forked from farhoodlabs/paperclip
ci: replace docker/login-action with direct docker login using github.token #1
@@ -11,7 +11,7 @@ permissions:
|
|||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
build:
|
build:
|
||||||
runs-on: runners-farhoodlabs
|
runs-on: ubuntu-latest
|
||||||
timeout-minutes: 30
|
timeout-minutes: 30
|
||||||
outputs:
|
outputs:
|
||||||
image-tag: ${{ steps.tag.outputs.sha }}
|
image-tag: ${{ steps.tag.outputs.sha }}
|
||||||
@@ -23,28 +23,17 @@ jobs:
|
|||||||
id: tag
|
id: tag
|
||||||
run: echo "sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
|
run: echo "sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
- name: Login to Docker Hub
|
|
||||||
continue-on-error: true
|
|
||||||
uses: docker/login-action@v3
|
|
||||||
with:
|
|
||||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
||||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
||||||
|
|
||||||
- name: Set up Docker Buildx
|
- name: Set up Docker Buildx
|
||||||
uses: docker/setup-buildx-action@v3
|
uses: docker/setup-buildx-action@v3
|
||||||
|
|
||||||
- name: Login to GHCR
|
- name: Login to Gitea Registry
|
||||||
uses: docker/login-action@v3
|
run: echo "${{ github.token }}" | docker login git.farh.net -u "${{ github.actor }}" --password-stdin
|
||||||
with:
|
|
||||||
registry: ghcr.io
|
|
||||||
username: ${{ github.actor }}
|
|
||||||
password: ${{ secrets.GITHUB_TOKEN }}
|
|
||||||
|
|
||||||
- name: Docker meta
|
- name: Docker meta
|
||||||
id: meta
|
id: meta
|
||||||
uses: docker/metadata-action@v5
|
uses: docker/metadata-action@v5
|
||||||
with:
|
with:
|
||||||
images: ghcr.io/farhoodlabs/paperclip-dev
|
images: git.farh.net/farhoodlabs/paperclip-dev
|
||||||
tags: |
|
tags: |
|
||||||
type=raw,value=latest
|
type=raw,value=latest
|
||||||
type=sha,prefix=
|
type=sha,prefix=
|
||||||
@@ -62,25 +51,16 @@ jobs:
|
|||||||
|
|
||||||
update-infra:
|
update-infra:
|
||||||
needs: build
|
needs: build
|
||||||
runs-on: runners-farhoodlabs
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Generate app token
|
|
||||||
id: app-token
|
|
||||||
uses: actions/create-github-app-token@v1
|
|
||||||
with:
|
|
||||||
app-id: ${{ secrets.PAPERCLIP_APP_ID }}
|
|
||||||
private-key: ${{ secrets.PAPERCLIP_APP_PRIVATE_KEY }}
|
|
||||||
repositories: paperclip-infra
|
|
||||||
|
|
||||||
- name: Update dev image tag in infra repo
|
- name: Update dev image tag in infra repo
|
||||||
run: |
|
run: |
|
||||||
SHA="${{ needs.build.outputs.image-tag }}"
|
SHA="${{ needs.build.outputs.image-tag }}"
|
||||||
FILE="overlays/dev/kustomization.yaml"
|
FILE="overlays/dev/kustomization.yaml"
|
||||||
|
|
||||||
response=$(curl -sS \
|
response=$(curl -sS \
|
||||||
-H "Authorization: Bearer ${{ steps.app-token.outputs.token }}" \
|
-H "Authorization: token ${{ secrets.REGISTRY_TOKEN }}" \
|
||||||
-H "Accept: application/vnd.github.v3+json" \
|
"https://git.farh.net/api/v1/repos/farhoodlabs/paperclip-infra/contents/$FILE")
|
||||||
"https://api.github.com/repos/farhoodlabs/paperclip-infra/contents/$FILE")
|
|
||||||
|
|
||||||
file_sha=$(echo "$response" | jq -r '.sha')
|
file_sha=$(echo "$response" | jq -r '.sha')
|
||||||
content=$(echo "$response" | jq -r '.content' | base64 -d)
|
content=$(echo "$response" | jq -r '.content' | base64 -d)
|
||||||
@@ -88,7 +68,6 @@ jobs:
|
|||||||
encoded=$(printf '%s' "$new_content" | base64 -w 0)
|
encoded=$(printf '%s' "$new_content" | base64 -w 0)
|
||||||
|
|
||||||
curl -sS -X PUT \
|
curl -sS -X PUT \
|
||||||
-H "Authorization: Bearer ${{ steps.app-token.outputs.token }}" \
|
