mirror of
https://github.com/gogs/gogs.git
synced 2026-01-12 10:22:25 +01:00
423 lines
18 KiB
YAML
423 lines
18 KiB
YAML
name: Docker
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
pull_request:
|
|
paths:
|
|
- '.trivy.yaml'
|
|
- 'Dockerfile'
|
|
- 'Dockerfile.next'
|
|
- 'docker/**'
|
|
- 'docker-next/**'
|
|
- '.github/workflows/docker.yml'
|
|
release:
|
|
types: [ published ]
|
|
|
|
jobs:
|
|
buildx:
|
|
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && github.repository == 'gogs/gogs' }}
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
actions: write
|
|
contents: read
|
|
packages: write
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
|
|
with:
|
|
platforms: linux/amd64,linux/arm64,linux/arm/v7
|
|
- name: Set up Docker Buildx
|
|
id: buildx
|
|
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
|
|
- name: Inspect builder
|
|
run: |
|
|
echo "Name: ${{ steps.buildx.outputs.name }}"
|
|
echo "Endpoint: ${{ steps.buildx.outputs.endpoint }}"
|
|
echo "Status: ${{ steps.buildx.outputs.status }}"
|
|
echo "Flags: ${{ steps.buildx.outputs.flags }}"
|
|
echo "Platforms: ${{ steps.buildx.outputs.platforms }}"
|
|
- name: Login to Docker Hub
|
|
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
|
with:
|
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
- name: Login to GitHub Container registry
|
|
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.repository_owner }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
- name: Build and push images
|
|
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
|
|
with:
|
|
context: .
|
|
platforms: linux/amd64,linux/arm64,linux/arm/v7
|
|
push: true
|
|
tags: |
|
|
gogs/gogs:latest
|
|
ghcr.io/gogs/gogs:latest
|
|
- name: Scan for container vulnerabilities
|
|
uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1
|
|
with:
|
|
image-ref: gogs/gogs:latest
|
|
exit-code: '1'
|
|
- name: Send email on failure
|
|
uses: dawidd6/action-send-mail@2cea9617b09d79a095af21254fbcb7ae95903dde # v3.12.0
|
|
if: ${{ failure() }}
|
|
with:
|
|
server_address: smtp.mailgun.org
|
|
server_port: 465
|
|
username: ${{ secrets.SMTP_USERNAME }}
|
|
password: ${{ secrets.SMTP_PASSWORD }}
|
|
subject: GitHub Actions (${{ github.repository }}) job result
|
|
to: github-actions-8ce6454@unknwon.io
|
|
from: GitHub Actions (${{ github.repository }})
|
|
reply_to: noreply@unknwon.io
|
|
body: |
|
|
The job "${{ github.job }}" of ${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }} completed with "${{ job.status }}".
|
|
|
|
View the job run at: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
|
|
|
|
buildx-next:
|
|
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && github.repository == 'gogs/gogs' }}
|
|
concurrency:
|
|
group: ${{ github.workflow }}-next-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
actions: write
|
|
contents: read
|
|
packages: write
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
|
|
with:
|
|
platforms: linux/amd64,linux/arm64,linux/arm/v7
|
|
- name: Set up Docker Buildx
|
|
id: buildx
|
|
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
|
|
- name: Inspect builder
|
|
run: |
|
|
echo "Name: ${{ steps.buildx.outputs.name }}"
|
|
echo "Endpoint: ${{ steps.buildx.outputs.endpoint }}"
|
|
echo "Status: ${{ steps.buildx.outputs.status }}"
|
|
echo "Flags: ${{ steps.buildx.outputs.flags }}"
|
|
echo "Platforms: ${{ steps.buildx.outputs.platforms }}"
|
|
- name: Login to Docker Hub
|
|
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
|
with:
|
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
- name: Login to GitHub Container registry
|
|
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.repository_owner }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
- name: Login to DigitalOcean Container registry
|
|
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
|
with:
|
|
registry: registry.digitalocean.com
|
|
username: ${{ secrets.DIGITALOCEAN_USERNAME }}
|
|
password: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
|
|
- name: Build and push next-gen images
|
|
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
|
|
with:
|
|
context: .
