BinaryNinja/tvapp2
4
1
Fork 0
mirror of https://github.com/TheBinaryNinja/tvapp2.git synced 2026-06-04 13:25:49 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
renovate/actions-github-script-9.x
tvapp2/.github/workflows/deploy-docker-github.yml
renovate[bot] 3aabe6b341 chore(deps): update actions/github-script action to v9
2026-04-21 21:54:19 +00:00

1000 lines
52 KiB
YAML
Executable File
Raw Permalink Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# #
# @type github workflow
# @author Aetherinox
# @url https://github.com/Aetherinox
# @usage deploys docker container to github and send message to discord
# upload this workflow to both the `main` branch of the tvapp2 repository
#
# @secrets secrets.SELF_TOKEN self github personal access token (fine-grained)
# secrets.SELF_TOKEN_CL self github personal access token (classic)
# secrets.NPM_TOKEN self npmjs access token
# secrets.PYPI_API_TOKEN self Pypi API token (production site) - https://pypi.org/
# secrets.PYPI_API_TEST_TOKEN self Pypi API token (test site) - https://test.pypi.org/
# secrets.SELF_DOCKERHUB_TOKEN self Dockerhub token
# secrets.ORG_BINARYNINJA_TOKEN org github personal access token (fine-grained)
# secrets.ORG_BINARYNINJA_TOKEN_CL org github personal access token (classic)
# secrets.ORG_BINARYNINJA_DOCKERHUB_TOKEN org dockerhub secret
# secrets.ORG_BINARYNINJA_GITEA_TOKEN org gitea personal access token (classic) with package:write permission
# secrets.BINARYSERV_GPG_KEY_ASC bot gpg private key (armored) | BEGIN PGP PRIVATE KEY BLOCK
# secrets.BINARYSERV_GPG_PASSPHRASE bot gpg private key passphrase
# secrets.DISCORD_WEBHOOK_CHAN_GITHUB_TVAPP2_RELEASES discord webhook to report release notifications from github to discord
# secrets.DISCORD_WEBHOOK_CHAN_GITHUB_TVAPP2_WORKFLOWS discord webhook to report workflow notifications from github to discord
# secrets.DISCORD_WEBHOOK_CHAN_GITHUB_TVAPP2_UPDATES discord webhook to report activity notifications from github to discord
#
# @local these workflows can be tested locally through the use of `act`
# https://github.com/nektos/act
# Extract act to folder
# Add system env var with path to act.exe
# Run the commands:
# git pull https://github.com/username/repo
# act -W .github/workflows/deploy-docker-github.yml -P ubuntu-latest=catthehacker/ubuntu:full-22.04
# act -W .github/workflows/deploy-docker-github.yml -s TOKEN_CL=XXXXXXXXXX --pull=false
# #
name: '📦 Deploy Docker Github'
run-name: '📦 Deploy Docker Github'
# #
# Triggers
# #
on:
# #
# Trigger Workflow Dispatch
#
# If any values are not provided, will use fallback env variable
# #
workflow_dispatch:
inputs:
# #
# Image Name
#
# used in github image path
# ghcr.io/${{ env.IMAGE_GHCR_AUTHOR }}/${{ env.IMAGE_NAME }}
# #
IMAGE_NAME:
description: '📦 Image Name'
required: true
default: 'tvapp2'
type: string
# #
# Registry Name
#
# options:
# - github
# - dockerhub
# - gitea
# #
IMAGE_REGISTRY:
description: '📘 Registry Name'
required: true
default: 'github'
type: string
# #
# Image Author
#
# used in github image path
# ghcr.io/${{ env.IMAGE_GHCR_AUTHOR }}/${{ env.IMAGE_NAME }}
# #
IMAGE_GHCR_AUTHOR:
description: '🪪 Image Author'
required: true
default: 'TheBinaryNinja'
type: string
# #
# Image ghcr username
#
# this is the user to sign into ghcr as.
# #
IMAGE_GHCR_USERNAME:
description: '🪪 ghcr.io Username'
required: true
default: 'TheBinaryNinja'
type: string
# #
# Alpine Version
#
# specifies the alpine base docker image version
# #
IMAGE_ALPINE_VERSION:
description: '📀 Alpine Version'
required: true
default: '3.22'
type: string
# #
# true no changes to the repo will be made
# false workflow will behave normally, and push any changes detected to the files
# #
DRY_RUN:
description: '🐛 Dry Run (Debug)'
required: true
default: false
type: boolean
# #
# true released version will be marked as a development build and will have the v1.x.x-development tag instead of -latest
# false release version will be marked with -latest docker tag
# #
DEV_RELEASE:
description: '🧪 Development Release'
required: true
default: false
type: boolean
# #
# Trigger Push
# #
push:
tags:
- '*'
# #
# Environment Vars
# #
env:
IMAGE_NAME: ${{ github.event.inputs.IMAGE_NAME || 'tvapp2' }}
IMAGE_REGISTRY: ${{ github.event.inputs.IMAGE_REGISTRY || 'github' }}
IMAGE_GHCR_AUTHOR: ${{ github.event.inputs.IMAGE_GHCR_AUTHOR || 'BinaryNinja' }}
IMAGE_GHCR_USERNAME: ${{ github.event.inputs.IMAGE_GHCR_USERNAME || 'BinaryNinja' }}
IMAGE_ALPINE_VERSION: ${{ github.event.inputs.IMAGE_ALPINE_VERSION || '3.22' }}
DISCORD_BOT_NAME: 'Europa'
DISCORD_BOT_AVATAR: 'https://i.imgur.com/UqwMom1.jpeg'
DISCORD_BOT_EMBED_AUTHOR_ICON: 'https://avatars.githubusercontent.com/u/200161462'
DISCORD_BOT_EMBED_THUMBNAIL: 'https://avatars.githubusercontent.com/u/200161462'
BOT_NAME_1: EuropaServ
BOT_NAME_2: BinaryServ
BOT_NAME_DEPENDABOT: dependabot[bot]
BOT_NAME_RENOVATE: renovate[bot]
