name: Docker - Reusable on: workflow_call: inputs: docker_file: default: docker/Dockerfile description: Dockerfile required: true type: string dockerhub_repo: default: codexstorage/test description: DockerHub repository required: true type: string build_args: default: '' description: Build arguments required: false type: string tag_latest: default: true description: Set latest tag for Docker images required: false type: boolean tag_sha: default: true description: Set Git short commit as Docker tag required: false type: boolean tag_suffix: default: '' description: Suffix for Docker images tag required: false type: string checkout-fetch-depth: default: '' description: actions/checkout fetch-depth required: false type: string checkout-fetch-tags: default: '' description: actions/checkout fetch-tags required: false type: string amd64_builder: default: ubuntu-22.04 description: Builder for amd64 required: false type: string arm64_builder: default: ubuntu-22.04-arm description: Builder for arm64 required: false type: string env: DOCKER_FILE: ${{ inputs.docker_file }} DOCKERHUB_REPO: ${{ inputs.dockerhub_repo }} BUILD_ARGS: ${{ inputs.build_args }} TAG_LATEST: ${{ inputs.tag_latest }} TAG_SHA: ${{ inputs.tag_sha }} TAG_SUFFIX: ${{ inputs.tag_suffix }} CHECKOUT_FETCH_DEPTH: ${{ inputs.checkout-fetch-depth }} CHECKOUT_FETCH_TAGS: ${{ inputs.checkout-fetch-tags }} amd64_builder: ${{ inputs.amd64_builder }} arm64_builder: ${{ inputs.arm64_builder }} jobs: compute: name: Compute matrix runs-on: ubuntu-latest outputs: matrix: ${{ steps.matrix.outputs.matrix }} steps: - name: Compute matrix id: matrix uses: fabiocaccamo/create-matrix-action@v5 with: matrix: | os {linux}, arch {amd64}, builder {${{ env.amd64_builder }}} os {linux}, arch {arm64}, builder {${{ env.arm64_builder }}} # Build platform specific image build: needs: compute strategy: fail-fast: true matrix: include: ${{ fromJson(needs.compute.outputs.matrix) }} name: Build ${{ matrix.os }}/${{ matrix.arch }} runs-on: ${{ matrix.builder }} env: PLATFORM: ${{ format('{0}/{1}', 'linux', matrix.arch) }} steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: ${{ env.CHECKOUT_FETCH_DEPTH }} fetch-tags: ${{ env.CHECKOUT_FETCH_TAGS }} - name: Secrets to variables if: ${{ env.BUILD_ARGS != '' }} uses: oNaiPs/secrets-to-env-action@v1.5 with: secrets: ${{ toJSON(secrets) }} exclude: DOCKER* - name: Substitute build args if: ${{ env.BUILD_ARGS != '' }} run: | { echo 'BUILD_ARGS<> "$GITHUB_ENV" - name: Docker - Meta id: meta uses: docker/metadata-action@v5 with: images: ${{ env.DOCKERHUB_REPO }} - name: Docker - Set up Buildx uses: docker/setup-buildx-action@v3 - name: Docker - Login to Docker Hub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Docker - Build and Push by digest id: build uses: docker/build-push-action@v6 with: context: . file: ${{ env.DOCKER_FILE }} platforms: ${{ env.PLATFORM }} push: true build-args: | ${{ env.BUILD_ARGS }} labels: ${{ steps.meta.outputs.labels }} outputs: type=image,name=${{ env.DOCKERHUB_REPO }},push-by-digest=true,name-canonical=true,push=true - name: Docker - Export digest run: | mkdir -p /tmp/digests digest="${{ steps.build.outputs.digest }}" touch "/tmp/digests/${digest#sha256:}" - name: Docker - Upload digest uses: actions/upload-artifact@v4 with: name: digests-${{ matrix.arch }} path: /tmp/digests/* if-no-files-found: error retention-days: 1 # Publish multi-platform image publish: name: Publish multi-platform image runs-on: ubuntu-latest needs: build steps: - name: Docker - Variables run: | # Adjust custom suffix when set if [[ -n "${{ env.TAG_SUFFIX }}" ]]; then echo "TAG_SUFFIX=-${{ env.TAG_SUFFIX }}" >> $GITHUB_ENV fi # Disable SHA tags on tagged release if [[ "${{ startsWith(github.ref, 'refs/tags/') }}" == "true" ]]; then echo "TAG_SHA=false" >> $GITHUB_ENV fi # Handle latest and latest-custom using raw if [[ "${{ env.TAG_SHA }}" == "false" ]]; then echo "TAG_LATEST=false" >> $GITHUB_ENV echo "TAG_RAW=true" >> $GITHUB_ENV if [[ -z "${{ env.TAG_SUFFIX }}" ]]; then echo "TAG_RAW_VALUE=latest" >> $GITHUB_ENV else echo "TAG_RAW_VALUE=latest-{{ env.TAG_SUFFIX }}" >> $GITHUB_ENV fi else echo "TAG_RAW=false" >> $GITHUB_ENV fi - name: Docker - Download digests uses: actions/download-artifact@v4 with: path: /tmp/digests pattern: digests-* merge-multiple: true - name: Docker - Set up Buildx uses: docker/setup-buildx-action@v3 - name: Docker - Meta id: meta uses: docker/metadata-action@v5 with: images: ${{ env.DOCKERHUB_REPO }} flavor: | latest=${{ env.TAG_LATEST }} suffix=${{ env.TAG_SUFFIX }},onlatest=true tags: | type=semver,pattern={{version}} type=raw,enable=${{ env.TAG_RAW }},value=latest type=sha,enable=${{ env.TAG_SHA }} - name: Docker - Login to Docker Hub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Docker - Create manifest list and push working-directory: /tmp/digests run: | docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ $(printf '${{ env.DOCKERHUB_REPO }}@sha256:%s ' *) - name: Docker - Inspect image run: | docker buildx imagetools inspect ${{ env.DOCKERHUB_REPO }}:${{ steps.meta.outputs.version }}