558 lines
20 KiB
YAML
558 lines
20 KiB
YAML
name: Release
|
|
|
|
on:
|
|
push:
|
|
tags:
|
|
- "v*"
|
|
|
|
permissions:
|
|
contents: write
|
|
|
|
env:
|
|
CNB_REPOSITORY: "dbxio.com/dbx"
|
|
CNB_USERNAME: "cnb"
|
|
CNB_REGISTRY: "docker.cnb.cool"
|
|
|
|
jobs:
|
|
bump-jdbc-plugin-version:
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
changed: ${{ steps.bump.outputs.changed }}
|
|
old_version: ${{ steps.bump.outputs.old_version }}
|
|
new_version: ${{ steps.bump.outputs.new_version }}
|
|
prev_tag: ${{ steps.prev-tag.outputs.prev_tag }}
|
|
steps:
|
|
- uses: actions/checkout@v5
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Find previous release tag
|
|
id: prev-tag
|
|
shell: bash
|
|
run: |
|
|
PREV_TAG=$(git tag --sort=-creatordate | grep '^v' | sed -n '2p')
|
|
if [ -z "$PREV_TAG" ]; then
|
|
PREV_TAG=$(git rev-list --max-parents=0 HEAD)
|
|
fi
|
|
echo "prev_tag=${PREV_TAG}" >> "$GITHUB_OUTPUT"
|
|
echo "Comparing ${PREV_TAG}..HEAD"
|
|
|
|
- name: Detect JDBC plugin changes and bump version
|
|
id: bump
|
|
shell: bash
|
|
run: |
|
|
BUMP_OUTPUT="$(node .github/scripts/bump-jdbc-plugin-version.mjs "${{ steps.prev-tag.outputs.prev_tag }}" HEAD --write)"
|
|
echo "$BUMP_OUTPUT"
|
|
echo "$BUMP_OUTPUT" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Commit JDBC plugin version bump
|
|
if: steps.bump.outputs.changed == 'true'
|
|
shell: bash
|
|
run: |
|
|
TMP_DIR="$(mktemp -d)"
|
|
cp plugins/jdbc/pom.xml "$TMP_DIR/pom.xml"
|
|
cp plugins/jdbc/manifest.json "$TMP_DIR/manifest.json"
|
|
|
|
git config user.name "github-actions[bot]"
|
|
git config user.email "github-actions[bot]@users.noreply.github.com"
|
|
git fetch origin main
|
|
git switch -C jdbc-plugin-version-bump origin/main
|
|
cp "$TMP_DIR/pom.xml" plugins/jdbc/pom.xml
|
|
cp "$TMP_DIR/manifest.json" plugins/jdbc/manifest.json
|
|
git add plugins/jdbc/pom.xml plugins/jdbc/manifest.json
|
|
if git diff --cached --quiet; then
|
|
echo "JDBC plugin version ${{ steps.bump.outputs.new_version }} is already on main."