# #
# Jobs
#
# The way pushed docker containers on Github work, the most recent image built goes at the top.
# We will use the order below which builds the :latest image last so that it appears at the very
# top of the packages page.
# #
jobs:
# #
# Job Create Tag
# #
job-docker-release-tags-create:
name: >-
📦 Release Create Tag
runs-on: ubuntu-latest
# runs-on: apollo-x64
timeout-minutes: 4
outputs:
package_version: ${{ steps.task_initialize_package_getversion.outputs.PACKAGE_VERSION }}
permissions:
contents: write
packages: write
attestations: write
id-token: write
steps:
# #
# Release Tags Checkout
# #
- name: '☑️ Checkout'
uses: actions/checkout@v4
with:
fetch-depth: 0
# #
# Release Tags Job Information
# #
- name: >-
🔄 Load Job
uses: qoomon/actions--context@v4
id: 'context'
# #
# Release Tags Set Package.json Version
# #
- name: '👁️‍🗨️ Package Version Set'
id: task_initialize_package_getversion
working-directory: ./tvapp2
run: |
VER=$(cat package.json | jq -r '.version')
echo "PACKAGE_VERSION=${VER}" >> $GITHUB_OUTPUT
echo "PACKAGE_VERSION=${VER}" >> $GITHUB_ENV
# #
# Initialize Get Package.json Version
# #
- name: '👁️‍🗨️ Package Version Get'
run: |
echo "VERSION: ${{ steps.task_initialize_package_getversion.outputs.PACKAGE_VERSION }}"
# #
# Release Tags Start
# #
- name: >-
✅ Start
run: |
echo ""
echo "―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――"
echo " Starting Job ${{ steps.context.outputs.job_name }}"
echo "―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――"
YEAR="$(date +'%Y')"
echo "YEAR=${YEAR}" >> $GITHUB_ENV
NOW="$(date +'%m-%d-%Y %H:%M:%S')" # 02-25-2025 12:49:48
echo "NOW=${NOW}" >> $GITHUB_ENV
NOW_SHORT="$(date +'%m-%d-%Y')" # 02-25-2025
echo "NOW_SHORT=${NOW_SHORT}" >> $GITHUB_ENV
NOW_LONG="$(date +'%m-%d-%Y %H:%M')" # 02-25-2025 12:49
echo "NOW_LONG=${NOW_LONG}" >> $GITHUB_ENV
NOW_DOCKER="$(date +'%Y%m%d')" # 20250225
echo "NOW_DOCKER=${NOW_DOCKER}" >> $GITHUB_ENV
NOW_DOCKER_TS="$(date -u +'%FT%T.%3NZ')" # 2025-02-25T12:50:11.569Z
echo "NOW_DOCKER_TS=${NOW_DOCKER_TS}" >> $GITHUB_ENV
SHA1="$(git rev-parse HEAD)" # 71fad013cfce9116ec62779e4a7e627fe4c33627
echo "SHA1=${SHA1}" >> $GITHUB_ENV
SHA1_GH="$(echo ${GITHUB_SHA})" # 71fad013cfce9116ec62779e4a7e627fe4c33627
echo "SHA1_GH=${SHA1_GH}" >> $GITHUB_ENV
PKG_VER_1DIGIT="$(echo ${{ env.PACKAGE_VERSION }} | cut -d '.' -f1-1)" # 3.22 > 3
echo "PKG_VER_1DIGIT=${PKG_VER_1DIGIT}" >> $GITHUB_ENV
PKG_VER_2DIGIT="$(echo ${{ env.PACKAGE_VERSION }} | cut -f2 -d ":" | cut -c1-3)" # 3.22 > 3.2
echo "PKG_VER_2DIGIT=${PKG_VER_2DIGIT}" >> $GITHUB_ENV
echo "―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――"
echo ""
echo ""
sudo apt -qq update
sudo apt -qq install tree
echo ""
echo ""
echo "―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――"
echo ""
echo ""
echo " Runner .............. ${{ runner.name }}"
echo " Workflow ............ ${{ github.workflow }} (#${{ github.workflow_ref }})"
echo " Run Number .......... ${{ github.run_number }}"
echo " Ref ................. ${{ github.ref }}"
echo " Ref Name ............ ${{ github.ref_name }}"
echo " Event Name .......... ${{ github.event_name }}"
echo " Repo ................ ${{ github.repository }}"
echo " Repo Owner .......... ${{ github.repository_owner }}"
echo " Run ID .............. https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
echo " Triggered By ........ ${{ github.actor }}"
echo " SHA 1 (GITHUB_SHA) .. ${GITHUB_SHA}"
echo " SHA 2 (github.sha) .. ${{ github.sha }}"
echo " SHA 3 (env.SHA1) .... ${SHA1}"
echo " SHA 4 (env.SHA1_GH) . ${SHA1_GH}"
echo " Workspace ........... ${{ github.workspace }}"
echo " PWD ................. ${PWD}"
echo " Job Name ............ ${{ steps.context.outputs.job_name }}"
echo " Job ID .............. ${{ steps.context.outputs.job_id }}"
echo " Job URL ............. ${{ steps.context.outputs.job_url }}"
echo " Run ID .............. ${{ steps.context.outputs.run_id }}"
