docs: cover DoH privacy via an additional proxy (#70) #174
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - 'master' | |
| tags: | |
| - 'v*' | |
| env: | |
| # Use docker.io for Docker Hub if empty | |
| REGISTRY: ghcr.io | |
| # github.repository as <account>/<repo> | |
| IMAGE_NAME: ${{ github.repository }} | |
| REGISTRY_IMAGE: "ghcr.io/cottand/leng" | |
| jobs: | |
| publish-nix-container: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| system: | |
| - aarch64-linux | |
| - x86_64-linux | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/[email protected] | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: cachix/install-nix-action@v29 | |
| with: | |
| github_access_token: ${{ secrets.GITHUB_TOKEN }} | |
| extra_nix_config: | | |
| extra-platforms = ${{ matrix.system }} | |
| - uses: DeterminateSystems/magic-nix-cache-action@main | |
| - uses: docker/setup-qemu-action@v1 | |
| # build in parallel | |
| - run: nix build .#packages.${{ matrix.system }}.leng-container-image -L | |
| - name: Tag and push image | |
| run: | | |
| git_sha=$(git rev-parse --short "$GITHUB_SHA") | |
| label=$git_sha-${{ matrix.system }} | |
| docker load < result | |
| docker tag leng:nix ${{ env.REGISTRY_IMAGE }}:$label | |
| docker push ${{ env.REGISTRY_IMAGE }}:$label | |
| # export digest | |
| docker pull ${{ env.REGISTRY_IMAGE }}:$label | |
| full=$(docker image inspect ${{ env.REGISTRY_IMAGE }}:$label --format "{{index .RepoDigests 0}}") | |
| digest=${full#${{ env.REGISTRY_IMAGE }}@} | |
| mkdir -p /tmp/digests | |
| merge-docker: | |
| runs-on: ubuntu-latest | |
| needs: [ publish-nix-container ] | |
| steps: | |
| - name: Login to GitHub Container Registry | |
| uses: docker/[email protected] | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: digest for x86 | |
| run: | | |
| system=x86_64-linux | |
| git_sha=${GITHUB_SHA::7} | |
| label="${git_sha}-${system}" | |
| # export digest x86 | |
| docker pull ${{ env.REGISTRY_IMAGE }}:$label | |
| full=$(docker image inspect ${{ env.REGISTRY_IMAGE }}:$label --format "{{index .RepoDigests 0}}") | |
| digest=${full#${{ env.REGISTRY_IMAGE }}@} | |
| mkdir -p /tmp/digests | |
| touch "/tmp/digests/${digest#sha256:}" | |
| - name: digest for aarch64 | |
| run: | | |
| system=aarch64-linux | |
| git_sha=${GITHUB_SHA::7} | |
| label="${git_sha}-${system}" | |
| # export digest x86 | |
| docker pull ${{ env.REGISTRY_IMAGE }}:$label | |
| full=$(docker image inspect ${{ env.REGISTRY_IMAGE }}:$label --format "{{index .RepoDigests 0}}") | |
| digest=${full#${{ env.REGISTRY_IMAGE }}@} | |
| mkdir -p /tmp/digests | |
| touch "/tmp/digests/${digest#sha256:}" | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| # list of Docker images to use as base name for tags | |
| images: ${{ env.REGISTRY_IMAGE }} | |
| tags: | | |
| # tag event | |
| type=ref,event=tag | |
| type=sha,event=tag | |
| # pull request event | |
| type=sha,event=pr | |
| - name: Create manifest list and push | |
| working-directory: /tmp/digests | |
| run: | | |
| docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | |
| $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *) | |
| - name: Inspect image | |
| run: | | |
| docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} | |
| - name: Summary | |
| run: | | |
| echo "# Published \`${{ steps.meta.outputs.tags }}\`" >> $GITHUB_STEP_SUMMARY |