|
|
file: Dockerfile.next
|
|
platforms: linux/amd64,linux/arm64,linux/arm/v7
|
|
push: true
|
|
tags: |
|
|
gogs/gogs:next-latest
|
|
ghcr.io/gogs/gogs:next-latest
|
|
registry.digitalocean.com/gogs/gogs:next-latest
|
|
- name: Scan for container vulnerabilities
|
|
uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1
|
|
with:
|
|
image-ref: gogs/gogs:next-latest
|
|
exit-code: '1'
|
|
- name: Send email on failure
|
|
uses: dawidd6/action-send-mail@2cea9617b09d79a095af21254fbcb7ae95903dde # v3.12.0
|
|
if: ${{ failure() }}
|
|
with:
|
|
server_address: smtp.mailgun.org
|
|
server_port: 465
|
|
username: ${{ secrets.SMTP_USERNAME }}
|
|
password: ${{ secrets.SMTP_PASSWORD }}
|
|
subject: GitHub Actions (${{ github.repository }}) job result
|
|
to: github-actions-8ce6454@unknwon.io
|
|
from: GitHub Actions (${{ github.repository }})
|
|
reply_to: noreply@unknwon.io
|
|
body: |
|
|
The job "${{ github.job }}" of ${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }} completed with "${{ job.status }}".
|
|
|
|
View the job run at: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
|
|
|
|
deploy-demo:
|
|
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && github.repository == 'gogs/gogs' }}
|
|
needs: buildx-next
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
steps:
|
|
- name: Configure kubectl
|
|
run: |
|
|
mkdir -p ~/.kube
|
|
echo "${KUBECONFIG}" | base64 -d > ~/.kube/config
|
|
env:
|
|
KUBECONFIG: ${{ secrets.DIGITALOCEAN_K8S_CLUSTER_KUBECONFIG }}
|
|
- name: Restart gogs-demo deployment
|
|
timeout-minutes: 5
|
|
run: |
|
|
set -ex
|
|
kubectl rollout restart deployment gogs-demo -n gogs
|
|
kubectl rollout status deployment gogs-demo -n gogs
|
|
- name: Send email on failure
|
|
uses: dawidd6/action-send-mail@2cea9617b09d79a095af21254fbcb7ae95903dde # v3.12.0
|
|
if: ${{ failure() }}
|
|
with:
|
|
server_address: smtp.mailgun.org
|
|
server_port: 465
|
|
username: ${{ secrets.SMTP_USERNAME }}
|
|
password: ${{ secrets.SMTP_PASSWORD }}
|
|
subject: GitHub Actions (${{ github.repository }}) job result
|
|
to: github-actions-8ce6454@unknwon.io
|
|
from: GitHub Actions (${{ github.repository }})
|
|
reply_to: noreply@unknwon.io
|
|
body: |
|
|
The job "${{ github.job }}" of ${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }} completed with "${{ job.status }}".
|
|
|
|
View the job run at: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
|
|
|
|
buildx-pull-request:
|
|
if: ${{ github.event_name == 'pull_request'}}
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
|
|
- name: Set up Docker Buildx
|
|
id: buildx
|
|
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
|
|
with:
|
|
config-inline: |
|
|
[worker.oci]
|
|
max-parallelism = 2
|
|
- name: Inspect builder
|
|
run: |
|
|
echo "Name: ${{ steps.buildx.outputs.name }}"
|
|
echo "Endpoint: ${{ steps.buildx.outputs.endpoint }}"
|
|
echo "Status: ${{ steps.buildx.outputs.status }}"
|
|
echo "Flags: ${{ steps.buildx.outputs.flags }}"
|
|
echo "Platforms: ${{ steps.buildx.outputs.platforms }}"
|
|
- name: Compute short commit SHA
|
|
id: short-sha
|
|
uses: benjlevesque/short-sha@599815c8ee942a9616c92bcfb4f947a3b670ab0b # v3.0
|
|
- name: Build and push images
|
|
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
|
|
with:
|
|
context: .