echo " Run Attempt ......... ${{ steps.context.outputs.run_attempt }}"
echo " Run Number .......... ${{ steps.context.outputs.run_number }}"
echo " Run URL ............. ${{ steps.context.outputs.run_url }}"
echo " Run Env ............. ${{ steps.context.outputs.environment }}"
echo " Run Env URL ......... ${{ steps.context.outputs.environment_url }}"
echo " Run Deployment ...... ${{ steps.context.outputs.deployment_id }}"
echo " Run Deployment URL .. ${{ steps.context.outputs.deployment_url }}"
echo " Run Deployment ...... ${{ steps.context.outputs.deployment_id }}"
echo " Run Runner Name ..... ${{ steps.context.outputs.runner_name }}"
echo " Run Runner ID ....... ${{ steps.context.outputs.runner_id }}"
echo " Year ................ ${YEAR}"
echo " Now ................. ${NOW}"
echo " Now (Short) ......... ${NOW_SHORT}"
echo " Now (Long) .......... ${NOW_LONG}"
echo " Now (Docker) ........ ${NOW_DOCKER}"
echo " Now (Docker TS) ..... ${NOW_DOCKER_TS}"
echo ""
echo ""
echo "―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――"
echo ""
echo ""
tree -I node_modules -I .git
echo ""
echo ""
echo "―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――"
echo ""
echo ""
# #
# Release Tags Fix Permissions
# #
- name: '#️⃣ Manage Permissions'
run: |
find ./ -name 'run' -exec chmod 755 {} \;
WRONG_PERM=$(find ./ -path "./.git" -prune -o \( -name "run" -o -name "finish" -o -name "check" \) -not -perm -u=x,g=x,o=x -print)
if [ -n "${WRONG_PERM}" ]; then
echo "⚠️⚠️⚠️ Permissions are invalid ⚠️⚠️⚠️"
for i in ${WRONG_PERM}; do
echo "::error file=${i},line=1,title=Missing Executable Bit::This file needs to be set as executable!"
done
exit 1
else
echo "✅✅✅ Executable permissions are OK ✅✅✅"
fi
# #
# Tags Tags Create Tag
#
# only called in dispatch mode
# #
- uses: rickstaa/action-create-tag@v1
if: ( github.event_name != 'workflow_dispatch' && inputs.DRY_RUN == false )
with:
tag: "${{ env.PACKAGE_VERSION }}"
tag_exists_error: false
message: '${{ env.IMAGE_NAME }}-${{ env.PACKAGE_VERSION }}'
gpg_private_key: ${{ secrets.ADMINSERV_GPG_KEY_ASC }}
gpg_passphrase: ${{ secrets.ADMINSERV_GPG_PASSPHRASE }}
# #
# Job Docker Release Github
# #
job-docker-release-github:
name: >-
📦 Release Github
runs-on: ubuntu-latest
# runs-on: apollo-x64
timeout-minutes: 10
needs: [ job-docker-release-tags-create ]
permissions:
contents: write
packages: write
attestations: write
id-token: write
env:
PACKAGE_VERSION: ${{ needs.job-docker-release-tags-create.outputs.package_version }}
steps:
# #
# Release Github Checkout
# #
- name: '☑️ Checkout'
uses: actions/checkout@v4
with:
fetch-depth: 0
# #
# Release Github Job Information
# #
- name: >-
🔄 Load Job
uses: qoomon/actions--context@v4
id: 'context'
# #
# Release Github Start
# #
- name: >-
✅ Start
run: |
echo ""
echo "―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――"
echo " Starting Job ${{ steps.context.outputs.job_name }}"
echo "―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――"
YEAR="$(date +'%Y')"
echo "YEAR=${YEAR}" >> $GITHUB_ENV
NOW="$(date +'%m-%d-%Y %H:%M:%S')" # 02-25-2025 12:49:48
echo "NOW=${NOW}" >> $GITHUB_ENV
NOW_SHORT="$(date +'%m-%d-%Y')" # 02-25-2025
echo "NOW_SHORT=${NOW_SHORT}" >> $GITHUB_ENV
NOW_LONG="$(date +'%m-%d-%Y %H:%M')" # 02-25-2025 12:49
echo "NOW_LONG=${NOW_LONG}" >> $GITHUB_ENV
NOW_DOCKER="$(date +'%Y%m%d')" # 20250225
echo "NOW_DOCKER=${NOW_DOCKER}" >> $GITHUB_ENV
NOW_DOCKER_TS="$(date -u +'%FT%T.%3NZ')" # 2025-02-25T12:50:11.569Z
echo "NOW_DOCKER_TS=${NOW_DOCKER_TS}" >> $GITHUB_ENV
SHA1="$(git rev-parse HEAD)" # 71fad013cfce9116ec62779e4a7e627fe4c33627
echo "SHA1=${SHA1}" >> $GITHUB_ENV
SHA1_GH="$(echo ${GITHUB_SHA})" # 71fad013cfce9116ec62779e4a7e627fe4c33627
echo "SHA1_GH=${SHA1_GH}" >> $GITHUB_ENV
PKG_VER_1DIGIT="$(echo ${{ env.PACKAGE_VERSION }} | cut -d '.' -f1-1)" # 3.22 > 3
echo "PKG_VER_1DIGIT=${PKG_VER_1DIGIT}" >> $GITHUB_ENV