|
|
exit 0
|
|
fi
|
|
git commit -m "chore(jdbc): bump plugin version [skip ci]"
|
|
git push origin HEAD:main
|
|
|
|
build:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- platform: macos-latest
|
|
target: aarch64-apple-darwin
|
|
- platform: macos-15-intel
|
|
target: x86_64-apple-darwin
|
|
- platform: ubuntu-22.04
|
|
target: x86_64-unknown-linux-gnu
|
|
- platform: ubuntu-22.04-arm
|
|
target: aarch64-unknown-linux-gnu
|
|
- platform: windows-2022
|
|
target: x86_64-pc-windows-msvc
|
|
arch: x64
|
|
- platform: windows-2022
|
|
target: aarch64-pc-windows-msvc
|
|
arch: arm64
|
|
|
|
runs-on: ${{ matrix.platform }}
|
|
steps:
|
|
- uses: actions/checkout@v5
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v6
|
|
with:
|
|
node-version: 22
|
|
|
|
- name: Setup pnpm
|
|
uses: pnpm/action-setup@v6
|
|
|
|
- name: Install frontend dependencies
|
|
run: pnpm install
|
|
|
|
- name: Setup Rust
|
|
uses: dtolnay/rust-toolchain@stable
|
|
with:
|
|
targets: ${{ matrix.target }}
|
|
|
|
- name: Compute Rust dependency hash
|
|
id: deps-hash
|
|
shell: bash
|
|
run: |
|
|
{
|
|
find . -name Cargo.toml -not -path './target/*' -print0 \
|
|
| sort -z \
|
|
| xargs -0 sed -E '/^version = /d'
|
|
grep -v '^version = ' Cargo.lock
|
|
} | sha256sum | cut -d' ' -f1 | {
|
|
read -r hash
|
|
echo "hash=${hash:0:20}" >> "$GITHUB_OUTPUT"
|
|
}
|
|
|
|
- name: Rust cache
|
|
uses: swatinem/rust-cache@v2
|
|
with:
|
|
workspaces: "./ -> target"
|
|
shared-key: release-${{ matrix.target }}-${{ steps.deps-hash.outputs.hash }}
|
|
add-rust-environment-hash-key: false
|
|
cache-on-failure: true
|
|
|
|
- name: Install Apple certificate (macOS)
|
|
if: startsWith(matrix.platform, 'macos')
|
|
env:
|
|
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
|
|
APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
|
|
run: |
|
|
CERTIFICATE_PATH=$RUNNER_TEMP/certificate.p12
|
|
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
|
|
echo -n "$APPLE_CERTIFICATE" | base64 --decode -o $CERTIFICATE_PATH
|
|
security create-keychain -p "" $KEYCHAIN_PATH
|
|
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
|
|
security unlock-keychain -p "" $KEYCHAIN_PATH
|
|
security import $CERTIFICATE_PATH -P "$APPLE_CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
|
|
security set-key-partition-list -S apple-tool:,apple: -k "" $KEYCHAIN_PATH
|
|
security list-keychains -d user -s $KEYCHAIN_PATH login.keychain-db
|
|
|
|
- name: Install system dependencies (Linux)
|
|
if: startsWith(matrix.platform, 'ubuntu')
|
|
run: |
|
|
sudo apt-get update
|
|
sudo apt-get install -y libwebkit2gtk-4.1-dev libgtk-3-dev libappindicator3-dev librsvg2-dev patchelf libssl-dev xdg-utils
|
|
|
|
- name: Setup Tauri signing key
|
|
shell: bash
|
|
run: |
|
|
echo "${{ secrets.TAURI_SIGNING_PRIVATE_KEY_BASE64 }}" | base64 --decode > "$RUNNER_TEMP/updater.key"
|
|
KEY_B64=$(base64 < "$RUNNER_TEMP/updater.key" | tr -d '\r\n')
|
|
echo "TAURI_SIGNING_PRIVATE_KEY=$KEY_B64" >> "$GITHUB_ENV"
|
|
if [ -n "${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}" ]; then
|
|
echo "TAURI_SIGNING_PRIVATE_KEY_PASSWORD=${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}" >> "$GITHUB_ENV"
|
|
fi
|
|
|
|
- name: Generate release notes
|
|
id: release-notes
|
|
shell: bash
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
run: |
|
|
BODY="$(gh api "repos/${GITHUB_REPOSITORY}/releases/generate-notes" \
|
|
-f tag_name="${GITHUB_REF_NAME}" \
|
|
--jq '.body')"
|
|
if [ -z "$BODY" ]; then
|
|
BODY="DBX ${GITHUB_REF_NAME}"
|
|
fi
|
|
DELIM="RELEASE_NOTES_$(date +%s%N)"
|
|
{
|
|
echo "body<<$DELIM"
|
|
printf '%s\n' "$BODY"
|
|
echo "$DELIM"
