Build & Push Dev Image #212
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build & Push Dev Image | |
| on: | |
| release: | |
| types: [published] | |
| workflow_dispatch: | |
| inputs: | |
| base-tag: | |
| description: Base Tag to be used (`base_tag-type` + `n`) | |
| required: true | |
| default: latest | |
| type: | |
| description: Type of Build | |
| required: true | |
| type: choice | |
| default: dev | |
| options: | |
| - rc | |
| - beta | |
| - alpha | |
| - dev | |
| jobs: | |
| check: | |
| name: Check requirements | |
| runs-on: ubuntu-latest | |
| outputs: | |
| allowed: ${{ steps.collect.outputs.allowed }} | |
| steps: | |
| - if: github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/main' | |
| name: Fail if run @main | |
| run: | | |
| echo "❌ This workflow cannot be run from the main branch." | |
| echo "Please pin to a release, use another branch or commit SHA instead of @main." | |
| exit 1 | |
| - if: github.event_name == 'workflow_dispatch' && github.ref != 'refs/heads/main' | |
| name: Allow if run @main | |
| run: | | |
| echo "allowed=true" > allowed.txt | |
| - if: github.event_name == 'release' | |
| name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - if: github.event_name == 'release' | |
| name: Fail if release @main | |
| run: | | |
| set -euo pipefail | |
| TAG="${GITHUB_REF#refs/tags/}" | |
| BRANCHES=$(git branch -r --contains "$TAG" | sed 's|origin/||') | |
| if echo "$BRANCHES" | grep -qx "main"; then | |
| echo "Detected main release. Skipping..." | |
| echo "allowed=false" > allowed.txt | |
| exit 0 | |
| fi | |
| echo "allowed=true" > allowed.txt | |
| - name: Output allowed value | |
| id: collect | |
| run: | | |
| source allowed.txt | |
| echo "allowed=$allowed" >> "$GITHUB_OUTPUT" | |
| echo "Got allowed=$allowed" | |
| resolve-tag: | |
| needs: check | |
| if: needs.check.outputs.allowed == 'true' | |
| runs-on: ubuntu-latest | |
| name: Image Tag | |
| outputs: | |
| image_tag: ${{ steps.resolve.outputs.image_tag }} | |
| steps: | |
| - name: Login to Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GH_PCKG_TOKEN }} | |
| - name: Resolve next Image Tag | |
| id: resolve | |
| run: | | |
| set -euo pipefail | |
| PREFIX="${{ inputs.base-tag }}-${{ inputs.type }}" | |
| IMAGE=${{ github.repository_owner }}/${{ github.event.repository.name }} | |
| TOKEN="$( | |
| curl "https://ghcr.io/token?scope=repository:${IMAGE}:pull" | | |
| awk -F'"' '$0=$4' | |
| )" | |
| TAGS=$(curl -fsSL \ | |
| -H "Authorization: Bearer ${TOKEN}" \ | |
| "https://ghcr.io/v2/${IMAGE}/tags/list" \ | |
| | jq -r '.tags[]?') | |
| MAX=0 | |
| for tag in $TAGS; do | |
| if [[ "$tag" == ${PREFIX}* ]]; then | |
| NUM="${tag#$PREFIX}" | |
| if [[ "$NUM" =~ ^[0-9]+$ ]]; then | |
| (( NUM > MAX )) && MAX=$NUM | |
| fi | |
| fi | |
| done | |
| NEXT=$((MAX + 1)) | |
| FINAL_TAG="${PREFIX}${NEXT}" | |
| echo "Resolved tag: $FINAL_TAG" | |
| echo "image_tag=$FINAL_TAG" >> "$GITHUB_OUTPUT" | |
| update: | |
| needs: resolve-tag | |
| uses: codeshelldev/gh-actions/.github/workflows/docker-image-go.yml@main | |
| name: Development Image | |
| with: | |
| registry: ghcr.io | |
| flavor: | | |
| latest=false | |
| tags: | | |
| type=raw,value=${{ needs.resolve-tag.outputs.image_tag }} | |
| secrets: | |
| GH_PCKG_TOKEN: ${{ secrets.GH_PCKG_TOKEN }} |