CI: update workflows to use Azure Trusted Signing #2077
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Docker | |
on: | |
#schedule: | |
# - cron: '0 4 * * *' # everyday at 4:00 AM UTC | |
push: | |
branches: | |
- 2.6.x | |
tags: | |
- v* | |
pull_request: | |
jobs: | |
build: | |
name: Build | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: | |
- ubuntu-latest | |
docker_pkg: | |
- debian | |
- alpine | |
optional_deps: | |
- true | |
- false | |
include: | |
- os: ubuntu-latest | |
docker_pkg: distroless | |
optional_deps: false | |
- os: ubuntu-latest | |
docker_pkg: debian-plugins | |
optional_deps: true | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Gather image information | |
id: info | |
run: | | |
VERSION=noop | |
DOCKERFILE=Dockerfile | |
MINOR="" | |
MAJOR="" | |
FEATURES="nopgxregisterdefaulttypes,disable_grpc_modules" | |
if [ "${{ github.event_name }}" = "schedule" ]; then | |
VERSION=nightly | |
elif [[ $GITHUB_REF == refs/tags/* ]]; then | |
VERSION=${GITHUB_REF#refs/tags/} | |
elif [[ $GITHUB_REF == refs/heads/* ]]; then | |
VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g') | |
if [ "${{ github.event.repository.default_branch }}" = "$VERSION" ]; then | |
VERSION=edge | |
fi | |
elif [[ $GITHUB_REF == refs/pull/* ]]; then | |
VERSION=pr-${{ github.event.number }} | |
fi | |
if [[ $VERSION =~ ^v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then | |
MINOR=${VERSION%.*} | |
MAJOR=${MINOR%.*} | |
fi | |
VERSION_SLIM="${VERSION}-slim" | |
if [[ $DOCKER_PKG == alpine ]]; then | |
VERSION="${VERSION}-alpine" | |
VERSION_SLIM="${VERSION}-slim" | |
DOCKERFILE=Dockerfile.alpine | |
elif [[ $DOCKER_PKG == distroless ]]; then | |
VERSION="${VERSION}-distroless" | |
VERSION_SLIM="${VERSION}-slim" | |
DOCKERFILE=Dockerfile.distroless | |
FEATURES="${FEATURES},nosqlite" | |
elif [[ $DOCKER_PKG == debian-plugins ]]; then | |
VERSION="${VERSION}-plugins" | |
VERSION_SLIM="${VERSION}-slim" | |
FEATURES="${FEATURES},unixcrypt" | |
elif [[ $DOCKER_PKG == debian ]]; then | |
FEATURES="${FEATURES},unixcrypt" | |
fi | |
DOCKER_IMAGES=("drakkan/sftpgo" "ghcr.io/drakkan/sftpgo") | |
TAGS="${DOCKER_IMAGES[0]}:${VERSION}" | |
TAGS_SLIM="${DOCKER_IMAGES[0]}:${VERSION_SLIM}" | |
for DOCKER_IMAGE in ${DOCKER_IMAGES[@]}; do | |
if [[ ${DOCKER_IMAGE} != ${DOCKER_IMAGES[0]} ]]; then | |
TAGS="${TAGS},${DOCKER_IMAGE}:${VERSION}" | |
TAGS_SLIM="${TAGS_SLIM},${DOCKER_IMAGE}:${VERSION_SLIM}" | |
fi | |
if [[ $GITHUB_REF == refs/tags/* ]]; then | |
if [[ $DOCKER_PKG == debian ]]; then | |
if [[ -n $MAJOR && -n $MINOR ]]; then | |
TAGS="${TAGS},${DOCKER_IMAGE}:${MINOR},${DOCKER_IMAGE}:${MAJOR}" | |
TAGS_SLIM="${TAGS_SLIM},${DOCKER_IMAGE}:${MINOR}-slim,${DOCKER_IMAGE}:${MAJOR}-slim" | |
fi | |
TAGS="${TAGS},${DOCKER_IMAGE}:latest" | |
TAGS_SLIM="${TAGS_SLIM},${DOCKER_IMAGE}:slim" | |
elif [[ $DOCKER_PKG == distroless ]]; then | |
if [[ -n $MAJOR && -n $MINOR ]]; then | |
TAGS="${TAGS},${DOCKER_IMAGE}:${MINOR}-distroless,${DOCKER_IMAGE}:${MAJOR}-distroless" | |
TAGS_SLIM="${TAGS_SLIM},${DOCKER_IMAGE}:${MINOR}-distroless-slim,${DOCKER_IMAGE}:${MAJOR}-distroless-slim" | |
fi | |
TAGS="${TAGS},${DOCKER_IMAGE}:distroless" | |
