Build container image #14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build container image | |
| on: | |
| schedule: | |
| - cron: '5 10 1,8,15,22 * *' # weekly | |
| push: | |
| branches: | |
| - master | |
| paths-ignore: | |
| - '**/README.md' | |
| workflow_dispatch: | |
| env: | |
| IMAGE_DESC: "Arch Linux (Botany Distrobox)" | |
| IMAGE_LOGO_URL: "https://botany.pl/images/Layout/logo.svg" | |
| IMAGE_REGISTRY: "${{ secrets.IMAGE_REGISTRY }}" | |
| IMAGE_REGISTRY_GHCR: "ghcr.io/${{ github.repository_owner }}" # do not edit | |
| IMAGE_NAME: "${{ github.event.repository.name }}" | |
| DEFAULT_TAG: "latest" | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref || github.run_id }}-${{ inputs.brand_name}}-${{ inputs.stream_name }} | |
| cancel-in-progress: true | |
| jobs: | |
| build_push: | |
| name: Build and push image | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| steps: | |
| - name: Prepare environment | |
| run: | | |
| # Lowercase the image uri | |
| echo "IMAGE_REGISTRY=${IMAGE_REGISTRY,,}" >> ${GITHUB_ENV} | |
| echo "IMAGE_REGISTRY_GHCR=${IMAGE_REGISTRY_GHCR,,}" >> ${GITHUB_ENV} | |
| echo "IMAGE_NAME=${IMAGE_NAME,,}" >> ${GITHUB_ENV} | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Get current date | |
| id: date | |
| run: | | |
| # This generates a timestamp like what is defined on the ArtifactHub documentation | |
| # E.G: 2022-02-08T15:38:15Z' | |
| # https://artifacthub.io/docs/topics/repositories/container-images/ | |
| # https://linux.die.net/man/1/date | |
| echo "date=$(date -u +%Y\-%m\-%d\T%H\:%M\:%S\Z)" >> $GITHUB_OUTPUT | |
| echo "date_short=$(date -u +%Y%m%d)" >> $GITHUB_OUTPUT | |
| # Image metadata for https://artifacthub.io/ - This is optional but is highly recommended so we all can get a index of all the custom images | |
| # The metadata by itself is not going to do anything, you choose if you want your image to be on ArtifactHub or not. | |
| - name: Image Metadata | |
| uses: docker/metadata-action@v5 | |
| id: metadata | |
| with: | |
| # This generates all the tags for your image, you can add custom tags here too! | |
| # Default tags are "$DEFAULT_TAG" and "$DEFAULT_TAG.$date". | |
| tags: | | |
| type=raw,value=${{ env.DEFAULT_TAG }} | |
| labels: | | |
| io.artifacthub.package.readme-url=https://raw.githubusercontent.com/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}/refs/heads/main/README.md | |
| org.opencontainers.image.created=${{ steps.date.outputs.date }} | |
| org.opencontainers.image.description=${{ env.IMAGE_DESC }} | |
| org.opencontainers.image.documentation=https://raw.githubusercontent.com/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}/refs/heads/main/README.md | |
| org.opencontainers.image.source=https://github.com/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}/blob/main/Containerfile | |
| org.opencontainers.image.title=${{ env.IMAGE_NAME }} | |
| org.opencontainers.image.url=https://github.com/${{ github.repository_owner }}/${{ env.IMAGE_NAME }} | |
| org.opencontainers.image.vendor=${{ github.repository_owner }} | |
| org.opencontainers.image.version=${{ env.DEFAULT_TAG }}.{{date 'YYYYMMDD'}} | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| io.artifacthub.package.deprecated=false | |
| io.artifacthub.package.logo-url=${{ env.IMAGE_LOGO_URL }} | |
| io.artifacthub.package.prerelease=false | |
| sep-tags: " " | |
| sep-annotations: " " | |
| - name: Build Image | |
| id: build_image | |
| uses: redhat-actions/buildah-build@v2 | |
| with: | |
| containerfiles: | | |
| ./Containerfile | |
| image: ${{ env.IMAGE_NAME }} | |
| tags: ${{ steps.metadata.outputs.tags }} | |
| labels: ${{ steps.metadata.outputs.labels }} | |
| oci: true | |
| extra-args: | | |
| --security-opt=seccomp=unconfined | |
| --squash | |
| - name: Push to GHCR | |
| uses: redhat-actions/push-to-registry@v2 | |
| if: github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch) | |
| with: | |
| registry: ${{ env.IMAGE_REGISTRY_GHCR }} | |
| image: ${{ env.IMAGE_NAME }} | |
| tags: ${{ steps.metadata.outputs.tags }} | |
| username: ${{ github.actor }} | |
| password: ${{ github.token }} | |
| extra-args: | | |
| --disable-content-trust | |
| --compression-format=zstd:chunked | |
| --force-compression=true | |
| - name: Push to private registry | |
| uses: redhat-actions/push-to-registry@v2 | |
| if: github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch) | |
| with: | |
| registry: ${{ env.IMAGE_REGISTRY }} | |
| image: ${{ env.IMAGE_NAME }} | |
| tags: ${{ steps.metadata.outputs.tags }} | |
| username: ${{ secrets.REGISTRY_USER }} | |
| password: ${{ secrets.REGISTRY_PASSWORD }} | |
| extra-args: | | |
| --disable-content-trust | |
| --compression-format=zstd:chunked | |
| --force-compression=true |