fix: update LIKE pattern sanitization for token search #576
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish Docker image (Multi Registries, native amd64+arm64) | |
| on: | |
| push: | |
| tags: | |
| - '*' | |
| workflow_dispatch: | |
| inputs: | |
| tag: | |
| description: 'Tag name to build (e.g., v0.10.8-alpha.3)' | |
| required: true | |
| type: string | |
| jobs: | |
| build_single_arch: | |
| name: Build & push (${{ matrix.arch }}) [native] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - arch: amd64 | |
| platform: linux/amd64 | |
| runner: ubuntu-latest | |
| - arch: arm64 | |
| platform: linux/arm64 | |
| runner: ubuntu-24.04-arm | |
| runs-on: ${{ matrix.runner }} | |
| permissions: | |
| packages: write | |
| contents: read | |
| steps: | |
| - name: Check out | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: ${{ github.event_name == 'workflow_dispatch' && 0 || 1 }} | |
| ref: ${{ github.event.inputs.tag || github.ref }} | |
| - name: Resolve tag & write VERSION | |
| run: | | |
| if [ -n "${{ github.event.inputs.tag }}" ]; then | |
| TAG="${{ github.event.inputs.tag }}" | |
| # Verify tag exists | |
| if ! git rev-parse "refs/tags/$TAG" >/dev/null 2>&1; then | |
| echo "Error: Tag '$TAG' does not exist in the repository" | |
| exit 1 | |
| fi | |
| else | |
| TAG=${GITHUB_REF#refs/tags/} | |
| fi | |
| echo "TAG=$TAG" >> $GITHUB_ENV | |
| echo "$TAG" > VERSION | |
| echo "Building tag: $TAG for ${{ matrix.arch }}" | |
| # - name: Normalize GHCR repository | |
| # run: echo "GHCR_REPOSITORY=${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| # - name: Log in to GHCR | |
| # uses: docker/login-action@v3 | |
| # with: | |
| # registry: ghcr.io | |
| # username: ${{ github.actor }} | |
| # password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata (labels) | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| calciumion/new-api | |
| # ghcr.io/${{ env.GHCR_REPOSITORY }} | |
| - name: Build & push single-arch (to both registries) | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| platforms: ${{ matrix.platform }} | |
| push: true | |
| tags: | | |
| calciumion/new-api:${{ env.TAG }}-${{ matrix.arch }} | |
| calciumion/new-api:latest-${{ matrix.arch }} | |
| # ghcr.io/${{ env.GHCR_REPOSITORY }}:${{ env.TAG }}-${{ matrix.arch }} | |
| # ghcr.io/${{ env.GHCR_REPOSITORY }}:latest-${{ matrix.arch }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| provenance: false | |
| sbom: false | |
| create_manifests: | |
| name: Create multi-arch manifests (Docker Hub) | |
| needs: [build_single_arch] | |
| runs-on: ubuntu-latest | |
| if: startsWith(github.ref, 'refs/tags/') || github.event_name == 'workflow_dispatch' | |
| steps: | |
| - name: Extract tag | |
| run: | | |
| if [ -n "${{ github.event.inputs.tag }}" ]; then | |
| echo "TAG=${{ github.event.inputs.tag }}" >> $GITHUB_ENV | |
| else | |
| echo "TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV | |
| fi | |
| # | |
| # - name: Normalize GHCR repository | |
| # run: echo "GHCR_REPOSITORY=${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV | |
| - name: Log in to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Create & push manifest (Docker Hub - version) | |
| run: | | |
| docker buildx imagetools create \ | |
| -t calciumion/new-api:${TAG} \ | |
| calciumion/new-api:${TAG}-amd64 \ | |
| calciumion/new-api:${TAG}-arm64 | |
| - name: Create & push manifest (Docker Hub - latest) | |
| run: | | |
| docker buildx imagetools create \ | |
| -t calciumion/new-api:latest \ | |
| calciumion/new-api:latest-amd64 \ | |
| calciumion/new-api:latest-arm64 | |
| # ---- GHCR ---- | |
| # - name: Log in to GHCR | |
| # uses: docker/login-action@v3 | |
| # with: | |
| # registry: ghcr.io | |
| # username: ${{ github.actor }} | |
| # password: ${{ secrets.GITHUB_TOKEN }} | |
| # - name: Create & push manifest (GHCR - version) | |
| # run: | | |
| # docker buildx imagetools create \ | |
| # -t ghcr.io/${GHCR_REPOSITORY}:${TAG} \ | |
| # ghcr.io/${GHCR_REPOSITORY}:${TAG}-amd64 \ | |
| # ghcr.io/${GHCR_REPOSITORY}:${TAG}-arm64 | |
| # | |
| # - name: Create & push manifest (GHCR - latest) | |
| # run: | | |
| # docker buildx imagetools create \ | |
| # -t ghcr.io/${GHCR_REPOSITORY}:latest \ | |
| # ghcr.io/${GHCR_REPOSITORY}:latest-amd64 \ | |
| # ghcr.io/${GHCR_REPOSITORY}:latest-arm64 |