|
|
} >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Build Tauri app
|
|
uses: tauri-apps/tauri-action@v0
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
APPLE_SIGNING_IDENTITY: ${{ startsWith(matrix.platform, 'macos') && secrets.APPLE_SIGNING_IDENTITY || '' }}
|
|
APPLE_ID: ${{ startsWith(matrix.platform, 'macos') && secrets.APPLE_ID || '' }}
|
|
APPLE_PASSWORD: ${{ startsWith(matrix.platform, 'macos') && secrets.APPLE_PASSWORD || '' }}
|
|
APPLE_TEAM_ID: ${{ startsWith(matrix.platform, 'macos') && secrets.APPLE_TEAM_ID || '' }}
|
|
with:
|
|
tagName: ${{ github.ref_name }}
|
|
releaseName: "DBX ${{ github.ref_name }}"
|
|
releaseBody: ${{ steps.release-notes.outputs.body }}
|
|
releaseDraft: true
|
|
prerelease: false
|
|
args: --target ${{ matrix.target }}
|
|
|
|
- name: Upload Windows portable ZIP
|
|
if: matrix.arch == 'x64' || matrix.arch == 'arm64'
|
|
shell: pwsh
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
run: |
|
|
$version = "${env:GITHUB_REF_NAME}".TrimStart("v")
|
|
$arch = "${{ matrix.arch }}"
|
|
$portableRoot = "portable"
|
|
$portableDir = Join-Path $portableRoot "DBX_${version}_${arch}"
|
|
$zipName = "DBX_${version}_${arch}-portable.zip"
|
|
$exePath = "target/${{ matrix.target }}/release/dbx.exe"
|
|
|
|
if (!(Test-Path $exePath)) {
|
|
Write-Error "Missing Windows executable: $exePath"
|
|
exit 1
|
|
}
|
|
|
|
New-Item -ItemType Directory -Force -Path $portableDir | Out-Null
|
|
Copy-Item $exePath (Join-Path $portableDir "DBX.exe") -Force
|
|
Copy-Item "LICENSE" (Join-Path $portableDir "LICENSE") -Force
|
|
Copy-Item "README.md" (Join-Path $portableDir "README.md") -Force
|
|
Set-Content -Path (Join-Path $portableDir "portable.dbx") -Value "" -NoNewline
|
|
|
|
Compress-Archive -Path (Join-Path $portableDir "*") -DestinationPath $zipName -Force
|
|
gh release upload "${env:GITHUB_REF_NAME}" $zipName --repo "${env:GITHUB_REPOSITORY}" --clobber
|
|
|
|
- name: Upload Windows WebView2 offline installer
|
|
if: matrix.arch == 'x64' || matrix.arch == 'arm64'
|
|
shell: pwsh
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
run: |
|
|
$version = "${env:GITHUB_REF_NAME}".TrimStart("v")
|
|
$arch = "${{ matrix.arch }}"
|
|
$bundleDir = "target/${{ matrix.target }}/release/bundle/nsis"
|
|
$offlineName = "DBX_${version}_${arch}-webview2-offline-setup.exe"
|
|
$before = @{}
|
|
|
|
if (Test-Path $bundleDir) {
|
|
Get-ChildItem $bundleDir -Filter "*.exe" | ForEach-Object { $before[$_.FullName] = $_.LastWriteTimeUtc }
|
|
}
|
|
|
|
pnpm tauri bundle --bundles nsis --target ${{ matrix.target }} --config src-tauri/tauri.webview2-offline.conf.json
|
|
|
|
$installer = Get-ChildItem $bundleDir -Filter "*.exe" |
|
|
Where-Object { !$before.ContainsKey($_.FullName) -or $_.LastWriteTimeUtc -gt $before[$_.FullName] } |
|
|
Sort-Object LastWriteTimeUtc -Descending |
|
|
Select-Object -First 1
|
|
|
|
if (!$installer) {
|
|
Write-Error "Missing WebView2 offline installer in ${bundleDir}"
|
|
exit 1
|
|
}
|
|
|
|
Copy-Item $installer.FullName $offlineName -Force
|
|
gh release upload "${env:GITHUB_REF_NAME}" $offlineName --repo "${env:GITHUB_REPOSITORY}" --clobber
|
|
|
|
cleanup-release-signatures:
|
|
needs: build
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Remove standalone updater signature assets
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
shell: bash
|
|
run: |
|
|
mapfile -t SIG_ASSETS < <(
|
|
gh release view "${GITHUB_REF_NAME}" \
|
|
--repo "${GITHUB_REPOSITORY}" \
|
|
--json assets \
|
|
--jq '.assets[].name | select(endswith(".sig"))'
|
|
)
|
|
|
|
if [ "${#SIG_ASSETS[@]}" -eq 0 ]; then
|
|
echo "No standalone .sig release assets found."
