Skip to content

Docker CI

Docker CI #137

Workflow file for this run

name: Docker CI
on:
# Disabled cronjobs first until we configured the change detection logic.
schedule:
- cron: '30 3 * * *'
push:
branches:
- "*"
# Publish semver tags as releases.
tags: [ 'v*.*.*' ]
# TODO: use paths-filter action later
paths:
- "Dockerfile"
- "vaultwarden-startup"
- "src/*"
- ".github/workflows/docker-ci.yml"
pull_request:
branches: [ main ]
workflow_dispatch:
env:
RHQCR_NAMESPACE: recaptime-dev/vaultwarden
GITLAB_MAUDEV_NAMESPACE: recaptime-dev/infra/docker/vaultwarden
GHCR_NAMESPACE: recaptime-dev/vaultwarden-docker
jobs:
docker-build:
name: Build and push
runs-on: ubuntu-latest
permissions:
contents: read
packages: write # use GITHUB_TOKEN instead of my PAT for security reasons
steps:
- name: Checkout repository
uses: actions/checkout@61b9e3751b92087fd0b06925ba6dd6314e06f089
#- name: Install CLI
# uses: dopplerhq/cli-action@41106dbef2e821dcf2250b0c936a616a438a278a
#- uses: dopplerhq/secrets-fetch-action@ff1719d1b7d1e1b0e44f24dcfec3a9b490ede905
# id: doppler
# if: github.event_name != 'pull_request'
# with:
# doppler-token: ${{ secrets.OCI_REGISTRY_DOPPLER_TOKEN }}
# Login against a Docker registry except on PR
# https://github.com/docker/login-action
- name: Authenicate to GHCR
if: github.event_name != 'pull_request'
uses: docker/login-action@7ca345011ac4304463197fac0e56eab1bc7e6af0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Authenticate to RHQCR
if: github.event_name != 'pull_request'
uses: docker/login-action@7ca345011ac4304463197fac0e56eab1bc7e6af0
with:
registry: quay.io
username: ${{ secrets.RHQCR_BOT_USERNAME }}
password: ${{ secrets.RHQCR_BOT_PASSWORD }}
- name: Authenticate with dock.mau.dev
if: github.event_name != 'pull_request'
uses: docker/login-action@7ca345011ac4304463197fac0e56eab1bc7e6af0
with:
registry: dock.mau.dev
username: ${{ secrets.RTDEVBOT_GITLAB_USERNAME_MAUDEV }}
password: ${{ secrets.RTDEVBOT_GITLAB_TOKEN_MAUDEV }}
# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@906ecf0fc0a80f9110f79d9e6c04b1080f4a2621
with:
context: workflow
github-token: ${{github.token}}
images: |
ghcr.io/${{ env.GHCR_NAMESPACE }}
quay.io/${{ env.RHQCR_NAMESPACE }}
dock.mau.dev/${{ env.GITLAB_MAUDEV_NAMESPACE }}
labels: |
org.opencontainers.image.vendor=RecapTime.dev
org.opencontainers.image.authors=Andrei Jiroh Halili
org.opencontainers.image.title=RecapTime.dev's Vaultwarden Docker image
org.opencontainers.image.description=Custom Vaultwarden image, as used by Recap Time Squad for their instance.
tags: |
type=ref,prefix=branch-,event=branch
type=sha,format=long,prefix=commit-
type=raw,value=latest,enable={{is_default_branch}}
type=schedule,pattern=nightly
type=schedule,pattern={{date 'YYYYMMDDhhmmss'}},prefix=nightly-
# Then set up QEMU and Buildx so the Build and push action below will not trigger errors
- name: Set up QEMU
uses: docker/setup-qemu-action@8b562efa09ec1557a9e26f25a7c6292838acea94
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5
# Fetch latest release via GitHub GraphQL API
# Note: Script generated with GitHub Copilot
- name: Get latest release
run: |
# Run the GitHub CLI command and extract the tag name using jq
tag_name=$(gh api graphql -f query='{
repository(owner: "dani-garcia", name: "vaultwarden") {
releases(first: 1) {
nodes {
tagName
}
}
}
}' --jq '.data.repository.releases.nodes[0].tagName')
# Set the tag name as a GitHub Actions output
echo "VAULTWARDEN_RELEASE=$tag_name" >> $GITHUB_ENV
env:
GH_TOKEN: ${{ github.token }}
# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
- name: Build and push Docker image
uses: docker/build-push-action@7e094594beda23fc8f21fa31049f4b203e51096b
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
provenance: true
build-args: |
VAULTWARDEN_RELEASE=${{ env.VAULTWARDEN_RELEASE }}