Update docker.io/python Docker tag to v3.14.4 #1329
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build & Push Container Image | |
| on: | |
| push: | |
| branches: | |
| - master | |
| tags: | |
| - v* | |
| pull_request: {} | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 # NOTE(aa): Required in order to have tag information available | |
| - name: Get version information | |
| id: get-version-info | |
| run: | | |
| GITVERSION="$(git describe --tags --always --match=v* --dirty=+dirty || (echo "command failed $?"; exit 1))" | |
| PYVERSION="$(git describe --tags --always --match=v* | cut -d- -f1,2 || (echo "command failed $?"; exit 1))" | |
| echo "git version: $GITVERSION, pyversion: $PYVERSION" | |
| echo "gitversion=${GITVERSION}" >> ${GITHUB_OUTPUT} | |
| echo "pyversion=${PYVERSION}" >> ${GITHUB_OUTPUT} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v4 | |
| - name: Set image version latest | |
| if: github.ref == 'refs/heads/master' | |
| run: echo "VERSION=latest" >> ${GITHUB_ENV} | |
| - name: Set image version for PRs to branch name | |
| if: github.event_name == 'pull_request' | |
| run: echo "VERSION=${GITHUB_HEAD_REF//\//-}" >> ${GITHUB_ENV} | |
| - name: Set image version from tag | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| run: echo "VERSION=$(echo ${GITHUB_REF#refs/tags/})" >> ${GITHUB_ENV} | |
| - name: Login to docker.io | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v4 | |
| with: | |
| registry: docker.io | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Login to ghcr.io | |
| uses: docker/login-action@v4 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push | |
| id: docker_build | |
| uses: docker/build-push-action@v7 | |
| with: | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: | | |
| ghcr.io/${{ github.repository }}:${{ env.VERSION }} | |
| ${{ github.event_name != 'pull_request' && format('docker.io/{0}:{1}', github.repository, env.VERSION) || '' }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| build-args: | | |
| GITVERSION=${{ steps.get-version-info.outputs.gitversion }} | |
| PYVERSION=${{ steps.get-version-info.outputs.pyversion }} | |
| - name: Build changelog from PRs with labels | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| id: build_changelog | |
| uses: mikepenz/release-changelog-builder-action@v6 | |
| with: | |
| configuration: ".github/changelog-configuration.json" | |
| # PreReleases still get a changelog, but the next full release gets a diff since the last full release, | |
| # combining possible changelogs of all previous PreReleases in between. | |
| # PreReleases show a partial changelog since last PreRelease. | |
| ignorePreReleases: "${{ !contains(github.ref, '-rc') }}" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Read release message from tag commit | |
| id: tag_message | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| run: | | |
| git fetch origin +refs/tags/*:refs/tags/* | |
| # Extract tag message | |
| TAG_MSG=$(git tag -n --format='%(contents:body)' ${GITHUB_REF##refs/tags/} | tr -d '\r') | |
| # Join multiple lines belonging to the same paragraph for GitHub | |
| # markdown. | |
| # Paragraph breaks should be '\n\n'. List items should be '\n*'. We | |
| # replace single line breaks which don't preceed a '*' with a space | |
| # with sed. Note `sed -z` operates on the whole input instead of | |
| # line-wise. Note that this currently still breaks markdown code | |
| # blocks. | |
| TAG_MSG=$(echo "$TAG_MSG" | sed -z 's/\([^\n]\)\n\([^\n\*]\)/\1 \2/g') | |
| # Set action output `messsage` as JSON-encoded string to preserve | |
| # newlines. We decode with `fromJSON()` below. | |
| TAG_MSG=$(jq -n --arg msg "${TAG_MSG}" '$msg') | |
| echo "message=${TAG_MSG}" >> $GITHUB_OUTPUT | |
| env: | |
| GITHUB_REF: ${{ github.ref }} | |
| - name: Create Release | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| uses: ncipollo/release-action@v1 | |
| with: | |
| body: "# Summary\n\n${{fromJSON(steps.tag_message.outputs.message)}}\n\n# Changes\n\n${{steps.build_changelog.outputs.changelog}}" | |
| prerelease: "${{ contains(github.ref, '-rc') }}" | |
| # Ensure target branch for release is "master" | |
| commit: master | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Delete untagged container images | |
| # We always delete all untagged container images after building an | |
| # image. This way, there should never be stale untagged images laying | |
| # around in the registry. In combination with the workflow that | |
| # deletes PR tags after the PR is closed we should be able to keep the | |
| # container image registry size in check. | |
| uses: dataaxiom/ghcr-cleanup-action@v1 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| package: ${{ github.event.repository.name }} | |
| validate: true | |
| - name: Run image | |
| if: github.event_name == 'pull_request' | |
| run: | | |
| docker run ghcr.io/projectsyn/commodore:"${VERSION}" version |