|
|
exit 0
|
|
fi
|
|
|
|
for ASSET in "${SIG_ASSETS[@]}"; do
|
|
echo "Deleting release asset: ${ASSET}"
|
|
gh release delete-asset "${GITHUB_REF_NAME}" "${ASSET}" \
|
|
--repo "${GITHUB_REPOSITORY}" \
|
|
--yes
|
|
done
|
|
|
|
jdbc-plugin:
|
|
needs: [cleanup-release-signatures, bump-jdbc-plugin-version]
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v5
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Setup Java
|
|
uses: actions/setup-java@v5
|
|
with:
|
|
distribution: temurin
|
|
java-version: "17"
|
|
cache: maven
|
|
|
|
- name: Apply automatic JDBC plugin version bump
|
|
shell: bash
|
|
run: node .github/scripts/bump-jdbc-plugin-version.mjs "${{ needs.bump-jdbc-plugin-version.outputs.prev_tag }}" HEAD --write
|
|
|
|
- name: Read JDBC plugin version
|
|
id: jdbc-plugin
|
|
shell: bash
|
|
run: |
|
|
VERSION="$(grep -m1 '<version>' plugins/jdbc/pom.xml | sed -E 's/.*<version>([^<]+)<.*/\1/')"
|
|
echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Package JDBC plugin
|
|
run: ./plugins/jdbc/package.sh
|
|
|
|
- name: Upload JDBC plugin asset
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
run: |
|
|
gh release upload "${GITHUB_REF_NAME}" \
|
|
"plugins/jdbc/dist/dbx-jdbc-plugin-${{ steps.jdbc-plugin.outputs.version }}.zip" \
|
|
"plugins/jdbc/dist/dbx-jdbc-plugin-latest.zip" \
|
|
--repo "${GITHUB_REPOSITORY}" \
|
|
--clobber
|
|
|
|
- name: Add JDBC plugin metadata to latest.json
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
shell: bash
|
|
run: |
|
|
mkdir -p "$RUNNER_TEMP/latest-json"
|
|
gh release download "${GITHUB_REF_NAME}" \
|
|
--repo "${GITHUB_REPOSITORY}" \
|
|
--pattern latest.json \
|
|
--dir "$RUNNER_TEMP/latest-json"
|
|
node .github/scripts/augment-latest-json-jdbc-plugin.mjs \
|
|
"$RUNNER_TEMP/latest-json/latest.json" \
|
|
"${{ steps.jdbc-plugin.outputs.version }}" \
|
|
"1" \
|
|
"https://github.com/t8y2/dbx/releases/latest/download/dbx-jdbc-plugin-latest.zip"
|
|
gh release upload "${GITHUB_REF_NAME}" \
|
|
"$RUNNER_TEMP/latest-json/latest.json" \
|
|
--repo "${GITHUB_REPOSITORY}" \
|
|
--clobber
|
|
|
|
publish:
|
|
needs: [cleanup-release-signatures, docker-manifest, jdbc-plugin]
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Publish draft release
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
run: gh release edit ${{ github.ref_name }} --repo ${{ github.repository }} --draft=false --prerelease
|
|
|
|
sync-release-to-cnb:
|
|
name: Sync release to CNB
|
|
needs: publish
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v5
|
|
|
|
- name: Download GitHub release assets
|
|
env:
|
|
TAG_NAME: ${{ github.ref_name }}
|
|
GITHUB_REPOSITORY: ${{ github.repository }}
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
run: |
|
|
set -euo pipefail
|
|
mkdir -p "$RUNNER_TEMP/github-release" "$RUNNER_TEMP/release-assets"
|
|
gh release view "$TAG_NAME" \
|
|
--repo "$GITHUB_REPOSITORY" \