PKG_VER_2DIGIT="$(echo ${{ env.PACKAGE_VERSION }} | cut -f2 -d ":" | cut -c1-3)" # 3.22 > 3.2
echo "PKG_VER_2DIGIT=${PKG_VER_2DIGIT}" >> $GITHUB_ENV
echo "―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――"
echo ""
echo ""
sudo apt -qq update
sudo apt -qq install tree
echo ""
echo ""
echo "―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――"
echo ""
echo ""
echo " Runner .............. ${{ runner.name }}"
echo " Workflow ............ ${{ github.workflow }} (#${{ github.workflow_ref }})"
echo " Run Number .......... ${{ github.run_number }}"
echo " Ref ................. ${{ github.ref }}"
echo " Ref Name ............ ${{ github.ref_name }}"
echo " Event Name .......... ${{ github.event_name }}"
echo " Repo ................ ${{ github.repository }}"
echo " Repo Owner .......... ${{ github.repository_owner }}"
echo " Run ID .............. https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
echo " Triggered By ........ ${{ github.actor }}"
echo " SHA 1 (GITHUB_SHA) .. ${GITHUB_SHA}"
echo " SHA 2 (github.sha) .. ${{ github.sha }}"
echo " SHA 3 (env.SHA1) .... ${SHA1}"
echo " SHA 4 (env.SHA1_GH) . ${SHA1_GH}"
echo " Workspace ........... ${{ github.workspace }}"
echo " PWD ................. ${PWD}"
echo " Job Name ............ ${{ steps.context.outputs.job_name }}"
echo " Job ID .............. ${{ steps.context.outputs.job_id }}"
echo " Job URL ............. ${{ steps.context.outputs.job_url }}"
echo " Run ID .............. ${{ steps.context.outputs.run_id }}"
echo " Run Attempt ......... ${{ steps.context.outputs.run_attempt }}"
echo " Run Number .......... ${{ steps.context.outputs.run_number }}"
echo " Run URL ............. ${{ steps.context.outputs.run_url }}"
echo " Run Env ............. ${{ steps.context.outputs.environment }}"
echo " Run Env URL ......... ${{ steps.context.outputs.environment_url }}"
echo " Run Deployment ...... ${{ steps.context.outputs.deployment_id }}"
echo " Run Deployment URL .. ${{ steps.context.outputs.deployment_url }}"
echo " Run Deployment ...... ${{ steps.context.outputs.deployment_id }}"
echo " Run Runner Name ..... ${{ steps.context.outputs.runner_name }}"
echo " Run Runner ID ....... ${{ steps.context.outputs.runner_id }}"
echo " Year ................ ${YEAR}"
echo " Now ................. ${NOW}"
echo " Now (Short) ......... ${NOW_SHORT}"
echo " Now (Long) .......... ${NOW_LONG}"
echo " Now (Docker) ........ ${NOW_DOCKER}"
echo " Now (Docker TS) ..... ${NOW_DOCKER_TS}"
echo ""
echo ""
echo "―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――"
echo ""
echo ""
tree -I node_modules -I .git
echo ""
echo ""
echo "―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――"
echo ""
echo ""
# #
# Release Github Set Vars
# #
- name: '🕛 Set Vars'
run: |
echo "REGISTRY_REPO_ORG_AUTHOR_LC=`echo ${{ env.IMAGE_GHCR_AUTHOR }}/${{ env.IMAGE_NAME }} | tr '[:upper:]' '[:lower:]'`" >> ${GITHUB_ENV} # thebinaryninja/tvapp2
echo "REGISTRY_REPO_AUTHOR_LC=`echo ${{ env.IMAGE_GHCR_AUTHOR }} | tr '[:upper:]' '[:lower:]'`" >> ${GITHUB_ENV} # thebinaryninja
# #
# Release Github Install Dependencies
# #
- name: '📦 Install Dependencies'
run:
sudo apt-get install -qq dos2unix
# #
# Release Github Execute dos2unix
# #
- name: '🔐 Apply dos2unix'
run: |
echo "⚠️⚠️⚠️ Running DOS2UNIX ⚠️⚠️⚠️"
find ./ \( -path "./.git" -o -path "./docs" -o -path "./.github" -o -path "*.png" -o -path "*.jpg" \) -prune -o -name '*' -print | xargs dos2unix --
echo "✅✅✅ Completed DOS2UNIX ✅✅✅"
# #
# Release Github Fix Permissions
# #
- name: '#️⃣ Manage Permissions'
run: |
find ./ -name 'run' -exec chmod 755 {} \;
WRONG_PERM=$(find ./ -path "./.git" -prune -o \( -name "run" -o -name "finish" -o -name "check" \) -not -perm -u=x,g=x,o=x -print)
if [ -n "${WRONG_PERM}" ]; then
echo "⚠️⚠️⚠️ Permissions are invalid ⚠️⚠️⚠️"
for i in ${WRONG_PERM}; do
echo "::error file=${i},line=1,title=Missing Executable Bit::This file needs to be set as executable!"