TAGS_SLIM="${TAGS_SLIM},${DOCKER_IMAGE}:distroless-slim" | |
elif [[ $DOCKER_PKG == debian-plugins ]]; then | |
if [[ -n $MAJOR && -n $MINOR ]]; then | |
TAGS="${TAGS},${DOCKER_IMAGE}:${MINOR}-plugins,${DOCKER_IMAGE}:${MAJOR}-plugins" | |
TAGS_SLIM="${TAGS_SLIM},${DOCKER_IMAGE}:${MINOR}-plugins-slim,${DOCKER_IMAGE}:${MAJOR}-plugins-slim" | |
fi | |
TAGS="${TAGS},${DOCKER_IMAGE}:plugins" | |
TAGS_SLIM="${TAGS_SLIM},${DOCKER_IMAGE}:plugins-slim" | |
else | |
if [[ -n $MAJOR && -n $MINOR ]]; then | |
TAGS="${TAGS},${DOCKER_IMAGE}:${MINOR}-alpine,${DOCKER_IMAGE}:${MAJOR}-alpine" | |
TAGS_SLIM="${TAGS_SLIM},${DOCKER_IMAGE}:${MINOR}-alpine-slim,${DOCKER_IMAGE}:${MAJOR}-alpine-slim" | |
fi | |
TAGS="${TAGS},${DOCKER_IMAGE}:alpine" | |
TAGS_SLIM="${TAGS_SLIM},${DOCKER_IMAGE}:alpine-slim" | |
fi | |
fi | |
done | |
if [[ $OPTIONAL_DEPS == true ]]; then | |
echo "version=${VERSION}" >> $GITHUB_OUTPUT | |
echo "tags=${TAGS}" >> $GITHUB_OUTPUT | |
echo "full=true" >> $GITHUB_OUTPUT | |
else | |
echo "version=${VERSION_SLIM}" >> $GITHUB_OUTPUT | |
echo "tags=${TAGS_SLIM}" >> $GITHUB_OUTPUT | |
echo "full=false" >> $GITHUB_OUTPUT | |
fi | |
if [[ $DOCKER_PKG == debian-plugins ]]; then | |
echo "plugins=true" >> $GITHUB_OUTPUT | |
else | |
echo "plugins=false" >> $GITHUB_OUTPUT | |
fi | |
echo "dockerfile=${DOCKERFILE}" >> $GITHUB_OUTPUT | |
echo "features=${FEATURES}" >> $GITHUB_OUTPUT | |
echo "created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT | |
echo "sha=${GITHUB_SHA::8}" >> $GITHUB_OUTPUT | |
env: | |
DOCKER_PKG: ${{ matrix.docker_pkg }} | |
OPTIONAL_DEPS: ${{ matrix.optional_deps }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up builder | |
uses: docker/setup-buildx-action@v3 | |
id: builder | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
if: ${{ github.event_name != 'pull_request' }} | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
if: ${{ github.event_name != 'pull_request' }} | |
- name: Build and push | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
builder: ${{ steps.builder.outputs.name }} | |
file: ./${{ steps.info.outputs.dockerfile }} | |
platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/arm/v7 | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ${{ steps.info.outputs.tags }} | |
build-args: | | |
COMMIT_SHA=${{ steps.info.outputs.sha }} | |
INSTALL_OPTIONAL_PACKAGES=${{ steps.info.outputs.full }} | |
DOWNLOAD_PLUGINS=${{ steps.info.outputs.plugins }} | |
FEATURES=${{ steps.info.outputs.features }} | |
labels: | | |
org.opencontainers.image.title=SFTPGo | |
org.opencontainers.image.description=Full-featured and highly configurable file transfer server: SFTP, HTTP/S,FTP/S, WebDAV | |
org.opencontainers.image.url=https://github.com/drakkan/sftpgo | |
org.opencontainers.image.documentation=https://github.com/drakkan/sftpgo/blob/${{ github.sha }}/docker/README.md | |
org.opencontainers.image.source=https://github.com/drakkan/sftpgo | |
org.opencontainers.image.version=${{ steps.info.outputs.version }} | |
org.opencontainers.image.created=${{ steps.info.outputs.created }} | |
org.opencontainers.image.revision=${{ github.sha }} | |
org.opencontainers.image.licenses=AGPL-3.0-only |