|
|
--json tagName,name,body,targetCommitish,isPrerelease,isDraft,assets \
|
|
> "$RUNNER_TEMP/github-release/release.json"
|
|
gh release download "$TAG_NAME" \
|
|
--repo "$GITHUB_REPOSITORY" \
|
|
--dir "$RUNNER_TEMP/release-assets" \
|
|
--clobber
|
|
|
|
- name: Sync release assets to CNB
|
|
env:
|
|
CNB_TOKEN: ${{ secrets.CNB_TOKEN }}
|
|
CNB_UPLOAD_CONCURRENCY: "3"
|
|
run: |
|
|
node .github/scripts/sync-cnb-release.mjs \
|
|
--github-release "$RUNNER_TEMP/github-release/release.json" \
|
|
--assets-dir "$RUNNER_TEMP/release-assets"
|
|
|
|
sync-release-to-atomgit:
|
|
name: Sync release to AtomGit
|
|
needs: publish
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v5
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Ensure AtomGit tag exists
|
|
env:
|
|
TAG_NAME: ${{ github.ref_name }}
|
|
ATOMGIT_TOKEN: ${{ secrets.ATOMGIT_TOKEN }}
|
|
run: |
|
|
set -euo pipefail
|
|
git fetch origin "refs/tags/${TAG_NAME}:refs/tags/${TAG_NAME}" --force
|
|
git remote add atomgit "https://t8y2:${ATOMGIT_TOKEN}@atomgit.com/t8y2/dbx.git"
|
|
git push atomgit "refs/tags/${TAG_NAME}:refs/tags/${TAG_NAME}" --force
|
|
|
|
- name: Download GitHub release assets
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
TAG_NAME: ${{ github.ref_name }}
|
|
GITHUB_REPOSITORY: ${{ github.repository }}
|
|
run: |
|
|
set -euo pipefail
|
|
mkdir -p "$RUNNER_TEMP/github-release" "$RUNNER_TEMP/release-assets"
|
|
gh release view "$TAG_NAME" \
|
|
--repo "$GITHUB_REPOSITORY" \
|
|
--json tagName,name,body,targetCommitish,isPrerelease,isDraft,assets \
|
|
> "$RUNNER_TEMP/github-release/release.json"
|
|
gh release download "$TAG_NAME" \
|
|
--repo "$GITHUB_REPOSITORY" \
|
|
--dir "$RUNNER_TEMP/release-assets" \
|
|
--clobber
|
|
|
|
- name: Sync release assets to AtomGit
|
|
env:
|
|
ATOMGIT_TOKEN: ${{ secrets.ATOMGIT_TOKEN }}
|
|
ATOMGIT_REPOSITORY: "t8y2/dbx"
|
|
# AtomGit throttles concurrent large-asset uploads, which can expire their temporary upload URLs.
|
|
ATOMGIT_UPLOAD_CONCURRENCY: "1"
|
|
run: |
|
|
set -euo pipefail
|
|
node .github/scripts/sync-atomgit-release.mjs \
|
|
--github-release "$RUNNER_TEMP/github-release/release.json" \
|
|
--assets-dir "$RUNNER_TEMP/release-assets"
|
|
|
|
docker:
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
platform: [linux/amd64, linux/arm64]
|
|
steps:
|
|
- uses: actions/checkout@v5
|
|
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@v3
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Login to Docker Hub
|
|
uses: docker/login-action@v3
|
|
with:
|
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
|
|
- name: Login to CNB Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ${{ env.CNB_REGISTRY }}
|
|
username: cnb
|
|
password: ${{ secrets.CNB_TOKEN }}
|
|
|
|
- name: Build and push Docker Hub by digest
|
|
id: build-dockerhub
|
|
uses: docker/build-push-action@v6
|
|
with:
|
|
context: .