done
exit 1
else
echo "✅✅✅ Executable permissions are OK ✅✅✅"
fi
# #
# Release Github QEMU Amd64
# #
- name: '⚙️ Set up QEMU'
uses: docker/setup-qemu-action@v3
# #
# Release Github Setup BuildX Amd64
# #
- name: '⚙️ Setup Buildx'
uses: docker/setup-buildx-action@v3
with:
version: latest
driver-opts: 'image=moby/buildkit:latest'
# #
# Release Github Registry Login Amd64
# #
- name: '⚙️ Login to Github'
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ env.IMAGE_GHCR_USERNAME }}
password: ${{ secrets.ORG_BINARYNINJA_TOKEN_CL }}
# #
# Release Github Read Readme
#
# @usage org.opencontainers.image.description=${{ steps.task_release_gh_readme_cache.outputs.content }}
# #
- name: '📄 Cache README.md'
id: task_release_gh_readme_cache
uses: actions/github-script@v9
with:
github-token: ${{ secrets.ORG_BINARYNINJA_TOKEN_CL }}
script: |
'use strict'
const { promises: fs } = require('fs')
const main = async () =>
{
const path = "README.md"
let content = await fs.readFile(path, 'utf8')
core.setOutput('content', content)
}
main().catch(err => core.setFailed(err.message))
# #
# Release Github Meta
#
# this version of meta does not need one for amd64 and one for arm64 because both
# platforms are combined into one release, all sharing the same tags
# #
- name: '🔨 Github: Meta'
id: task_release_gh_meta
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/${{ env.REGISTRY_REPO_AUTHOR_LC }}/${{ env.IMAGE_NAME }}
tags: |
# tag latest = yes ( no dev )
type=raw,value=latest,enable=${{ !inputs.DEV_RELEASE }}
# tag add pr tag ( PR or push only )
type=ref,enable=${{ github.event_name == 'pull_request' || github.event_name == 'push' }},priority=600,prefix=,suffix=,event=tag
# tag add 1.0.0 ( dispatch only + no dev )
type=raw,enable=${{ github.event_name == 'workflow_dispatch' && inputs.DEV_RELEASE == false }},priority=450,prefix=,suffix=,value=${{ env.PACKAGE_VERSION }}
# tag add 1.0 ( dispatch only + no dev )
type=raw,enable=${{ github.event_name == 'workflow_dispatch' && inputs.DEV_RELEASE == false }},priority=425,prefix=,suffix=,value=${{ env.PKG_VER_2DIGIT }}
# tag add 1 ( dispatch only + no dev )
type=raw,enable=${{ github.event_name == 'workflow_dispatch' && inputs.DEV_RELEASE == false }},priority=400,prefix=,suffix=,value=${{ env.PKG_VER_1DIGIT }}
# tag add development ( dispatch only + only dev )
type=raw,enable=${{ github.event_name == 'workflow_dispatch' && inputs.DEV_RELEASE == true }},priority=300,prefix=,suffix=,value=development
# tag add development ( amd64 + only dev )
type=raw,enable=${{ inputs.DEV_RELEASE }},priority=400,prefix=,suffix=,value=development
flavor: |
latest=false
labels: |
org.opencontainers.image.description=TVApp2
org.opencontainers.image.created=${{ env.NOW_DOCKER_TS }}
org.opencontainers.image.version=${{ env.PACKAGE_VERSION }}
org.opencontainers.image.licenses=MIT
org.opencontainers.image.revision=${{ env.SHA1 }}
org.opencontainers.image.vendor=${{ env.REGISTRY_REPO_AUTHOR_LC }}
org.opencontainers.image.ref.name=${{ github.ref_name }}
org.opencontainers.image.development=${{ inputs.DEV_RELEASE == true && 'true' || 'false' }}
org.opencontainers.image.registry=${{ env.IMAGE_REGISTRY }}
org.tvapp2.image.build-version="Version: ${{ env.PACKAGE_VERSION }} Date: ${{ env.NOW_DOCKER }}"
org.tvapp2.image.build-version-alpine=${{ env.IMAGE_ALPINE_VERSION }}
org.tvapp2.image.build-release="${{ inputs.DEV_RELEASE == true && 'development' || 'stable' }}"
org.tvapp2.image.build-sha1=${{ env.SHA1 }}
annotations: |-
org.opencontainers.image.description=TVApp2
org.opencontainers.image.created=${{ env.NOW_DOCKER_TS }}
org.opencontainers.image.version=${{ env.PACKAGE_VERSION }}
org.opencontainers.image.licenses=MIT
org.opencontainers.image.revision=${{ env.SHA1 }}
org.opencontainers.image.vendor=${{ env.REGISTRY_REPO_AUTHOR_LC }}
org.opencontainers.image.ref.name=${{ github.ref_name }}
org.opencontainers.image.development=${{ inputs.DEV_RELEASE == true && 'true' || 'false' }}
org.opencontainers.image.registry=${{ env.IMAGE_REGISTRY }}
org.tvapp2.image.build-version="Version: ${{ env.PACKAGE_VERSION }} Date: ${{ env.NOW_DOCKER }}"
org.tvapp2.image.build-version-alpine=${{ env.IMAGE_ALPINE_VERSION }}
org.tvapp2.image.build-release="${{ inputs.DEV_RELEASE == true && 'development' || 'stable' }}"
org.tvapp2.image.build-sha1=${{ env.SHA1 }}
# #
# Release Github Build and Push Amd64
# #
- name: '📦 Build & Push (linux/amd64)'
id: task_release_gh_push_amd64
uses: docker/build-push-action@v6
if: ( github.event_name == 'workflow_dispatch' && inputs.DRY_RUN == false ) || ( github.event_name == 'push' )
with:
allow: |
network.host
network: host
context: .