|
|
platforms: linux/amd64
|
|
push: true
|
|
tags: |
|
|
ttl.sh/gogs/gogs-${{ steps.short-sha.outputs.sha }}:7d
|
|
- name: Scan for container vulnerabilities
|
|
uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1
|
|
with:
|
|
image-ref: ttl.sh/gogs/gogs-${{ steps.short-sha.outputs.sha }}:7d
|
|
exit-code: '1'
|
|
|
|
buildx-next-pull-request:
|
|
if: ${{ github.event_name == 'pull_request'}}
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
|
|
- name: Set up Docker Buildx
|
|
id: buildx
|
|
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
|
|
with:
|
|
config-inline: |
|
|
[worker.oci]
|
|
max-parallelism = 2
|
|
- name: Inspect builder
|
|
run: |
|
|
echo "Name: ${{ steps.buildx.outputs.name }}"
|
|
echo "Endpoint: ${{ steps.buildx.outputs.endpoint }}"
|
|
echo "Status: ${{ steps.buildx.outputs.status }}"
|
|
echo "Flags: ${{ steps.buildx.outputs.flags }}"
|
|
echo "Platforms: ${{ steps.buildx.outputs.platforms }}"
|
|
- name: Compute short commit SHA
|
|
id: short-sha
|
|
uses: benjlevesque/short-sha@599815c8ee942a9616c92bcfb4f947a3b670ab0b # v3.0
|
|
- name: Build and push next-gen images
|
|
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
|
|
with:
|
|
context: .
|
|
file: Dockerfile.next
|
|
platforms: linux/amd64
|
|
push: true
|
|
tags: |
|
|
ttl.sh/gogs/gogs-next-${{ steps.short-sha.outputs.sha }}:7d
|
|
- name: Scan for container vulnerabilities
|
|
uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1
|
|
with:
|
|
image-ref: ttl.sh/gogs/gogs-next-${{ steps.short-sha.outputs.sha }}:7d
|
|
exit-code: '1'
|
|
|
|
# Updates to the following section needs to be synced to all release branches within their lifecycles.
|
|
buildx-release:
|
|
if: ${{ github.event_name == 'release' }}
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
actions: write
|
|
contents: read
|
|
packages: write
|
|
steps:
|
|
- name: Compute image tag name
|
|
run: echo "IMAGE_TAG=$(echo $GITHUB_REF_NAME | cut -c 2-)" >> $GITHUB_ENV
|
|
- name: Checkout code
|
|
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
|
|
with:
|
|
platforms: linux/amd64,linux/arm64,linux/arm/v7
|
|
- name: Set up Docker Buildx
|
|
id: buildx
|
|
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
|
|
- name: Inspect builder
|
|
run: |
|
|
echo "Name: ${{ steps.buildx.outputs.name }}"
|
|
echo "Endpoint: ${{ steps.buildx.outputs.endpoint }}"
|
|
echo "Status: ${{ steps.buildx.outputs.status }}"
|
|
echo "Flags: ${{ steps.buildx.outputs.flags }}"
|
|
echo "Platforms: ${{ steps.buildx.outputs.platforms }}"
|
|
- name: Login to Docker Hub
|
|
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
|
with:
|
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
- name: Login to GitHub Container registry
|
|
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.repository_owner }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
- name: Build and push images
|
|
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
|
|
with:
|
|
context: .
