feat: Add docker CI

Signed-off-by: 陳鈞 <[email protected]>
jim60105 · Mar 8, 2024 · 5b899ca · 5b899ca
1 parent 12e0e76
commit 5b899ca
Show file tree

Hide file tree

Showing 8 changed files with 119 additions and 220 deletions.
diff --git a/!workflows/.prettierrc b/!workflows/.prettierrc
diff --git a/!workflows/docker-publish/docker-reused-setup-steps/action.yml b/!workflows/docker-publish/docker-reused-setup-steps/action.yml
diff --git a/!workflows/docker-publish/docker_publish.yml b/!workflows/docker-publish/docker_publish.yml
diff --git a/.github/workflows/docker-reused-setup-steps/action.yml b/.github/workflows/docker-reused-setup-steps/action.yml
@@ -0,0 +1,61 @@
+name: Setup docker
+
+description: Configure the docker workflow.
+
+inputs:
+  CR_PAT:
+    required: true
+  tag:
+    required: true
+    default: EDGE
+
+outputs:
+  tags:
+    description: "tags"
+    value: ${{ steps.meta.outputs.tags }}
+  labels:
+    description: "labels"
+    value: ${{ steps.meta.outputs.labels }}
+
+runs:
+  using: composite
+  steps:
+    - name: Free Disk Space (Ubuntu)
+      uses: jlumbroso/free-disk-space@main
+      with:
+        # this might remove tools that are actually needed,
+        # if set to "true" but frees about 6 GB
+        tool-cache: true
+
+        # all of these default to true, but feel free to set to
+        # "false" if necessary for your workflow
+        android: true
+        dotnet: true
+        haskell: true
+        large-packages: true
+        docker-images: true
+        swap-storage: true
+
+    - name: Docker meta:${{ inputs.tag }}
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: ghcr.io/${{ github.repository_owner }}/stable-diffusion-webui
+        tags: |
+          ${{ inputs.tag }}
+          type=raw,value=latest,enable=${{ inputs.tag == 'EDGE' }}
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    # Create a Access Token with `read:packages` and `write:packages` scopes
+    # CR_PAT
+    - name: Login to GitHub Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.repository_owner }}
+        password: ${{ inputs.CR_PAT }}
diff --git a/.github/workflows/docker_publish.yml b/.github/workflows/docker_publish.yml
@@ -0,0 +1,53 @@
+name: docker_publish
+
+on:
+  push:
+    branches:
+      - "master"
+    tags:
+      - "v*"
+  schedule:
+    - cron: "0 7 1 * *" # 1st day of month at 7am UTC
+
+  workflow_dispatch:
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+
+      - name: Checkout submodule
+        run: |
+          cd stable-diffusion-webui && \
+          git fetch --all --tags && \
+          if [[ "${{ github.ref }}" == refs/tags/* ]]; then
+            git checkout tags/${{ github.ref_name }} -b ${{ github.ref_name }}
+          else
+            git checkout master
+          fi
+
+      - name: Setup docker
+        id: setup
+        uses: ./.github/workflows/docker-reused-setup-steps
+        with:
+          CR_PAT: ${{ secrets.CR_PAT }}
+          tag: ${{ github.head_ref || github.ref_name }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          push: true
+          target: final
+          tags: ${{ steps.setup.outputs.tags }}
+          labels: ${{ steps.setup.outputs.labels }}
+          build-args: VERSION=${{ github.head_ref || github.ref_name }}
+          platforms: linux/amd64
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/!workflows/scan/scan.yml → .github/workflows/scan.yml b/!workflows/scan/scan.yml → .github/workflows/scan.yml
@@ -24,7 +24,7 @@ jobs:
       - name: Run Trivy vulnerability scanner for alpine image
         uses: aquasecurity/[email protected]
         with:
-          image-ref: "ghcr.io/jim60105/fc2-live-dl:alpine"
+          image-ref: "ghcr.io/jim60105/stable-diffusion-webui:alpine"
           vuln-type: "os,library"
           scanners: vuln
           severity: "CRITICAL,HIGH"
@@ -35,7 +35,7 @@ jobs:
       - name: Run Trivy vulnerability scanner for ubi image
         uses: aquasecurity/[email protected]
         with:
-          image-ref: "ghcr.io/jim60105/fc2-live-dl:ubi"
+          image-ref: "ghcr.io/jim60105/stable-diffusion-webui:ubi"
           vuln-type: "os,library"
           scanners: vuln
           severity: "CRITICAL,HIGH"
@@ -46,7 +46,7 @@ jobs:
       - name: Run Trivy vulnerability scanner for distroless image
         uses: aquasecurity/[email protected]
         with:
-          image-ref: "ghcr.io/jim60105/fc2-live-dl:distroless"
+          image-ref: "ghcr.io/jim60105/stable-diffusion-webui:distroless"
           vuln-type: "os,library"
           scanners: vuln
           severity: "CRITICAL,HIGH"

diff --git a/!workflows/scan/scan/html.tpl → .github/workflows/scan/html.tpl b/!workflows/scan/scan/html.tpl → .github/workflows/scan/html.tpl
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -3,8 +3,8 @@ version: "3.9"
 services:
   stable-diffusion-webui:
     container_name: stable-diffusion-webui
-    image: stable-diffusion-webui
-    build: .
+    image: ghcr.io/jim60105/stable-diffusion-webui:latest
+    # build: .
     user: "1001:0"
     command:
       - --allow-code