name: Docker on: push: branches: - main pull_request: paths: - '.trivy.yaml' - 'Dockerfile' - 'Dockerfile.next' - 'docker/**' - 'docker-next/**' - '.github/workflows/docker.yml' release: types: [ published ] jobs: buildx: if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && github.repository == 'gogs/gogs' }} concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true runs-on: ubuntu-latest permissions: actions: write contents: read packages: write steps: - name: Checkout code uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Set up QEMU uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 with: platforms: linux/amd64,linux/arm64,linux/arm/v7 - name: Set up Docker Buildx id: buildx uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Inspect builder run: | echo "Name: ${{ steps.buildx.outputs.name }}" echo "Endpoint: ${{ steps.buildx.outputs.endpoint }}" echo "Status: ${{ steps.buildx.outputs.status }}" echo "Flags: ${{ steps.buildx.outputs.flags }}" echo "Platforms: ${{ steps.buildx.outputs.platforms }}" - name: Login to Docker Hub uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container registry uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push images uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: context: . platforms: linux/amd64,linux/arm64,linux/arm/v7 push: true tags: | gogs/gogs:latest ghcr.io/gogs/gogs:latest - name: Scan for container vulnerabilities uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1 with: image-ref: gogs/gogs:latest exit-code: '1' - name: Send email on failure uses: dawidd6/action-send-mail@2cea9617b09d79a095af21254fbcb7ae95903dde # v3.12.0 if: ${{ failure() }} with: server_address: smtp.mailgun.org server_port: 465 username: ${{ secrets.SMTP_USERNAME }} password: ${{ secrets.SMTP_PASSWORD }} subject: GitHub Actions (${{ github.repository }}) job result to: github-actions-8ce6454@unknwon.io from: GitHub Actions (${{ github.repository }}) reply_to: noreply@unknwon.io body: | The job "${{ github.job }}" of ${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }} completed with "${{ job.status }}". View the job run at: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} buildx-next: if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && github.repository == 'gogs/gogs' }} concurrency: group: ${{ github.workflow }}-next-${{ github.ref }} cancel-in-progress: true runs-on: ubuntu-latest permissions: actions: write contents: read packages: write steps: - name: Checkout code uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Set up QEMU uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 with: platforms: linux/amd64,linux/arm64,linux/arm/v7 - name: Set up Docker Buildx id: buildx uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Inspect builder run: | echo "Name: ${{ steps.buildx.outputs.name }}" echo "Endpoint: ${{ steps.buildx.outputs.endpoint }}" echo "Status: ${{ steps.buildx.outputs.status }}" echo "Flags: ${{ steps.buildx.outputs.flags }}" echo "Platforms: ${{ steps.buildx.outputs.platforms }}" - name: Login to Docker Hub uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container registry uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Login to DigitalOcean Container registry uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: registry.digitalocean.com username: ${{ secrets.DIGITALOCEAN_USERNAME }} password: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }} - name: Build and push next-gen images uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: context: . file: Dockerfile.next platforms: linux/amd64,linux/arm64,linux/arm/v7 push: true tags: | gogs/gogs:next-latest ghcr.io/gogs/gogs:next-latest registry.digitalocean.com/gogs/gogs:next-latest - name: Scan for container vulnerabilities uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1 with: image-ref: gogs/gogs:next-latest exit-code: '1' - name: Send email on failure uses: dawidd6/action-send-mail@2cea9617b09d79a095af21254fbcb7ae95903dde # v3.12.0 if: ${{ failure() }} with: server_address: smtp.mailgun.org server_port: 465 username: ${{ secrets.SMTP_USERNAME }} password: ${{ secrets.SMTP_PASSWORD }} subject: GitHub Actions (${{ github.repository }}) job result to: github-actions-8ce6454@unknwon.io from: GitHub Actions (${{ github.repository }}) reply_to: noreply@unknwon.io body: | The job "${{ github.job }}" of ${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }} completed with "${{ job.status }}". View the job run at: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} deploy-demo: if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && github.repository == 'gogs/gogs' }} needs: buildx-next runs-on: ubuntu-latest permissions: contents: read steps: - name: Configure kubectl run: | mkdir -p ~/.kube echo "${KUBECONFIG}" | base64 -d > ~/.kube/config env: KUBECONFIG: ${{ secrets.DIGITALOCEAN_K8S_CLUSTER_KUBECONFIG }} - name: Restart gogs-demo deployment timeout-minutes: 5 run: | set -ex kubectl rollout restart deployment gogs-demo -n gogs kubectl rollout status deployment gogs-demo -n gogs - name: Send email on failure uses: dawidd6/action-send-mail@2cea9617b09d79a095af21254fbcb7ae95903dde # v3.12.0 if: ${{ failure() }} with: server_address: smtp.mailgun.org server_port: 465 username: ${{ secrets.SMTP_USERNAME }} password: ${{ secrets.SMTP_PASSWORD }} subject: GitHub Actions (${{ github.repository }}) job result to: github-actions-8ce6454@unknwon.io from: GitHub Actions (${{ github.repository }}) reply_to: noreply@unknwon.io body: | The job "${{ github.job }}" of ${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }} completed with "${{ job.status }}". View the job run at: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} buildx-pull-request: if: ${{ github.event_name == 'pull_request'}} runs-on: ubuntu-latest permissions: contents: read steps: - name: Checkout code uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Set up Docker Buildx id: buildx uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 with: config-inline: | [worker.oci] max-parallelism = 2 - name: Inspect builder run: | echo "Name: ${{ steps.buildx.outputs.name }}" echo "Endpoint: ${{ steps.buildx.outputs.endpoint }}" echo "Status: ${{ steps.buildx.outputs.status }}" echo "Flags: ${{ steps.buildx.outputs.flags }}" echo "Platforms: ${{ steps.buildx.outputs.platforms }}" - name: Compute short commit SHA id: short-sha uses: benjlevesque/short-sha@599815c8ee942a9616c92bcfb4f947a3b670ab0b # v3.0 - name: Build and push images uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: context: . platforms: linux/amd64 push: true tags: | ttl.sh/gogs/gogs-${{ steps.short-sha.outputs.sha }}:7d - name: Scan for container vulnerabilities uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1 with: image-ref: ttl.sh/gogs/gogs-${{ steps.short-sha.outputs.sha }}:7d exit-code: '1' buildx-next-pull-request: if: ${{ github.event_name == 'pull_request'}} runs-on: ubuntu-latest permissions: contents: read steps: - name: Checkout code uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Set up Docker Buildx id: buildx uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 with: config-inline: | [worker.oci] max-parallelism = 2 - name: Inspect builder run: | echo "Name: ${{ steps.buildx.outputs.name }}" echo "Endpoint: ${{ steps.buildx.outputs.endpoint }}" echo "Status: ${{ steps.buildx.outputs.status }}" echo "Flags: ${{ steps.buildx.outputs.flags }}" echo "Platforms: ${{ steps.buildx.outputs.platforms }}" - name: Compute short commit SHA id: short-sha uses: benjlevesque/short-sha@599815c8ee942a9616c92bcfb4f947a3b670ab0b # v3.0 - name: Build and push next-gen images uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: context: . file: Dockerfile.next platforms: linux/amd64 push: true tags: | ttl.sh/gogs/gogs-next-${{ steps.short-sha.outputs.sha }}:7d - name: Scan for container vulnerabilities uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1 with: image-ref: ttl.sh/gogs/gogs-next-${{ steps.short-sha.outputs.sha }}:7d exit-code: '1' # Updates to the following section needs to be synced to all release branches within their lifecycles. buildx-release: if: ${{ github.event_name == 'release' }} runs-on: ubuntu-latest permissions: actions: write contents: read packages: write steps: - name: Compute image tag name run: echo "IMAGE_TAG=$(echo $GITHUB_REF_NAME | cut -c 2-)" >> $GITHUB_ENV - name: Checkout code uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Set up QEMU uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 with: platforms: linux/amd64,linux/arm64,linux/arm/v7 - name: Set up Docker Buildx id: buildx uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Inspect builder run: | echo "Name: ${{ steps.buildx.outputs.name }}" echo "Endpoint: ${{ steps.buildx.outputs.endpoint }}" echo "Status: ${{ steps.buildx.outputs.status }}" echo "Flags: ${{ steps.buildx.outputs.flags }}" echo "Platforms: ${{ steps.buildx.outputs.platforms }}" - name: Login to Docker Hub uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container registry uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push images uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: context: . platforms: linux/amd64,linux/arm64,linux/arm/v7 push: true tags: | gogs/gogs:${{ env.IMAGE_TAG }} ghcr.io/gogs/gogs:${{ env.IMAGE_TAG }} - name: Send email on failure uses: dawidd6/action-send-mail@2cea9617b09d79a095af21254fbcb7ae95903dde # v3.12.0 if: ${{ failure() }} with: server_address: smtp.mailgun.org server_port: 465 username: ${{ secrets.SMTP_USERNAME }} password: ${{ secrets.SMTP_PASSWORD }} subject: GitHub Actions (${{ github.repository }}) job result to: github-actions-8ce6454@unknwon.io from: GitHub Actions (${{ github.repository }}) reply_to: noreply@unknwon.io body: | The job "${{ github.job }}" of ${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }} completed with "${{ job.status }}". View the job run at: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} # Updates to the following section needs to be synced to all release branches within their lifecycles. buildx-next-release: if: ${{ github.event_name == 'release' }} runs-on: ubuntu-latest permissions: actions: write contents: read packages: write steps: - name: Compute image tag name run: echo "IMAGE_TAG=$(echo $GITHUB_REF_NAME | cut -c 2-)" >> $GITHUB_ENV - name: Checkout code uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Set up QEMU uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 with: platforms: linux/amd64,linux/arm64,linux/arm/v7 - name: Set up Docker Buildx id: buildx uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Inspect builder run: | echo "Name: ${{ steps.buildx.outputs.name }}" echo "Endpoint: ${{ steps.buildx.outputs.endpoint }}" echo "Status: ${{ steps.buildx.outputs.status }}" echo "Flags: ${{ steps.buildx.outputs.flags }}" echo "Platforms: ${{ steps.buildx.outputs.platforms }}" - name: Login to Docker Hub uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container registry uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push next-gen images uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: context: . file: Dockerfile.next platforms: linux/amd64,linux/arm64,linux/arm/v7 push: true tags: | gogs/gogs:next-${{ env.IMAGE_TAG }} ghcr.io/gogs/gogs:next-${{ env.IMAGE_TAG }} - name: Send email on failure uses: dawidd6/action-send-mail@2cea9617b09d79a095af21254fbcb7ae95903dde # v3.12.0 if: ${{ failure() }} with: server_address: smtp.mailgun.org server_port: 465 username: ${{ secrets.SMTP_USERNAME }} password: ${{ secrets.SMTP_PASSWORD }} subject: GitHub Actions (${{ github.repository }}) job result to: github-actions-8ce6454@unknwon.io from: GitHub Actions (${{ github.repository }}) reply_to: noreply@unknwon.io body: | The job "${{ github.job }}" of ${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }} completed with "${{ job.status }}". View the job run at: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} digitalocean-gc: if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && github.repository == 'gogs/gogs' }} needs: buildx-next permissions: contents: read uses: ./.github/workflows/digitalocean_gc.yml secrets: inherit digitalocean-gc-pull-request: if: ${{ github.event_name == 'pull_request' && github.repository == 'gogs/gogs' }} needs: buildx-next-pull-request permissions: contents: read uses: ./.github/workflows/digitalocean_gc.yml secrets: inherit