GitHub Action workflow to build image and upload to github

.github/workflows/docker-publish.yml

@@ -0,0 +1,117 @@
+name: Docker
+
+on:
+  push:
+    tags: [ 'v*.*.*' ]
+    branches:
+      - main, feature/*
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+  DOCKER_REPO: ${{ vars.DOCKER_REPO || 'cachethq/docker' }}
+
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set Versions
+        uses: actions/github-script@v4
+        id: set_version
+        with:
+          script: |
+            const tag = context.ref.substring(10)
+            const no_v = tag.replace('v', '')
+            const dash_index = no_v.lastIndexOf('-')
+            const no_dash = (dash_index > -1) ?  no_v.substring(0, dash_index) : no_v
+            core.setOutput('tag', tag)
+            core.setOutput('no-v', no_v)
+            core.setOutput('no-dash', no_dash)
+
+      - id: lower-repo
+        name: Repository to lowercase
+        run: |
+          echo "repository=${GITHUB_REPOSITORY@L}" >> $GITHUB_OUTPUT
+
+      # Install the cosign tool except on PR
+      # https://github.com/sigstore/cosign-installer
+      - name: Install cosign
+        if: github.event_name != 'pull_request'
+        uses: sigstore/[email protected]
+        with:
+          cosign-release: 'v2.2.4'
+
+      # Set up BuildKit Docker container builder to be able to build
+      # multi-platform images and export cache
+      # https://github.com/docker/setup-buildx-action
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3 # v3.0.0
+
+      # Login against Docker Hub registry
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      # Login against a GitHub Docker registry
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5 # v5.0.0
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@v5 # v5.0.0
+        with:
+          context: .
+          build-args: |
+            "cachet_ver=${{ github.ref_name }}"
+          platforms: linux/amd64,linux/arm64
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: |
+            ${{ env.DOCKER_REPO }}:${{steps.set_version.outputs.no-dash}}
+            ghcr.io/${{ steps.lower-repo.outputs.repository }}:${{steps.set_version.outputs.no-dash}}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      # Sign the resulting Docker image digest except on PRs.
+      # This will only write to the public Rekor transparency log when the Docker
+      # repository is public to avoid leaking data.  If you would like to publish
+      # transparency data even for private images, pass --force to cosign below.
+      # https://github.com/sigstore/cosign
+      - name: Sign the published Docker image
+        if: ${{ github.event_name != 'pull_request' }}
+        env:
+          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
+          TAGS: ${{ steps.meta.outputs.tags }}
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+        # This step uses the identity token to provision an ephemeral certificate
+        # against the sigstore community Fulcio instance.
+        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}

.gitignore

@@ -0,0 +1,2 @@
+/.env
+/.idea

Dockerfile

@@ -1,5 +1,9 @@
 FROM nginx:1.17.8-alpine
-
+LABEL org.opencontainers.image.description="Cachet is a beautiful and powerful open source status page system." \
+      org.opencontainers.image.authors="CachetHQ" \
+      org.opencontainers.image.url="https://cachethq.io" \
+      org.opencontainers.image.documentation="https://docs.cachethq.io" \
+      org.opencontainers.image.source="https://github.com/cachethq/cachet"
 EXPOSE 8000
 CMD ["/sbin/entrypoint.sh"]
 

Makefile

@@ -3,7 +3,7 @@ SILENT :
 
 update-dependencies:
 	docker pull curlimages/curl:latest
-	docker pull postgres:9.5
+	docker pull postgres:12-alpine
 
 test:
 	bats test

docker-compose.yml

@@ -10,10 +10,7 @@ services:
       - POSTGRES_PASSWORD=postgres
     restart: always
   cachet:
-    build:
-      context: .
-      args:
-        - cachet_ver=2.4
+    image: ${DOCKER_REPO:-ghcr.io/cachethq/docker}:${APP_VERSION:-latest}
     ports:
       - 80:8000
     links:

test/docker-compose-full.yml

@@ -0,0 +1,36 @@
+version: "3"
+
+services:
+  postgres:
+    image: postgres:12-alpine
+    volumes:
+      - /var/lib/postgresql/data
+    environment:
+      - POSTGRES_USER=postgres
+      - POSTGRES_PASSWORD=postgres
+    restart: always
+  cachet:
+    image: ${DOCKER_REPO:-ghcr.io/cachethq/docker}:${APP_VERSION:-latest}
+    build:
+      context: ..
+      dockerfile: Dockerfile
+    ports:
+      - 8000:8000
+    links:
+      - postgres:postgres
+    environment:
+      - DB_DRIVER=pgsql
+      - DB_HOST=postgres
+      - DB_PORT=5432
+      - DB_DATABASE=postgres
+      - DB_USERNAME=postgres
+      - DB_PASSWORD=postgres
+      - DB_PREFIX=chq_
+      - APP_KEY=${APP_KEY:-null}
+      - APP_LOG=errorlog
+      - APP_ENV=${APP_ENV:-production}
+      - APP_DEBUG=false
+      - DEBUG=false
+    depends_on:
+      - postgres
+    restart: on-failure

test/docker-compose-mysql.yml

@@ -2,15 +2,18 @@ version: "3"
 
 services:
   mysql:
-    image: mariadb:10.4
+    image: mariadb:11
     environment:
       - MYSQL_ROOT_PASSWORD=mysql
       - MYSQL_USER=mysql
       - MYSQL_PASSWORD=mysql
       - MYSQL_DATABASE=mysql
       - DEBUG=false
   cachet:
-    image: docker_cachet
+    image: ${DOCKER_REPO:-ghcr.io/cachethq/docker}:${APP_VERSION:-latest}
+    build:
+      context: ..
+      dockerfile: Dockerfile
     ports:
       - 80:8000
     links:

test/docker-compose-sqlite.yml

@@ -2,7 +2,10 @@ version: "3"
 
 services:
   cachet:
-    image: docker_cachet
+    image: ${DOCKER_REPO:-ghcr.io/cachethq/docker}:${APP_VERSION:-latest}
+    build:
+      context: ..
+      dockerfile: Dockerfile
     ports:
       - 80:8000
     environment:

test/test.full.bats

@@ -5,11 +5,11 @@ load "lib/batslib"
 load "lib/output"
 
 @test "[$TEST_FILE] testing Cachet Docker image build" {
-  command docker-compose build --no-cache cachet
+  command docker-compose -f test/docker-compose-full.yml build --no-cache cachet
 }
 
 @test "[$TEST_FILE] testing Cachet docker-compose up" {
-  command docker-compose up -d
+  command docker-compose -f test/docker-compose-full.yml up -d
 }
 
 @test "[$TEST_FILE] check for container init" {
@@ -79,9 +79,9 @@ load "lib/output"
 }
 
 @test "[$TEST_FILE] restart cachet" {
-  command docker-compose stop cachet
-  command docker-compose rm -f cachet
-  command docker-compose up -d
+  command docker-compose -f test/docker-compose-full.yml stop cachet
+  command docker-compose -f test/docker-compose-full.yml rm -f cachet
+  command docker-compose -f test/docker-compose-full.yml up -d
   docker_wait_for_log docker_cachet_1 15 "INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)"
 }
 

test/test.mysql.bats

@@ -13,7 +13,7 @@ load "lib/output"
 }
 
 @test "[$TEST_FILE] check for database startup" {
-  docker_wait_for_log test_mysql_1 120 "mysqld: ready for connections."
+  docker_wait_for_log test_mysql_1 120 "mariadbd: ready for connections."
 }
 
 @test "[$TEST_FILE] check for empty sessions table" {