# # # @type github workflow # @author Aetherinox # @url https://github.com/Aetherinox # @usage deploys docker container to Dockerhub and send message to discord # upload this workflow to both the `main` branch of the tvapp2 repository # @secrets secrets.ADMINSERV_GPG_KEY_ASC gpg private key (armored) | BEGIN PGP PRIVATE KEY BLOCK # secrets.ADMINSERV_GPG_PASSPHRASE gpg private key passphrase # secrets.ORG_BINARYNINJA_DOCKERHUB_TOKEN github personal access token (classic) with package:write permission # secrets.DISCORD_WEBHOOK_CHAN_GITHUB_TVAPP2_RELEASES Discord webhook to report releases from github to discord # # name: "📦 Deploy › Docker › Dockerhub" run-name: "📦 Deploy › Docker › Dockerhub" # # # Triggers # # on: # # # Trigger › Workflow Dispatch # # If any values are not provided, will use fallback env variable # # workflow_dispatch: inputs: # # # Image Name # # used in github image path # ${{ env.IMAGE_AUTHOR }}/${{ env.IMAGE_NAME }} # # IMAGE_NAME: description: '📦 Image Name' required: true default: 'tvapp2' type: string # # # Image Author # # used in github image path # ${{ env.IMAGE_AUTHOR }}/${{ env.IMAGE_NAME }} # # IMAGE_AUTHOR: description: '🪪 Image Author' required: true default: 'TheBinaryNinja' type: string # # # Image Version # # used to create new release tag, and add version to docker image name # # IMAGE_VERSION: description: '🏷️ Image Version' required: true default: '1.0.0' type: string # # # Image Dockerhub username # # this is the user to sign into Dockerhub as. # this username MUST be lowercase or you will get `unauthorized: incorrect username or password` # # IMAGE_DOCKERHUB_USERNAME: description: '🪪 Dockerhub Username' required: true default: 'thebinaryninja' type: string # # # true no changes to the repo will be made # false workflow will behave normally, and push any changes detected to the files # # DRY_RUN: description: '🐛 Dry Run (Debug)' required: true default: false type: boolean # # # true released version will be marked as a development build and will have the v1.x.x-development tag instead of -latest # false release version will be marked with -latest docker tag # # DEV_RELEASE: description: '🧪 Development Release' required: true default: false type: boolean # # # Trigger › Push # # push: tags: - '*' # # # Environment Vars # # env: IMAGE_NAME: ${{ github.event.inputs.IMAGE_NAME || 'tvapp2' }} IMAGE_AUTHOR: ${{ github.event.inputs.IMAGE_AUTHOR || 'thebinaryninja' }} IMAGE_VERSION: ${{ github.event.inputs.IMAGE_VERSION || '1.0.0' }} IMAGE_DOCKERHUB_USERNAME: ${{ github.event.inputs.IMAGE_DOCKERHUB_USERNAME || 'thebinaryninja' }} BOT_NAME_1: EuropaServ BOT_NAME_DEPENDABOT: dependabot[bot] # # # Jobs # # The way pushed docker containers on Dockerhub work, the most recent image built goes at the top. # We will use the order below which builds the :latest image last so that it appears at the very # top of the packages page. # # jobs: # # # Job › Create Tag # # job-docker-release-tags-create: name: >- 📦 Release › Create Tag runs-on: ubuntu-latest timeout-minutes: 5 permissions: contents: write packages: write attestations: write id-token: write steps: # # # Release › Tags › Start # # - name: '🏳️ Start' id: task_release_tags_start run: | echo "Creating Tag" # # # Release › Tags › Checkout # # - name: '✅ Checkout' id: task_release_tags_checkout uses: actions/checkout@v4 with: fetch-depth: 0 # # # Release › Tags › Fix Permissions # # - name: '#️⃣ Manage Permissions' id: task_release_tags_permissions run: | find ./ -name 'run' -exec chmod 755 {} \; WRONG_PERM=$(find ./ -path "./.git" -prune -o \( -name "run" -o -name "finish" -o -name "check" \) -not -perm -u=x,g=x,o=x -print) if [ -n "${WRONG_PERM}" ]; then echo "⚠️⚠️⚠️ Permissions are invalid ⚠️⚠️⚠️" for i in ${WRONG_PERM}; do echo "::error file=${i},line=1,title=Missing Executable Bit::This file needs to be set as executable!" done exit 1 else echo "✅✅✅ Executable permissions are OK ✅✅✅" fi # # # Release › Tags › Create Tag # # only called in dispatch mode # # - uses: rickstaa/action-create-tag@v1 id: task_release_tags_create if: ( github.event_name != 'workflow_dispatch' && inputs.DRY_RUN == false ) with: tag: "${{ env.IMAGE_VERSION }}" tag_exists_error: false message: '${{ env.IMAGE_NAME }}-${{ env.IMAGE_VERSION }}' gpg_private_key: ${{ secrets.ADMINSERV_GPG_KEY_ASC }} gpg_passphrase: ${{ secrets.ADMINSERV_GPG_PASSPHRASE }} # # # Job › Docker Release › Dockerhub › Arm64 # # job-docker-release-dockerhub-arm64: name: >- 📦 Release › Dockerhub › Arm64 runs-on: ubuntu-latest timeout-minutes: 10 needs: [ job-docker-release-tags-create ] permissions: contents: write packages: write attestations: write id-token: write steps: # # # Release › Dockerhub › Start › Arm64 # # - name: '🏳️ Start' id: task_release_dh_start run: | echo "Starting Dockerhub arm64" # # # Release › Dockerhub › Get Timestamp # # - name: '🕛 Get Timestamp' id: task_release_set_timestamp run: | echo "NOW=$(date +'%m-%d-%Y %H:%M:%S')" >> $GITHUB_ENV echo "NOW_SHORT=$(date +'%m-%d-%Y')" >> $GITHUB_ENV echo "NOW_LONG=$(date +'%m-%d-%Y %H:%M')" >> $GITHUB_ENV echo "NOW_DOCKER_LABEL=$(date +'%Y%m%d')" >> $GITHUB_ENV # # # Release › Dockerhub › Checkout › Arm64 # # - name: '✅ Checkout' id: task_release_dh_checkout uses: actions/checkout@v4 with: fetch-depth: 0 # # # Release › Dockerhub › Install Dependencies # # - name: '📦 Install Dependencies' id: task_release_dh_dependencies run: sudo apt-get install -qq dos2unix # # # Release › Dockerhub › Execute dos2unix # # - name: '🔐 Apply dos2unix' id: task_release_dh_dos2unix run: | echo "⚠️⚠️⚠️ Running DOS2UNIX ⚠️⚠️⚠️" find ./ \( -path "./.git" -o -path "./docs" -o -path "./.github" -o -path "*.png" -o -path "*.jpg" \) -prune -o -name '*' -print | xargs dos2unix -- echo "✅✅✅ Completed DOS2UNIX ✅✅✅" # # # Release › Dockerhub › Fix Permissions # # - name: '#️⃣ Manage Permissions' id: task_release_dh_permissions run: | find ./ -name 'run' -exec chmod 755 {} \; WRONG_PERM=$(find ./ -path "./.git" -prune -o \( -name "run" -o -name "finish" -o -name "check" \) -not -perm -u=x,g=x,o=x -print) if [ -n "${WRONG_PERM}" ]; then echo "⚠️⚠️⚠️ Permissions are invalid ⚠️⚠️⚠️" for i in ${WRONG_PERM}; do echo "::error file=${i},line=1,title=Missing Executable Bit::This file needs to be set as executable!" done exit 1 else echo "✅✅✅ Executable permissions are OK ✅✅✅" fi # # # Release › Dockerhub › QEMU › Arm64 # # - name: '⚙️ Set up QEMU' id: task_release_dh_qemu uses: docker/setup-qemu-action@v3 # # # Release › Dockerhub › Setup BuildX › Arm64 # # - name: '⚙️ Setup Buildx' id: task_release_dh_buildx uses: docker/setup-buildx-action@v3 with: version: latest driver-opts: 'image=moby/buildkit:latest' # # # Release › Dockerhub › Registry Login › Arm64 # # - name: '⚙️ Login to Dockerhub' id: task_release_dh_registry uses: docker/login-action@v3 with: username: ${{ env.IMAGE_DOCKERHUB_USERNAME }} password: ${{ secrets.ORG_BINARYNINJA_DOCKERHUB_TOKEN }} # # # Release › Dockerhub › Meta › Arm64 # # - name: '🔨 Dockerhub: Meta - Arm64' id: task_release_dh_meta uses: docker/metadata-action@v5 with: images: | ${{ env.IMAGE_AUTHOR }}/${{ env.IMAGE_NAME }} tags: | # latest no type=raw,value=latest,enable=false # dispatch add x1.x.x-arm64 type=raw,enable=${{ github.event_name == 'workflow_dispatch' && inputs.DEV_RELEASE == false }},priority=300,prefix=,suffix=-arm64,value=${{ env.IMAGE_VERSION }} # dispatch add arm64-development type=raw,enable=${{ github.event_name == 'workflow_dispatch' && inputs.DEV_RELEASE == true }},priority=300,prefix=,suffix=-development,value=arm64 # tag add tag-arm64 type=ref,enable=${{ github.event_name == 'pull_request' || github.event_name == 'push' }},priority=600,prefix=,suffix=-arm64,event=tag flavor: | latest=false labels: | org.opencontainers.image.VERSION=${{ env.IMAGE_VERSION }} org.opencontainers.image.BUILDDATE=${{ env.NOW_DOCKER_LABEL }} org.opencontainers.image.licenses=MIT org.opencontainers.image.revision=${{ github.sha }} org.opencontainers.image.vendor=${{ env.IMAGE_AUTHOR }} org.opencontainers.image.ref.name=${{ env.GIT_REF }} # # # Release › Dockerhub › Checkpoint › Arm64 # # - name: '⚠️ Checkpoint' id: task_release_dh_checkpoint run: | echo "registry ............. Github" echo "github.actor.......... ${{ github.actor }}" echo "github.ref ........... ${{ github.ref }}" echo "github.ref_name ...... ${{ github.ref_name }}" echo "github.event_name .... ${{ github.event_name }}" echo "inputs.DRY_RUN ....... ${{ inputs.DRY_RUN }}" echo "env.AUTHOR ........... ${{ env.IMAGE_AUTHOR }}" echo "tags ................. ${{ steps.task_release_dh_meta.outputs.tags }}" echo "labels ............... ${{ steps.task_release_dh_meta.outputs.labels }}" # # # Release › Dockerhub › Build and Push › Arm64 # # - name: '📦 Build & Push (linux/arm64)' id: task_release_dh_push uses: docker/build-push-action@v6 if: ( github.event_name == 'workflow_dispatch' && inputs.DRY_RUN == false ) || ( github.event_name == 'push' ) with: context: . file: Dockerfile.aarch64 platforms: linux/arm64 push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.task_release_dh_meta.outputs.tags }} labels: ${{ steps.task_release_dh_meta.outputs.labels }} # # # Release › Dockerhub › Get Weekly Commits # # - name: '🕛 Get Weekly Commit List' id: task_release_set_weekly_commit_list run: | echo 'WEEKLY_COMMITS<> $GITHUB_ENV git log --format="[\`%h\`](${{ github.server_url }}/${{ github.repository }}/commit/%H) %s - %an" --since=7.days >> $GITHUB_ENV echo 'EOF' >> $GITHUB_ENV # # # Release › Dockerhub › Notify Github # # - name: '🔔 Send Discord Webhook Message' id: task_release_notifications_discord_send uses: tsickert/discord-webhook@v6.0.0 if: success() with: username: 'Io' avatar-url: 'https://i.imgur.com/8BVDkla.jpg' webhook-url: ${{ secrets.DISCORD_WEBHOOK_CHAN_GITHUB_TVAPP2_RELEASES }} embed-title: "⚙️ ${{ github.workflow_ref }}" embed-url: "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" embed-thumbnail-url: 'https://i.imgur.com/zDIzE8T.jpg' embed-description: | ## 📦 ᲼Docker › Deploy ᲼${{ job.status == 'success' && '✅' || '❌' }} › `${{ env.IMAGE_NAME }}-${{ env.IMAGE_VERSION }}` A new version of the docker container `${{ env.IMAGE_NAME }}` has been released from Github. The image is available at: - https://github.com/${{ github.repository }}/pkgs/container/${{ env.IMAGE_NAME }} - Docker Image: `${{ env.IMAGE_NAME }}-${{ env.IMAGE_VERSION }}` - Version: `${{ env.IMAGE_VERSION }}` - Pull URL: https://ghcr.io/${{ env.IMAGE_AUTHOR }}/${{ env.IMAGE_NAME }} - Dry Run: `${{ inputs.DRY_RUN }}` - Branch: `${{ github.ref_name }}` - Workflow: `${{ github.workflow }} (#${{github.run_number}})` - Runner: `${{ runner.name }}` - Triggered By: `${{ github.actor }}` - Status: `${{ job.status == 'success' && '✅ Successful' || '❌ Failed' }}` ### Tags -# This docker image will use the following tags: ``` ${{ steps.task_release_dh_meta.outputs.tags }} ``` ### Labels -# This docker image embeds the following labels: ``` ${{ steps.task_release_dh_meta.outputs.labels }} ``` embed-color: ${{ job.status == 