From ee4544cefe8b3ef0a130b4cac0e01d12622fcd21 Mon Sep 17 00:00:00 2001 From: perf3ct Date: Wed, 31 Jul 2024 11:56:17 -0700 Subject: [PATCH 1/5] add steps to push container to DockerHub as well --- .github/workflows/main.yml | 69 +++++++++++++++++++++++++------------- 1 file changed, 46 insertions(+), 23 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 1d9552f96..e2c53dcb5 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -2,19 +2,20 @@ name: Main on: push: branches: - - 'develop' - - 'feature/update**' - - 'feature/server_esm**' + - "develop" + - "feature/update**" + - "feature/server_esm**" paths-ignore: - - 'docs/**' - - 'bin/**' + - "docs/**" + - "bin/**" concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true env: - REGISTRY: ghcr.io + GHCR_REGISTRY: ghcr.io + DOCKERHUB_REGISTRY: docker.io IMAGE_NAME: ${{ github.repository }} jobs: @@ -140,7 +141,7 @@ jobs: name: TriliumNext Notes for Windows (Setup) path: out/make/squirrel.windows/x64/*.exe build_docker: - name: Build Docker image + name: Build Docker images runs-on: ubuntu-latest permissions: contents: read @@ -149,40 +150,62 @@ jobs: id-token: write steps: - uses: actions/checkout@v4 - - name: Log in to the Container registry - uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Extract metadata (tags, labels) for Docker - id: meta + - name: Extract metadata (tags, labels) for container GHCR image + id: ghcr-meta uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + images: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Extract metadata (tags, labels) for container DockerHub image + id: dh-meta + uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + with: + images: ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME }} - name: Set up node & dependencies uses: actions/setup-node@v4 with: node-version: 20 cache: "npm" - - run: npm ci + - run: npm ci - name: Run the TypeScript build run: npx tsc - name: Create server-package.json run: cat package.json | grep -v electron > server-package.json + - name: Log in to the GHCR container registry + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ${{ env.GHCR_REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - uses: docker/setup-buildx-action@v3 - - uses: docker/build-push-action@v6 + - name: Build and push container image to GHCR + uses: docker/build-push-action@v6 id: push with: context: . push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} + tags: ${{ steps.ghcr-meta.outputs.tags }} + labels: ${{ steps.ghcr-meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max - - name: Generate artifact attestation + - name: Generate and push artifact attestation to GHCR uses: actions/attest-build-provenance@v1 with: - subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} + subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME}} subject-digest: ${{ steps.push.outputs.digest }} - push-to-registry: true \ No newline at end of file + push-to-registry: true + - name: Log in to the GHCR container registry + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ${{ env.GHCR_REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Build and push image to DockerHub + uses: docker/build-push-action@v6 + id: push + with: + context: . + push: true + tags: ${{ steps.dh-meta.outputs.tags }} + labels: ${{ steps.dh-meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max From 5b74a931aaad4a2d6abefaf7d8b68e792e28d547 Mon Sep 17 00:00:00 2001 From: perf3ct Date: Wed, 31 Jul 2024 11:58:49 -0700 Subject: [PATCH 2/5] fix push action ids --- .github/workflows/main.yml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e2c53dcb5..1e70ba6c4 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -179,7 +179,7 @@ jobs: - uses: docker/setup-buildx-action@v3 - name: Build and push container image to GHCR uses: docker/build-push-action@v6 - id: push + id: ghcr-push with: context: . push: true @@ -191,7 +191,7 @@ jobs: uses: actions/attest-build-provenance@v1 with: subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME}} - subject-digest: ${{ steps.push.outputs.digest }} + subject-digest: ${{ steps.ghcr-push.outputs.digest }} push-to-registry: true - name: Log in to the GHCR container registry uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 @@ -201,7 +201,7 @@ jobs: password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build and push image to DockerHub uses: docker/build-push-action@v6 - id: push + id: dh-push with: context: . push: true @@ -209,3 +209,9 @@ jobs: labels: ${{ steps.dh-meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max + - name: Generate and push artifact attestation to DockerHub + uses: actions/attest-build-provenance@v1 + with: + subject-name: ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME}} + subject-digest: ${{ steps.dh-push.outputs.digest }} + push-to-registry: true From 2a09c620fdad3a671e17f7e5a5c26233496f22d8 Mon Sep 17 00:00:00 2001 From: perf3ct Date: Wed, 31 Jul 2024 12:00:47 -0700 Subject: [PATCH 3/5] update step names --- .github/workflows/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 1e70ba6c4..5e7d1288f 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -193,10 +193,10 @@ jobs: subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME}} subject-digest: ${{ steps.ghcr-push.outputs.digest }} push-to-registry: true - - name: Log in to the GHCR container registry + - name: Log in to the DockerHub container registry uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 with: - registry: ${{ env.GHCR_REGISTRY }} + registry: ${{ env.DOCKERHUB_REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build and push image to DockerHub From c104475cd600d21817c771ac0e9b13cbdaf1c1fd Mon Sep 17 00:00:00 2001 From: perf3ct Date: Wed, 31 Jul 2024 12:03:53 -0700 Subject: [PATCH 4/5] have DockerHub login use username secret instead --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 5e7d1288f..415a2f7fa 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -197,7 +197,7 @@ jobs: uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 with: registry: ${{ env.DOCKERHUB_REGISTRY }} - username: ${{ github.actor }} + username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build and push image to DockerHub uses: docker/build-push-action@v6 From eb9183453976bd7dbcc7d103da4a18908e77d64b Mon Sep 17 00:00:00 2001 From: perf3ct Date: Wed, 31 Jul 2024 12:06:01 -0700 Subject: [PATCH 5/5] trigger CI --- .github/workflows/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 415a2f7fa..bb84992f0 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -150,12 +150,12 @@ jobs: id-token: write steps: - uses: actions/checkout@v4 - - name: Extract metadata (tags, labels) for container GHCR image + - name: Extract metadata (tags, labels) for GHCR image id: ghcr-meta uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 with: images: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }} - - name: Extract metadata (tags, labels) for container DockerHub image + - name: Extract metadata (tags, labels) for DockerHub image id: dh-meta uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 with: