name: Release on: push: paths: - ".github/workflows/release.yml" - "src/**" - "migrations/**" - "hooks/**" - "docker/**" - "Cargo.*" - "build.rs" - "diesel.toml" - "rust-toolchain" branches: # Only on paths above - main tags: # Always, regardless of paths above - '*' jobs: # https://github.com/marketplace/actions/skip-duplicate-actions # Some checks to determine if we need to continue with building a new docker. # We will skip this check if we are creating a tag, because that has the same hash as a previous run already. skip_check: runs-on: ubuntu-20.04 if: ${{ github.repository == 'dani-garcia/vaultwarden' }} outputs: should_skip: ${{ steps.skip_check.outputs.should_skip }} steps: - name: Skip Duplicates Actions id: skip_check uses: fkirc/skip-duplicate-actions@12aca0a884f6137d619d6a8a09fcc3406ced5281 # v5.3.0 with: cancel_others: 'true' # Only run this when not creating a tag if: ${{ startsWith(github.ref, 'refs/heads/') }} docker-build: runs-on: ubuntu-20.04 timeout-minutes: 120 needs: skip_check # Start a local docker registry to be used to generate multi-arch images. services: registry: image: registry:2 ports: - 5000:5000 env: # Use BuildKit (https://docs.docker.com/build/buildkit/) for better # build performance and the ability to copy extended file attributes # (e.g., for executable capabilities) across build phases. DOCKER_BUILDKIT: 1 SOURCE_COMMIT: ${{ github.sha }} SOURCE_REPOSITORY_URL: "https://github.com/${{ github.repository }}" # The *_REPO variables need to be configured as repository variables # Append `/settings/variables/actions` to your repo url # DOCKERHUB_REPO needs to be 'index.docker.io//' # Check for Docker hub credentials in secrets HAVE_DOCKERHUB_LOGIN: ${{ vars.DOCKERHUB_REPO != '' && secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }} # GHCR_REPO needs to be 'ghcr.io//' # Check for Github credentials in secrets HAVE_GHCR_LOGIN: ${{ vars.GHCR_REPO != '' && github.repository_owner != '' && secrets.GITHUB_TOKEN != '' }} # QUAY_REPO needs to be 'quay.io//' # Check for Quay.io credentials in secrets HAVE_QUAY_LOGIN: ${{ vars.QUAY_REPO != '' && secrets.QUAY_USERNAME != '' && secrets.QUAY_TOKEN != '' }} if: ${{ needs.skip_check.outputs.should_skip != 'true' && github.repository == 'dani-garcia/vaultwarden' }} strategy: matrix: base_image: ["debian","alpine"] steps: # Checkout the repo - name: Checkout uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 with: fetch-depth: 0 # Determine Docker Tag - name: Init Variables id: vars shell: bash run: | # Check which main tag we are going to build determined by github.ref if [[ "${{ github.ref }}" == refs/tags/* ]]; then echo "DOCKER_TAG=${GITHUB_REF#refs/*/}" | tee -a "${GITHUB_OUTPUT}" elif [[ "${{ github.ref }}" == refs/heads/* ]]; then echo "DOCKER_TAG=testing" | tee -a "${GITHUB_OUTPUT}" fi # End Determine Docker Tag # Login to Docker Hub - name: Login to Docker Hub uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} if: ${{ env.HAVE_DOCKERHUB_LOGIN == 'true' }} # Login to GitHub Container Registry - name: Login to GitHub Container Registry uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} if: ${{ env.HAVE_GHCR_LOGIN == 'true' }} # Login to Quay.io - name: Login to Quay.io uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} password: ${{ secrets.QUAY_TOKEN }} if: ${{ env.HAVE_QUAY_LOGIN == 'true' }} # Debian # Docker Hub - name: Build Debian based images (docker.io) shell: bash env: DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}" DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}" run: | ./hooks/build if: ${{ matrix.base_image == 'debian' && env.HAVE_DOCKERHUB_LOGIN == 'true' }} - name: Push Debian based images (docker.io) shell: bash env: DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}" DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}" run: | ./hooks/push if: ${{ matrix.base_image == 'debian' && env.HAVE_DOCKERHUB_LOGIN == 'true' }} # GitHub Container Registry - name: Build Debian based images (ghcr.io) shell: bash env: DOCKER_REPO: "${{ vars.GHCR_REPO }}" DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}" run: | ./hooks/build if: ${{ matrix.base_image == 'debian' && env.HAVE_GHCR_LOGIN == 'true' }} - name: Push Debian based images (ghcr.io) shell: bash env: DOCKER_REPO: "${{ vars.GHCR_REPO }}" DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}" run: | ./hooks/push if: ${{ matrix.base_image == 'debian' && env.HAVE_GHCR_LOGIN == 'true' }} # Quay.io - name: Build Debian based images (quay.io) shell: bash env: DOCKER_REPO: "${{ vars.QUAY_REPO }}" DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}" run: | ./hooks/build if: ${{ matrix.base_image == 'debian' && env.HAVE_QUAY_LOGIN == 'true' }} - name: Push Debian based images (quay.io) shell: bash env: DOCKER_REPO: "${{ vars.QUAY_REPO }}" DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}" run: | ./hooks/push if: ${{ matrix.base_image == 'debian' && env.HAVE_QUAY_LOGIN == 'true' }} # Alpine # Docker Hub - name: Build Alpine based images (docker.io) shell: bash env: DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}" DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine" run: | ./hooks/build if: ${{ matrix.base_image == 'alpine' && env.HAVE_DOCKERHUB_LOGIN == 'true' }} - name: Push Alpine based images (docker.io) shell: bash env: DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}" DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine" run: | ./hooks/push if: ${{ matrix.base_image == 'alpine' && env.HAVE_DOCKERHUB_LOGIN == 'true' }} # GitHub Container Registry - name: Build Alpine based images (ghcr.io) shell: bash env: DOCKER_REPO: "${{ vars.GHCR_REPO }}" DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine" run: | ./hooks/build if: ${{ matrix.base_image == 'alpine' && env.HAVE_GHCR_LOGIN == 'true' }} - name: Push Alpine based images (ghcr.io) shell: bash env: DOCKER_REPO: "${{ vars.GHCR_REPO }}" DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine" run: | ./hooks/push if: ${{ matrix.base_image == 'alpine' && env.HAVE_GHCR_LOGIN == 'true' }} # Quay.io - name: Build Alpine based images (quay.io) shell: bash env: DOCKER_REPO: "${{ vars.QUAY_REPO }}" DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine" run: | ./hooks/build if: ${{ matrix.base_image == 'alpine' && env.HAVE_QUAY_LOGIN == 'true' }} - name: Push Alpine based images (quay.io) shell: bash env: DOCKER_REPO: "${{ vars.QUAY_REPO }}" DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine" run: | ./hooks/push if: ${{ matrix.base_image == 'alpine' && env.HAVE_QUAY_LOGIN == 'true' }}