file: Dockerfile
platforms: linux/amd64
provenance: false
sbom: false
push: ${{ github.event_name != 'pull_request' }}
labels: ${{ steps.task_release_gh_meta.outputs.labels }}
tags: |
${{ steps.task_release_gh_meta.outputs.tags }}
build-args: |-
ARCH=amd64
RELEASE=${{ inputs.DEV_RELEASE == true && 'development' || 'stable' }}
VERSION=${{ env.PACKAGE_VERSION }}
BUILDDATE=${{ env.NOW_DOCKER }}
GIT_SHA1=${{ env.SHA1 }}
ALPINE_VERSION=${{ env.IMAGE_ALPINE_VERSION }}
annotations: |-
org.opencontainers.image.description=TVApp2
org.opencontainers.image.created=${{ env.NOW_DOCKER_TS }}
org.opencontainers.image.version=${{ env.PACKAGE_VERSION }}
org.opencontainers.image.licenses=MIT
org.opencontainers.image.architecture=amd64
org.opencontainers.image.revision=${{ env.SHA1 }}
org.opencontainers.image.vendor=${{ env.REGISTRY_REPO_AUTHOR_LC }}
org.opencontainers.image.ref.name=${{ github.ref_name }}
org.opencontainers.image.development=${{ inputs.DEV_RELEASE == true && 'true' || 'false' }}
org.opencontainers.image.registry=${{ env.IMAGE_REGISTRY }}
org.tvapp2.image.build-version="Version: ${{ env.PACKAGE_VERSION }} Date: ${{ env.NOW_DOCKER }}"
org.tvapp2.image.build-version-alpine=${{ env.IMAGE_ALPINE_VERSION }}
org.tvapp2.image.build-architecture=amd64
org.tvapp2.image.build-release="${{ inputs.DEV_RELEASE == true && 'development' || 'stable' }}"
org.tvapp2.image.build-sha1=${{ env.SHA1 }}
# #
# Release Github Export Digest Amd64
# #
- name: '📄 Export Digest (linux/amd64)'
if: ( github.event_name == 'workflow_dispatch' && inputs.DRY_RUN == false ) || ( github.event_name == 'push' )
run: |
mkdir -p /tmp/build-digest-amd64
digest="${{ steps.task_release_gh_push_amd64.outputs.digest }}"
digest="${digest#sha256:}"
touch "/tmp/build-digest-amd64/$digest"
shell: bash
# #
# Release Github Upload Digest Amd64
# #
- name: '🔼 Upload Digest (linux/amd64)'
uses: actions/upload-artifact@v4
if: ( github.event_name == 'workflow_dispatch' && inputs.DRY_RUN == false ) || ( github.event_name == 'push' )
with:
name: digest-amd64
path: /tmp/build-digest-amd64/*
if-no-files-found: error
retention-days: 10
# #
# Release Github Build and Push Arm64
# #
- name: '📦 Build & Push (linux/arm64)'
id: task_release_gh_push_arm64
uses: docker/build-push-action@v6
if: ( github.event_name == 'workflow_dispatch' && inputs.DRY_RUN == false ) || ( github.event_name == 'push' )
with:
allow: |
network.host
network: host
context: .
file: Dockerfile
platforms: linux/arm64
provenance: false
sbom: false
push: ${{ github.event_name != 'pull_request' }}
labels: ${{ steps.task_release_gh_meta.outputs.labels }}
tags: |
${{ steps.task_release_gh_meta.outputs.tags }}
build-args: |-
ARCH=arm64
RELEASE=${{ inputs.DEV_RELEASE == true && 'development' || 'stable' }}
VERSION=${{ env.PACKAGE_VERSION }}
BUILDDATE=${{ env.NOW_DOCKER }}
GIT_SHA1=${{ env.SHA1 }}
ALPINE_VERSION=${{ env.IMAGE_ALPINE_VERSION }}
annotations: |-
org.opencontainers.image.description=TVApp2
org.opencontainers.image.created=${{ env.NOW_DOCKER_TS }}
org.opencontainers.image.version=${{ env.PACKAGE_VERSION }}
org.opencontainers.image.licenses=MIT
org.opencontainers.image.architecture=arm64
org.opencontainers.image.revision=${{ env.SHA1 }}
org.opencontainers.image.vendor=${{ env.REGISTRY_REPO_AUTHOR_LC }}
org.opencontainers.image.ref.name=${{ github.ref_name }}
org.opencontainers.image.development=${{ inputs.DEV_RELEASE == true && 'true' || 'false' }}
org.opencontainers.image.registry=${{ env.IMAGE_REGISTRY }}
org.tvapp2.image.build-version="Version: ${{ env.PACKAGE_VERSION }} Date: ${{ env.NOW_DOCKER }}"
org.tvapp2.image.build-version-alpine=${{ env.IMAGE_ALPINE_VERSION }}
org.tvapp2.image.build-architecture=arm64
org.tvapp2.image.build-release="${{ inputs.DEV_RELEASE == true && 'development' || 'stable' }}"
org.tvapp2.image.build-sha1=${{ env.SHA1 }}
# #
# Release Github Export Digest Arm64
# #
- name: '📄 Export Digest (linux/arm64)'
if: ( github.event_name == 'workflow_dispatch' && inputs.DRY_RUN == false ) || ( github.event_name == 'push' )
run: |
mkdir -p /tmp/build-digest-arm64
digest="${{ steps.task_release_gh_push_arm64.outputs.digest }}"
digest="${digest#sha256:}"
touch "/tmp/build-digest-arm64/$digest"
shell: bash
