone | |
uses: actions/checkout@v3 | |
- name: Get current version | |
id: get-current-version | |
run: | | |
echo "current_version=$(grep -Po '(?<=## \[)(\d\.)+[^\]]' CHANGELOG.md | head -n 1)" >> "$GITHUB_OUTPUT" | |
- name: Login to registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Check already existing image | |
run: | | |
GHCR_TOKEN=$(echo ${{ secrets.GITHUB_TOKEN }} | base64) | |
# Get tags of all images from GHCR | |
TAGS_FULL=$(curl -H "Authorization: Bearer ${GHCR_TOKEN}" https://ghcr.io/v2/${REPO_PATH,,}/${REPO_NAME,,}/tags/list) | |
TAGS_LITE=$(curl -H "Authorization: Bearer ${GHCR_TOKEN}" https://ghcr.io/v2/${REPO_PATH,,}/${REPO_NAME,,}-lite/tags/list) | |
TAGS_LEGACY=$(curl -H "Authorization: Bearer ${GHCR_TOKEN}" https://ghcr.io/v2/${REPO_PATH,,}/${REPO_NAME,,}-legacy/tags/list) | |
TAGS_DEV_TOOLS=$(curl -H "Authorization: Bearer ${GHCR_TOKEN}" https://ghcr.io/v2/${REPO_PATH,,}/ledger-app-dev-tools/tags/list) | |
# Concatenate all tags from json fields in one string without brackets | |
ALL_TAGS=$(echo $TAGS_FULL $TAGS_LITE $TAGS_LEGACY $TAGS_DEV_TOOLS | jq -s '.[0].tags + .[1].tags + .[2].tags + .[3].tags' | tr -d '[]') | |
# Get the tag to find | |
TAG_TO_FIND=${{ steps.get-current-version.outputs.current_version }} | |
# Check if the tag to find is already present in the list of tags | |
if [[ "$ALL_TAGS" == *"$TAG_TO_FIND"* ]]; then | |
echo "An image tagged with the latest changelog version already exists on GHCR. Please update the changelog." | |
exit 1 | |
else | |
exit 0 | |
fi | |
outputs: | |
current_version: ${{ steps.get-current-version.outputs.current_version }} | |
mods_list: | |
name: Get modified files | |
runs-on: ubuntu-latest | |
steps: | |
- name: Clone | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Get changes | |
id: get-changes | |
uses: tj-actions/changed-files@v33 | |
outputs: | |
modified_files: ${{ steps.get-changes.outputs.all_modified_files }} | |
builder_lite: | |
name: App Builder Lite | |
runs-on: ubuntu-latest | |
needs: [mods_list, check_changelog] | |
if: needs.check_changelog.result == 'success' && contains(needs.mods_list.outputs.modified_files, 'lite/Dockerfile') | |
permissions: | |
packages: write | |
steps: | |
- name: Clone | |
uses: actions/checkout@v3 | |
- name: Login to registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Make full image name | |
run: | | |
echo "IMAGE=${REGISTRY}/${REPO_PATH,,}/${REPO_NAME,,}-lite" >>${GITHUB_ENV} | |
- name: Extract metadata | |
id: meta | |
uses: docker/metadata-action@v4 | |
with: | |
images: ${{ env.IMAGE }} | |
- name: Set-up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set-up Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Build and push container | |
uses: docker/build-push-action@v3 | |
with: | |
file: lite/Dockerfile | |
platforms: ${{ env.BUILD_PLATFORMS }} | |
tags: ${{ env.IMAGE }}:${{ github.sha }},${{ env.IMAGE }}:latest,${{ env.IMAGE }}:${{ needs.check_changelog.outputs.current_version }} | |
labels: ${{ steps.meta.outputs.labels }} | |
push: ${{ (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch' }} | |
builder_legacy: | |
name: App Builder Legacy | |
runs-on: ubuntu-latest | |
needs: [mods_list, check_changelog, builder_lite] | |
if: always() && needs.check_changelog.result == 'success' && (needs.builder_lite.result == 'success' || (needs.builder_lite.result == 'skipped' && contains(needs.mods_list.outputs.modified_files, 'legacy/Dockerfile'))) | |