'success' && '5763719' || '15418782' }} embed-footer-text: "Completed at ${{ env.NOW }} UTC" embed-timestamp: "${{ env.NOW_LONG }}" embed-author-name: "${{ github.repository_owner }}" embed-author-url: "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" embed-author-icon-url: "https://avatars.githubusercontent.com/u/200161462" # # # Job › Docker Release › Dockerhub › Amd64 # # job-docker-release-dockerhub-amd64: name: >- 📦 Release › Dockerhub › Amd64 runs-on: ubuntu-latest timeout-minutes: 10 permissions: contents: write packages: write attestations: write id-token: write needs: [ job-docker-release-tags-create, job-docker-release-dockerhub-arm64 ] steps: # # # Release › Dockerhub › Start › Amd64 # # - name: '🏳️ Start' id: task_release_dh_start run: | echo "Starting Dockerhub docker release" # # # Release › Dockerhub › Get Timestamp # # - name: '🕛 Get Timestamp' id: task_release_set_timestamp run: | echo "NOW=$(date +'%m-%d-%Y %H:%M:%S')" >> $GITHUB_ENV echo "NOW_SHORT=$(date +'%m-%d-%Y')" >> $GITHUB_ENV echo "NOW_LONG=$(date +'%m-%d-%Y %H:%M')" >> $GITHUB_ENV echo "NOW_DOCKER_LABEL=$(date +'%Y%m%d')" >> $GITHUB_ENV # # # Release › Dockerhub › Checkout › Amd64 # # - name: '✅ Checkout' id: task_release_dh_checkout uses: actions/checkout@v4 with: fetch-depth: 0 # # # Release › Dockerhub › Install Dependencies # # - name: '📦 Install Dependencies' id: task_release_dh_dependencies run: sudo apt-get install -qq dos2unix # # # Release › Dockerhub › Execute dos2unix # # - name: '🔐 Apply dos2unix' id: task_release_dh_dos2unix run: | find ./ \( -path "./.git" -o -path "./docs" -o -path "./.github" -o -path "*.png" -o -path "*.jpg" \) -prune -o -name '*' -print | xargs dos2unix -- # # # Release › Dockerhub › Fix Permissions # # - name: '#️⃣ Manage Permissions' id: task_release_dh_permissions run: | find ./ -name 'run' -exec chmod 755 {} \; WRONG_PERM=$(find ./ -path "./.git" -prune -o \( -name "run" -o -name "finish" -o -name "check" \) -not -perm -u=x,g=x,o=x -print) if [ -n "${WRONG_PERM}" ]; then echo "⚠️⚠️⚠️ Permissions are invalid ⚠️⚠️⚠️" for i in ${WRONG_PERM}; do echo "::error file=${i},line=1,title=Missing Executable Bit::This file needs to be set as executable!" done exit 1 else echo "✅✅✅ Executable permissions are OK ✅✅✅" fi # # # Release › Dockerhub › QEMU › Amd64 # # - name: '⚙️ Set up QEMU' id: task_release_dh_qemu uses: docker/setup-qemu-action@v3 # # # Release › Dockerhub › Setup BuildX › Amd64 # # - name: '⚙️ Setup Buildx' id: task_release_dh_buildx uses: docker/setup-buildx-action@v3 with: version: latest driver-opts: 'image=moby/buildkit:latest' # # # Release › Dockerhub › Registry Login › Amd64 # # - name: '⚙️ Login to Dockerhub' id: task_release_dh_registry uses: docker/login-action@v3 with: username: ${{ env.IMAGE_DOCKERHUB_USERNAME }} password: ${{ secrets.ORG_BINARYNINJA_DOCKERHUB_TOKEN }} # # # Release › Dockerhub › Meta › Amd64 # # - name: '🔨 Dockerhub: Meta - Amd64' id: task_release_dh_meta uses: docker/metadata-action@v5 with: images: | ${{ env.IMAGE_AUTHOR }}/${{ env.IMAGE_NAME }} tags: | # latest yes type=raw,value=latest,enable=${{ !inputs.DEV_RELEASE }} # dispatch add x1.x.x-amd64 type=raw,enable=${{ github.event_name == 'workflow_dispatch' && inputs.DEV_RELEASE == false }},priority=300,prefix=,suffix=-amd64,value=${{ env.IMAGE_VERSION }} # dispatch add amd64-development type=raw,enable=${{ github.event_name == 'workflow_dispatch' && inputs.DEV_RELEASE == true }},priority=300,prefix=,suffix=-development,value=amd64 # tag add tag-arm64 type=ref,enable=${{ github.event_name == 'pull_request' || github.event_name == 'push'}},priority=600,prefix=,suffix=-amd64,event=tag # add development tag type=raw,enable=${{ inputs.DEV_RELEASE }},priority=400,prefix=,suffix=,value=development flavor: | latest=${{ !inputs.DEV_RELEASE }} labels: | org.opencontainers.image.VERSION=${{ env.IMAGE_VERSION }} org.opencontainers.image.BUILDDATE=${{ env.NOW_DOCKER_LABEL }} org.opencontainers.image.licenses=MIT org.opencontainers.image.revision=${{ github.sha }} org.opencontainers.image.vendor=${{ env.IMAGE_AUTHOR }} org.opencontainers.image.ref.name=${{ env.GIT_REF }} # # # Release › Dockerhub › Checkpoint › Amd64 # # - name: '⚠️ Checkpoint' id: task_release_dh_checkpoint run: | echo "registry ............. Github" echo "github.actor.......... ${{ github.actor }}" echo "github.ref ........... ${{ github.ref }}" echo "github.ref_name ...... ${{ github.ref_name }}" echo "github.event_name .... ${{ github.event_name }}" echo "inputs.DRY_RUN ....... ${{ inputs.DRY_RUN }}" echo "env.AUTHOR ........... ${{ env.IMAGE_AUTHOR }}" echo "tags ................. ${{ steps.task_release_dh_meta.outputs.tags }}" echo "labels ............... ${{ steps.task_release_dh_meta.outputs.labels }}" # # # Release › Dockerhub › Build and Push › Amd64 # # - name: '📦 Build & Push (linux/amd64)' id: task_release_dh_push uses: docker/build-push-action@v6 if: ( github.event_name == 'workflow_dispatch' && inputs.DRY_RUN == false ) || ( github.event_name == 'push' ) with: context: . file: Dockerfile platforms: linux/amd64 push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.task_release_dh_meta.outputs.tags }} labels: ${{ steps.task_release_dh_meta.outputs.labels }} # # # Release › Dockerhub › Get Weekly Commits # # - name: '🕛 Get Weekly Commit List' id: task_release_set_weekly_commit_list run: | echo 'WEEKLY_COMMITS<> $GITHUB_ENV git log --format="[\`%h\`](${{ github.server_url }}/${{ github.repository }}/commit/%H) %s - %an" --since=7.days >> $GITHUB_ENV echo 'EOF' >> $GITHUB_ENV # # # Release › Dockerhub › Notify Github # # - name: '🔔 Send Discord Webhook Message' uses: tsickert/discord-webhook@v6.0.0 if: success() with: username: 'Io' avatar-url: 'https://i.imgur.com/8BVDkla.jpg' webhook-url: ${{ secrets.DISCORD_WEBHOOK_CHAN_GITHUB_TVAPP2_RELEASES }} embed-title: "⚙️ ${{ github.workflow_ref }}" embed-url: "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" embed-thumbnail-url: 'https://i.imgur.com/zDIzE8T.jpg' embed-description: | ## 📦 ᲼Docker › Deploy ᲼${{ job.status == 'success' && '✅' || '❌' }} › `${{ env.IMAGE_NAME }}-${{ env.IMAGE_VERSION }}` A new version of the docker container `${{ env.IMAGE_NAME }}` has been released from Github. The image is available at: - https://github.com/${{ github.repository }}/pkgs/container/${{ env.IMAGE_NAME }} - Docker Image: `${{ env.IMAGE_NAME }}-${{ env.IMAGE_VERSION }}` - Version: `${{ env.IMAGE_VERSION }}` - Pull URL: https://ghcr.io/${{ env.IMAGE_AUTHOR }}/${{ env.IMAGE_NAME }} - Dry Run: `${{ inputs.DRY_RUN }}` - Branch: `${{ github.ref_name }}` - Workflow: `${{ github.workflow }} (#${{github.run_number}})` - Runner: `${{ runner.name }}` - Triggered By: `${{ github.actor }}` - Status: `${{ job.status == 'success' && '✅ Successful' || '❌ Failed' }}` ### Tags -# This docker image will use the following tags: ``` ${{ steps.task_release_dh_meta.outputs.tags }} ``` ### Labels -# This docker image embeds the following labels: ``` ${{ steps.task_release_dh_meta.outputs.labels }} ``` embed-color: ${{ job.status == 'success' && '5763719' || '15418782' }} embed-footer-text: "Completed at ${{ env.NOW }} UTC" embed-timestamp: "${{ env.NOW_LONG }}" embed-author-name: "${{ github.repository_owner }}" embed-author-url: "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" embed-author-icon-url: "https://avatars.githubusercontent.com/u/200161462"