-H "Authorization: token ${{ secrets.REGISTRY_TOKEN }}" \
|
||||||
-H "Accept: application/vnd.github.v3+json" \
|
"https://git.farh.net/api/v1/repos/farhoodlabs/paperclip-infra/contents/$FILE" \
|
||||||
"https://api.github.com/repos/farhoodlabs/paperclip-infra/contents/$FILE" \
|
|
||||||
-d "{\"message\":\"chore(cd): update paperclip-dev to $SHA\",\"content\":\"$encoded\",\"sha\":\"$file_sha\"}"
|
-d "{\"message\":\"chore(cd): update paperclip-dev to $SHA\",\"content\":\"$encoded\",\"sha\":\"$file_sha\"}"
|
||||||
@@ -11,33 +11,23 @@ permissions:
|
|||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
build:
|
build:
|
||||||
runs-on: runners-farhoodlabs
|
runs-on: ubuntu-latest
|
||||||
timeout-minutes: 30
|
timeout-minutes: 30
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
- name: Login to Docker Hub
|
|
||||||
uses: docker/login-action@v3
|
|
||||||
with:
|
|
||||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
||||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
||||||
|
|
||||||
- name: Set up Docker Buildx
|
- name: Set up Docker Buildx
|
||||||
uses: docker/setup-buildx-action@v3
|
uses: docker/setup-buildx-action@v3
|
||||||
|
|
||||||
- name: Login to GHCR
|
- name: Login to Gitea Registry
|
||||||
uses: docker/login-action@v3
|
run: echo "${{ github.token }}" | docker login git.farh.net -u "${{ github.actor }}" --password-stdin
|
||||||
with:
|
|
||||||
registry: ghcr.io
|
|
||||||
username: ${{ github.actor }}
|
|
||||||
password: ${{ secrets.GITHUB_TOKEN }}
|
|
||||||
|
|
||||||
- name: Docker meta
|
- name: Docker meta
|
||||||
id: meta
|
id: meta
|
||||||
uses: docker/metadata-action@v5
|
uses: docker/metadata-action@v5
|
||||||
with:
|
with:
|
||||||
images: ghcr.io/farhoodlabs/paperclip
|
images: git.farh.net/farhoodlabs/paperclip
|
||||||
tags: |
|
tags: |
|
||||||
type=raw,value=latest
|
type=raw,value=latest
|
||||||
type=sha,prefix=
|
type=sha,prefix=
|
||||||
@@ -47,6 +37,7 @@ jobs:
|
|||||||
uses: docker/build-push-action@v6
|
uses: docker/build-push-action@v6
|
||||||
with:
|
with:
|
||||||
context: .
|
context: .
|
||||||
|
file: .farhoodlabs/Dockerfile
|
||||||
push: true
|
push: true
|
||||||
tags: ${{ steps.meta.outputs.tags }}
|
tags: ${{ steps.meta.outputs.tags }}
|
||||||
labels: ${{ steps.meta.outputs.labels }}
|
labels: ${{ steps.meta.outputs.labels }}
|
||||||
|
|||||||
@@ -0,0 +1,73 @@
|
|||||||
|
name: "Build: Dev"
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches: [dev]
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
packages: write
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
timeout-minutes: 30
|
||||||
|
outputs:
|
||||||
|
image-tag: ${{ steps.tag.outputs.sha }}
|
||||||
|
steps:
|
||||||
|
- name: Checkout
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
|
- name: Set image tag
|
||||||
|
id: tag
|
||||||
|
run: echo "sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
|
- name: Set up Docker Buildx
|
||||||
|
uses: docker/setup-buildx-action@v3
|
||||||
|
|
||||||
|
- name: Login to Gitea Registry
|
||||||
|
run: echo "${{ github.token }}" | docker login git.farh.net -u "${{ github.actor }}" --password-stdin
|
||||||
|
|
||||||
|
- name: Docker meta
|
||||||
|
id: meta
|
||||||
|
uses: docker/metadata-action@v5
|
||||||
|
with:
|
||||||
|
images: git.farh.net/farhoodlabs/paperclip-dev
|
||||||
|
tags: |
|
||||||
|
type=raw,value=latest
|
||||||
|
type=sha,prefix=
|
||||||
|
type=semver,pattern={{version}}
|
||||||
|
|
||||||
|
- name: Build and push
|
||||||
|
uses: docker/build-push-action@v6
|
||||||
|
with:
|
||||||
|
context: .