|
|
platforms: linux/amd64,linux/arm64,linux/arm/v7
|
|
push: true
|
|
tags: |
|
|
gogs/gogs:${{ env.IMAGE_TAG }}
|
|
ghcr.io/gogs/gogs:${{ env.IMAGE_TAG }}
|
|
- name: Send email on failure
|
|
uses: dawidd6/action-send-mail@2cea9617b09d79a095af21254fbcb7ae95903dde # v3.12.0
|
|
if: ${{ failure() }}
|
|
with:
|
|
server_address: smtp.mailgun.org
|
|
server_port: 465
|
|
username: ${{ secrets.SMTP_USERNAME }}
|
|
password: ${{ secrets.SMTP_PASSWORD }}
|
|
subject: GitHub Actions (${{ github.repository }}) job result
|
|
to: github-actions-8ce6454@unknwon.io
|
|
from: GitHub Actions (${{ github.repository }})
|
|
reply_to: noreply@unknwon.io
|
|
body: |
|
|
The job "${{ github.job }}" of ${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }} completed with "${{ job.status }}".
|
|
|
|
View the job run at: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
|
|
|
|
# Updates to the following section needs to be synced to all release branches within their lifecycles.
|
|
buildx-next-release:
|
|
if: ${{ github.event_name == 'release' }}
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
actions: write
|
|
contents: read
|
|
packages: write
|
|
steps:
|
|
- name: Compute image tag name
|
|
run: echo "IMAGE_TAG=$(echo $GITHUB_REF_NAME | cut -c 2-)" >> $GITHUB_ENV
|
|
- name: Checkout code
|
|
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
|
|
with:
|
|
platforms: linux/amd64,linux/arm64,linux/arm/v7
|
|
- name: Set up Docker Buildx
|
|
id: buildx
|
|
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
|
|
- name: Inspect builder
|
|
run: |
|
|
echo "Name: ${{ steps.buildx.outputs.name }}"
|
|
echo "Endpoint: ${{ steps.buildx.outputs.endpoint }}"
|
|
echo "Status: ${{ steps.buildx.outputs.status }}"
|
|
echo "Flags: ${{ steps.buildx.outputs.flags }}"
|
|
echo "Platforms: ${{ steps.buildx.outputs.platforms }}"
|
|
- name: Login to Docker Hub
|
|
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
|
with:
|
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
- name: Login to GitHub Container registry
|
|
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.repository_owner }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
- name: Build and push next-gen images
|
|
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
|
|
with:
|
|
context: .
|
|
file: Dockerfile.next
|
|
platforms: linux/amd64,linux/arm64,linux/arm/v7
|
|
push: true
|
|
tags: |
|
|
gogs/gogs:next-${{ env.IMAGE_TAG }}
|
|
ghcr.io/gogs/gogs:next-${{ env.IMAGE_TAG }}
|
|
- name: Send email on failure
|
|
uses: dawidd6/action-send-mail@2cea9617b09d79a095af21254fbcb7ae95903dde # v3.12.0
|
|
if: ${{ failure() }}
|
|
with:
|
|
server_address: smtp.mailgun.org
|
|
server_port: 465
|
|
username: ${{ secrets.SMTP_USERNAME }}
|
|
password: ${{ secrets.SMTP_PASSWORD }}
|
|
subject: GitHub Actions (${{ github.repository }}) job result
|
|
to: github-actions-8ce6454@unknwon.io
|
|
from: GitHub Actions (${{ github.repository }})
|
|
reply_to: noreply@unknwon.io
|
|
body: |
|
|
The job "${{ github.job }}" of ${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }} completed with "${{ job.status }}".
|
|
|
|
View the job run at: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
|
|
|
|
digitalocean-gc:
|
|
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && github.repository == 'gogs/gogs' }}
|
|
needs: buildx-next
|
|
permissions:
|
|
contents: read
|
|
uses: ./.github/workflows/digitalocean_gc.yml
|
|
secrets: inherit
|
|
|
|
digitalocean-gc-pull-request:
|
|
if: ${{ github.event_name == 'pull_request' && github.repository == 'gogs/gogs' }}
|
|
needs: buildx-next-pull-request
|
|
permissions:
|
|
contents: read
|
|
uses: ./.github/workflows/digitalocean_gc.yml
|
|
secrets: inherit
|