|
|
file: deploy/Dockerfile
|
|
platforms: ${{ matrix.platform }}
|
|
outputs: type=image,name=${{ secrets.DOCKERHUB_USERNAME }}/dbx,push-by-digest=true,name-canonical=true,push=true
|
|
cache-from: type=gha,scope=${{ matrix.platform }}
|
|
cache-to: type=gha,scope=${{ matrix.platform }},mode=max
|
|
|
|
- name: Build and push CNB by digest
|
|
id: build-cnb
|
|
uses: docker/build-push-action@v6
|
|
with:
|
|
context: .
|
|
file: deploy/Dockerfile
|
|
platforms: ${{ matrix.platform }}
|
|
outputs: type=image,name=${{ env.CNB_REGISTRY }}/${{ env.CNB_REPOSITORY }},push-by-digest=true,name-canonical=true,push=true
|
|
cache-from: type=gha,scope=${{ matrix.platform }}
|
|
|
|
- name: Export digests
|
|
run: |
|
|
mkdir -p /tmp/digests/dockerhub /tmp/digests/cnb
|
|
dockerhub_digest="${{ steps.build-dockerhub.outputs.digest }}"
|
|
cnb_digest="${{ steps.build-cnb.outputs.digest }}"
|
|
touch "/tmp/digests/dockerhub/${dockerhub_digest#sha256:}"
|
|
touch "/tmp/digests/cnb/${cnb_digest#sha256:}"
|
|
|
|
- name: Upload Docker Hub digest
|
|
uses: actions/upload-artifact@v7
|
|
with:
|
|
name: dockerhub-digests-${{ matrix.platform == 'linux/amd64' && 'amd64' || 'arm64' }}
|
|
path: /tmp/digests/dockerhub/*
|
|
if-no-files-found: error
|
|
retention-days: 1
|
|
|
|
- name: Upload CNB digest
|
|
uses: actions/upload-artifact@v7
|
|
with:
|
|
name: cnb-digests-${{ matrix.platform == 'linux/amd64' && 'amd64' || 'arm64' }}
|
|
path: /tmp/digests/cnb/*
|
|
if-no-files-found: error
|
|
retention-days: 1
|
|
|
|
docker-manifest:
|
|
needs: docker
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Download Docker Hub digests
|
|
uses: actions/download-artifact@v8
|
|
with:
|
|
path: /tmp/digests/dockerhub
|
|
pattern: dockerhub-digests-*
|
|
merge-multiple: true
|
|
|
|
- name: Download CNB digests
|
|
uses: actions/download-artifact@v8
|
|
with:
|
|
path: /tmp/digests/cnb
|
|
pattern: cnb-digests-*
|
|
merge-multiple: true
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Login to Docker Hub
|
|
uses: docker/login-action@v3
|
|
with:
|
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
|
|
- name: Login to CNB Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ${{ env.CNB_REGISTRY }}
|
|
username: cnb
|
|
password: ${{ secrets.CNB_TOKEN }}
|
|
|
|
- name: Extract version from tag
|
|
id: version
|
|
run: echo "version=${GITHUB_REF_NAME#v}" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Create manifest list and push
|
|
run: |
|
|
docker buildx imagetools create \
|
|
-t ${{ secrets.DOCKERHUB_USERNAME }}/dbx:${{ steps.version.outputs.version }} \
|
|
-t ${{ secrets.DOCKERHUB_USERNAME }}/dbx:latest \
|
|
$(cd /tmp/digests/dockerhub && printf '${{ secrets.DOCKERHUB_USERNAME }}/dbx@sha256:%s ' *)
|
|
|
|
docker buildx imagetools create \
|
|
-t ${{ env.CNB_REGISTRY }}/${{ env.CNB_REPOSITORY }}:${{ steps.version.outputs.version }} \
|
|
-t ${{ env.CNB_REGISTRY }}/${{ env.CNB_REPOSITORY }}:latest \
|
|
$(cd /tmp/digests/cnb && printf '${{ env.CNB_REGISTRY }}/${{ env.CNB_REPOSITORY }}@sha256:%s ' *)
|