|
||||||
|
file: .farhoodlabs/Dockerfile
|
||||||
|
push: true
|
||||||
|
tags: ${{ steps.meta.outputs.tags }}
|
||||||
|
labels: ${{ steps.meta.outputs.labels }}
|
||||||
|
no-cache: true
|
||||||
|
|
||||||
|
update-infra:
|
||||||
|
needs: build
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: Update dev image tag in infra repo
|
||||||
|
run: |
|
||||||
|
SHA="${{ needs.build.outputs.image-tag }}"
|
||||||
|
FILE="overlays/dev/kustomization.yaml"
|
||||||
|
|
||||||
|
response=$(curl -sS \
|
||||||
|
-H "Authorization: token ${{ secrets.REGISTRY_TOKEN }}" \
|
||||||
|
"https://git.farh.net/api/v1/repos/farhoodlabs/paperclip-infra/contents/$FILE")
|
||||||
|
|
||||||
|
file_sha=$(echo "$response" | jq -r '.sha')
|
||||||
|
content=$(echo "$response" | jq -r '.content' | base64 -d)
|
||||||
|
new_content=$(echo "$content" | sed "s/newTag: \".*\"/newTag: \"$SHA\"/")
|
||||||
|
encoded=$(printf '%s' "$new_content" | base64 -w 0)
|
||||||
|
|
||||||
|
curl -sS -X PUT \
|
||||||
|
-H "Authorization: token ${{ secrets.REGISTRY_TOKEN }}" \
|
||||||
|
"https://git.farh.net/api/v1/repos/farhoodlabs/paperclip-infra/contents/$FILE" \
|
||||||
|
-d "{\"message\":\"chore(cd): update paperclip-dev to $SHA\",\"content\":\"$encoded\",\"sha\":\"$file_sha\"}"
|
||||||
@@ -0,0 +1,44 @@
|
|||||||
|
name: "Build: Production"
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches: [local]
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
packages: write
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
timeout-minutes: 30
|
||||||
|
steps:
|
||||||
|
- name: Checkout
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
|
- name: Set up Docker Buildx
|
||||||
|
uses: docker/setup-buildx-action@v3
|
||||||
|
|
||||||
|
- name: Login to Gitea Registry
|
||||||
|
run: echo "${{ github.token }}" | docker login git.farh.net -u "${{ github.actor }}" --password-stdin
|
||||||
|
|
||||||
|
- name: Docker meta
|
||||||
|
id: meta
|
||||||
|
uses: docker/metadata-action@v5
|
||||||
|
with:
|
||||||
|
images: git.farh.net/farhoodlabs/paperclip
|
||||||
|
tags: |
|
||||||
|
type=raw,value=latest
|
||||||
|
type=sha,prefix=
|
||||||
|
type=semver,pattern={{version}}
|
||||||
|
|
||||||
|
- name: Build and push
|
||||||
|
uses: docker/build-push-action@v6
|
||||||
|
with:
|
||||||
|
context: .
|
||||||
|
file: .farhoodlabs/Dockerfile
|
||||||
|
push: true
|
||||||
|
tags: ${{ steps.meta.outputs.tags }}
|
||||||
|
labels: ${{ steps.meta.outputs.labels }}
|
||||||
|
no-cache: true
|
||||||
Reference in New Issue
Block a user