permissions: | |
packages: write | |
steps: | |
- name: Clone | |
uses: actions/checkout@v3 | |
- name: Login to registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Make full image name | |
run: | | |
echo "IMAGE=${REGISTRY}/${REPO_PATH,,}/${REPO_NAME,,}-legacy" >>${GITHUB_ENV} | |
- name: Extract metadata | |
id: meta | |
uses: docker/metadata-action@v4 | |
with: | |
images: ${{ env.IMAGE }} | |
- name: Build and push container | |
uses: docker/build-push-action@v3 | |
with: | |
file: legacy/Dockerfile | |
tags: ${{ env.IMAGE }}:${{ github.sha }},${{ env.IMAGE }}:latest,${{ env.IMAGE }}:${{ needs.check_changelog.outputs.current_version }} | |
labels: ${{ steps.meta.outputs.labels }} | |
push: ${{ (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch' }} | |
builder: | |
name: App Builder | |
runs-on: ubuntu-latest | |
needs: [mods_list, check_changelog, builder_lite] | |
if: always() && needs.check_changelog.result == 'success' && (needs.builder_lite.result == 'success' || (needs.builder_lite.result == 'skipped' && contains(needs.mods_list.outputs.modified_files, 'full/Dockerfile'))) | |
permissions: | |
packages: write | |
steps: | |
- name: Clone | |
uses: actions/checkout@v3 | |
- name: Login to registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Make full image name | |
run: | | |
echo "IMAGE=${REGISTRY}/${REPO_PATH,,}/${REPO_NAME,,}" >>${GITHUB_ENV} | |
- name: Extract metadata | |
id: meta | |
uses: docker/metadata-action@v4 | |
with: | |
images: ${{ env.IMAGE }} | |
- name: Set-up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set-up Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Build and push container | |
uses: docker/build-push-action@v3 | |
with: | |
file: full/Dockerfile | |
platforms: ${{ env.BUILD_PLATFORMS }} | |
tags: ${{ env.IMAGE }}:${{ github.sha }},${{ env.IMAGE }}:latest,${{ env.IMAGE }}:${{ needs.check_changelog.outputs.current_version }} | |
labels: ${{ steps.meta.outputs.labels }} | |
push: ${{ (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch' }} | |
dev_tools: | |
name: App Developer Tools | |
runs-on: ubuntu-latest | |
needs: [mods_list, check_changelog, builder] | |
if: always() && needs.check_changelog.result == 'success' && (needs.builder.result == 'success' || (needs.builder.result == 'skipped' && contains(needs.mods_list.outputs.modified_files, 'dev-tools/Dockerfile'))) | |
permissions: | |
packages: write | |
steps: | |
- name: Clone | |
uses: actions/checkout@v3 | |
- name: Login to registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Make full image name | |
run: | | |
echo "IMAGE=${REGISTRY}/${REPO_PATH,,}/ledger-app-dev-tools" >>${GITHUB_ENV} | |
- name: Extract metadata | |
id: meta | |
uses: docker/metadata-action@v4 | |
with: | |
images: ${{ env.IMAGE }} | |
- name: Set-up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set-up Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Build and push container | |
uses: docker/build-push-action@v3 | |
with: | |
file: dev-tools/Dockerfile | |
platforms: ${{ env.BUILD_PLATFORMS }} | |
tags: ${{ env.IMAGE }}:${{ github.sha }},${{ env.IMAGE }}:latest,${{ env.IMAGE }}:${{ needs.check_changelog.outputs.current_version }} | |
labels: ${{ steps.meta.outputs.labels }} | |
push: ${{ (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'workflow_dispatch' }} |