Revert "fix: re-enable rootless images"

2025-10-20 15:19:01 +02:00 · 2025-09-24 19:06:27 +03:00 · 2025-09-24 19:06:27 +03:00 · 7c13373f16
commit 7c13373f16
parent 239b7b810d
1 changed files with 16 additions and 43 deletions
--- a/.github/workflows/main-docker.yml
+++ b/.github/workflows/main-docker.yml
@ -122,26 +122,6 @@ jobs:
          - dockerfile: Dockerfile
            platform: linux/arm/v8
            image: ubuntu-24.04-arm
-          - dockerfile: Dockerfile.alpine.rootless
-            platform: linux/amd64
-            image: ubuntu-latest
-            flavor: rootless
-          - dockerfile: Dockerfile.rootless
-            platform: linux/amd64
-            image: ubuntu-latest
-            flavor: rootless
-          - dockerfile: Dockerfile.rootless
-            platform: linux/arm64
-            image: ubuntu-24.04-arm
-            flavor: rootless
-          - dockerfile: Dockerfile.rootless
-            platform: linux/arm/v7
-            image: ubuntu-24.04-arm
-            flavor: rootless
-          - dockerfile: Dockerfile.rootless
-            platform: linux/arm/v8
-            image: ubuntu-24.04-arm
-            flavor: rootless
    runs-on: ${{ matrix.image }}
    needs:
      - test_docker
@ -280,45 +260,37 @@ jobs:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

-      - name: Create multi-arch manifest lists
-        if: startsWith(github.ref, 'refs/tags/') # only on releases
+      - name: Create manifest list and push
        working-directory: /tmp/digests
        run: |
+          # Extract the branch or tag name from the ref
          REF_NAME=$(echo "${GITHUB_REF}" | sed 's/refs\/heads\///' | sed 's/refs\/tags\///')

-          # Normal images: tag manifest lists with branch/tag name
-          docker buildx imagetools create \
-            $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+          # Create and push the manifest list with both the branch/tag name and the commit SHA
+          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
            -t ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}:${REF_NAME} \
            $(printf '${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s ' *)

-          docker buildx imagetools create \
-            $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
            -t ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME }}:${REF_NAME} \
            $(printf '${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s ' *)

-          # Rootless multi-arch manifest
-          ROOTLESS_IMAGES=$(printf '${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s ' *)
-          docker buildx imagetools create \
-            -t ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}:rootless \
-            $ROOTLESS_IMAGES
-
-          docker buildx imagetools create \
-            -t ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME }}:rootless \
-            $ROOTLESS_IMAGES
-
-          # Only tag stable/latest for normal images
-          if [[ ! "${REF_NAME}" =~ - ]]; then
-            docker buildx imagetools create \
+          # If the ref is a tag, also tag the image as stable as this is part of a 'release'
+          # and only go in the `if` if there is NOT a `-` in the tag's name, due to tagging of `-alpha`, `-beta`, etc...
+          if [[ "${GITHUB_REF}" == refs/tags/* && ! "${REF_NAME}" =~ - ]]; then
+            # First create stable tags
+            docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
              -t ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}:stable \
-              ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}:${REF_NAME}
+              $(printf '${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s ' *)

-            docker buildx imagetools create \
+            docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
              -t ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME }}:stable \
-              ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME }}:${REF_NAME}
+              $(printf '${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s ' *)

+            # Small delay to ensure stable tag is fully propagated
            sleep 5

+            # Now update latest tags
            docker buildx imagetools create \
              -t ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}:latest \
              ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}:stable
@ -326,6 +298,7 @@ jobs:
            docker buildx imagetools create \
              -t ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME }}:latest \
              ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME }}:stable
+
          fi

      - name: Inspect image