Improve Github Actions CI (#3407)

DivinumOfficium · Oct 28, 2023 · 59184c4 · 59184c4
1 parent 3898598
commit 59184c4
Show file tree

Hide file tree

Showing 2 changed files with 74 additions and 25 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -1,35 +1,52 @@
-name: build
-
-# Test of CI build of docker image - this isn't yet doing anything, but it's a start.
+name: Create and publish Docker image
 
+# Configures this workflow to run every time a change is pushed to the branch called `release`.
 on:
-  workflow_dispatch:
   push:
-    branches: [ master ]
+    branches: [ master,ci-build-image  ]
   schedule:
     # Build the image regularly (each Friday) to get new security fixes, even if pushes don't occur
     - cron: '13 23 * * 5'
 
+
+# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds.
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu.
 jobs:
-  build:
-    name: Build, scan & push
-    runs-on: "ubuntu-20.04"
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
+    permissions:
+      contents: read
+      packages: write
+      # 
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v2
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
+      - name: Log in to the Container registry
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels.
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+      # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages.
+      # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository.
+      # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.
+      - name: Build and push Docker image
+        uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
 
-      - name: Build an image from Dockerfile
-        run: |
-          docker build -t divinumofficiumweb/divinumofficium:citest .
-      
-      # TODO : get push working
-      #- name: Docker login
-      #  run: >-
-      #    echo "${{ secrets.GHCR_TOKEN }}"
-      #    | docker login -u "${{ github.actor }}" --password-stdin ghcr.io
-
-      #- name: Push image to GitHub
-      #  run: |
-      #    docker push ghcr.io/wonderfall/nextcloud
-      #    docker push ghcr.io/wonderfall/nextcloud:$(grep -oP '(?<=NEXTCLOUD_VERSION=).*' Dockerfile | head -c6)
-      #    docker push ghcr.io/wonderfall/nextcloud:$(grep -oP '(?<=NEXTCLOUD_VERSION=).*' Dockerfile | head -c2)
diff --git a/.github/workflows/cleanup.yml b/.github/workflows/cleanup.yml
@@ -0,0 +1,32 @@
+name: Cleanup Old Images
+
+# Configures this workflow to run every time a change is pushed to the branch called `release`.
+on:
+  push:
+    branches: [ master, ci-build-image ]
+  schedule:
+    # Build the image regularly (each Friday) to get new security fixes, even if pushes don't occur
+    - cron: '13 23 * * 5'
+
+
+# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds.
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu.
+jobs:
+  cleanup-old-images:
+    runs-on: ubuntu-latest
+    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/delete-package-versions@v4
+        with:
+          #package-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          package-name: "divinum-officium"
+          #package-name: ${{ github.repository }}
+          package-type: 'container'
+          min-versions-to-keep: 5