# #
# Release Github Upload Digest Arm64
# #
- name: '🔼 Upload Digest (linux/arm64)'
uses: actions/upload-artifact@v4
if: ( github.event_name == 'workflow_dispatch' && inputs.DRY_RUN == false ) || ( github.event_name == 'push' )
with:
name: digest-arm64
path: /tmp/build-digest-arm64/*
if-no-files-found: error
retention-days: 10
# #
# Release Github Checkpoint
# #
- name: '⚠️ Checkpoint'
run: |
echo ""
echo "---- [ GITHUB ] ----------------------------------------------------------------------------------------"
echo "github.actor.............................. ${{ github.actor }}"
echo "github.ref ............................... ${{ github.ref }}"
echo "github.ref_name .......................... ${{ github.ref_name }}"
echo "github.event_name ........................ ${{ github.event_name }}"
echo "github.repository_owner .................. ${{ github.repository_owner }}"
echo "github.repository ........................ ${{ github.repository }}"
echo "github.sha ............................... ${{ github.sha }}"
echo ""
echo "---- [ INPUTS ] ----------------------------------------------------------------------------------------"
echo "inputs.IMAGE_NAME ........................ ${{ inputs.IMAGE_NAME }}"
echo "inputs.IMAGE_GHCR_AUTHOR ................. ${{ inputs.IMAGE_GHCR_AUTHOR }}"
echo "inputs.IMAGE_GHCR_USERNAME ............... ${{ inputs.IMAGE_GHCR_USERNAME }}"
echo "inputs.DEV_RELEASE ....................... ${{ inputs.DEV_RELEASE }}"
echo "inputs.DRY_RUN ........................... ${{ inputs.DRY_RUN }}"
echo ""
echo "---- [ ENV ] -------------------------------------------------------------------------------------------"
echo "env.IMAGE_NAME ........................... ${{ env.IMAGE_NAME }}"
echo "env.PACKAGE_VERSION ...................... ${{ env.PACKAGE_VERSION }}"
echo "env.PKG_VER_1DIGIT ....................... ${{ env.PKG_VER_1DIGIT }}"
echo "env.PKG_VER_2DIGIT ....................... ${{ env.PKG_VER_2DIGIT }}"
echo "env.IMAGE_GHCR_AUTHOR .................... ${{ env.IMAGE_GHCR_AUTHOR }}"
echo "env.IMAGE_GHCR_USERNAME .................. ${{ env.IMAGE_GHCR_USERNAME }}"
echo "env.NOW .................................. ${{ env.NOW }}"
echo "env.NOW_SHORT ............................ ${{ env.NOW_SHORT }}"
echo "env.NOW_LONG ............................. ${{ env.NOW_LONG }}"
echo "env.NOW_DOCKER ........................... ${{ env.NOW_DOCKER }}"
echo "env.NOW_DOCKER_TS ........................ ${{ env.NOW_DOCKER_TS }}"
echo "env.REGISTRY_REPO_ORG_AUTHOR_LC .......... ${{ env.REGISTRY_REPO_ORG_AUTHOR_LC }}"
echo "env.REGISTRY_REPO_AUTHOR_LC .............. ${{ env.REGISTRY_REPO_AUTHOR_LC }}"
echo " SHA 1 (GITHUB_SHA) ...................... ${GITHUB_SHA}"
echo " SHA 2 (github.sha) ...................... ${{ github.sha }}"
echo " SHA 3 (env.SHA1) ........................ ${{ env.SHA1 }}"
echo " SHA 4 (env.SHA1_GH) ..................... ${{ env.SHA1_GH }}"
echo ""
echo "---- [ DOCKER IMAGES ] ---------------------------------------------------------------------------------"
echo "registry ................................. Github GHCR"
echo "tags ..................................... ${{ steps.task_release_gh_meta.outputs.tags }}"
echo "labels ................................... ${{ steps.task_release_gh_meta.outputs.labels }}"
echo "digest ................................... ${{ steps.task_release_gh_push_amd64.outputs.digest }}"
echo ""
echo "(release) tags ........................... ${{ steps.task_release_gh_meta.outputs.tags }}"
echo "(release) labels ......................... ${{ steps.task_release_gh_meta.outputs.labels }}"
echo ""
echo "---- [ DOCKER DIGESTS ] --------------------------------------------------------------------------------"
echo "docker image id (amd64) .................. ${{ steps.task_release_gh_push_amd64.outputs.imageid }}"
echo "docker digest (amd64) .................... ${{ steps.task_release_gh_push_amd64.outputs.digest }}"
echo "docker image id (arm64) .................. ${{ steps.task_release_gh_push_arm64.outputs.imageid }}"
echo "docker digest (arm64) .................... ${{ steps.task_release_gh_push_arm64.outputs.digest }}"
echo ""
# #
# Release Github Push Manifest
# #
- name: '📦 Push Manifest'
uses: int128/docker-manifest-create-action@v2
with:
push: ${{ !inputs.DRY_RUN }}
tags: |
${{ steps.task_release_gh_meta.outputs.tags }}
sources: |
ghcr.io/${{ env.REGISTRY_REPO_ORG_AUTHOR_LC }}@${{ steps.task_release_gh_push_amd64.outputs.digest }}
ghcr.io/${{ env.REGISTRY_REPO_ORG_AUTHOR_LC }}@${{ steps.task_release_gh_push_arm64.outputs.digest }}
index-annotations: |
${{ steps.task_release_gh_meta.outputs.labels }}
# #
# Release Github Get Weekly Commits
# #
- name: '🕛 Get Weekly Commit List'
run: |
echo 'WEEKLY_COMMITS<<EOF' >> $GITHUB_ENV
git log --format="[\`%h\`](${{ github.server_url }}/${{ github.repository }}/commit/%H) %s - %an" --since=7.days >> $GITHUB_ENV
echo 'EOF' >> $GITHUB_ENV
# #
# Release Github Notify Github
# #
- name: '🔔 Send Discord Webhook Message'
uses: tsickert/discord-webhook@v7.0.0
if: success()
with:
username: ${{ env.DISCORD_BOT_NAME }}
avatar-url: ${{ env.DISCORD_BOT_AVATAR }}
webhook-url: ${{ secrets.DISCORD_WEBHOOK_CHAN_GITHUB_TVAPP2_RELEASES }}
embed-title: "⚙️ ${{ github.workflow_ref }}"
embed-url: "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
embed-thumbnail-url: ${{ env.DISCORD_BOT_EMBED_THUMBNAIL }}
embed-description: |
### 📦 Deploy (Github) ${{ job.status == 'success' && '✅' || '❌' }} `${{ env.IMAGE_NAME }}-${{ env.PACKAGE_VERSION }}${{ inputs.DEV_RELEASE == true && '-development' || '' }}`
${{ inputs.DEV_RELEASE == true && '### ⚠️⚠️ Development / Pre-release ⚠️⚠️' || '' }}
A new version of the docker container `${{ env.IMAGE_NAME }}` has been released from Github to Github GHCR. The image is available at:
- https://github.com/${{ github.repository }}/pkgs/container/${{ env.IMAGE_NAME }}
- Version: `${{ env.PACKAGE_VERSION }}`
- Release Type: `${{ inputs.DEV_RELEASE == true && '⚠️⚠️ Development / Pre-release ⚠️⚠️' || 'Stable' }}`
- Pull: `docker pull ghcr.io/${{ env.REGISTRY_REPO_ORG_AUTHOR_LC }}:${{ inputs.DEV_RELEASE == true && 'development' || env.PACKAGE_VERSION }}`
- Pull (amd64): `docker pull ghcr.io/${{ env.REGISTRY_REPO_ORG_AUTHOR_LC }}@${{ steps.task_release_gh_push_amd64.outputs.digest }}`
- Pull (arm64): `docker pull ghcr.io/${{ env.REGISTRY_REPO_ORG_AUTHOR_LC }}@${{ steps.task_release_gh_push_arm64.outputs.digest }}`
- Dry Run: `${{ inputs.DRY_RUN }}`
- Source: `Github` https://github.com/${{ github.repository }}
- Docker Image: `${{ env.IMAGE_NAME }}-${{ env.PACKAGE_VERSION }}${{ inputs.DEV_RELEASE == true && '-development' || '' }}`
- Branch: `${{ github.ref_name }}`
- Workflow: `${{ github.workflow }} (#${{github.run_number}})`
- Runner: `${{ runner.name }}`
- Triggered By: `${{ github.actor }}`
- Status: `${{ job.status == 'success' && '✅ Successful' || '❌ Failed' }}`
### Tags
-# This docker image will use the following tags:
```
${{ steps.task_release_gh_meta.outputs.tags }}
```
### Labels
-# This docker image embeds the following labels:
```
${{ steps.task_release_gh_meta.outputs.labels }}
```
embed-color: ${{ job.status == 'success' && '5763719' || '15418782' }}
embed-footer-text: "Completed at ${{ env.NOW }} UTC"
embed-timestamp: "${{ env.NOW_LONG }}"
embed-author-name: "${{ github.repository_owner }}"
embed-author-url: "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
embed-author-icon-url: ${{ env.DISCORD_BOT_EMBED_AUTHOR_ICON }}
# #
# Job Docker Release Cleanup
# #
job-docker-release-cleanup:
name: >-
🧹 Release Cleanup
runs-on: ubuntu-latest
# runs-on: apollo-x64
timeout-minutes: 5
needs: [ job-docker-release-tags-create, job-docker-release-github ]
permissions:
contents: write
packages: write
attestations: write
id-token: write
env:
PACKAGE_VERSION: ${{ needs.job-docker-release-tags-create.outputs.package_version }}
steps:
# #
# Release Cleanup Checkout
# #
- name: '✅ Checkout'
uses: actions/checkout@v4
with:
fetch-depth: 0
# #
# Release Cleanup Print Version Debug
# #
- name: '🪪 Get Package Version'
run: |
echo "VERSION: ${{ env.PACKAGE_VERSION }}"
# #
# Release Cleanup Clean Untagged Images
# #
- name: '🧹 Clean Untagged Images'
uses: quartx-analytics/ghcr-cleaner@v1
with:
owner-type: org
token: ${{ secrets.ORG_BINARYNINJA_TOKEN_CL }}
repository-owner: ${{ github.repository_owner }}
repository-name: ${{ github.repository }}
delete-untagged: true
# keep-at-most: 0
Reference in New Issue View Git Blame Copy Permalink