name: Release on: push: paths: - ".github/workflows/release.yml" - "src/**" - "migrations/**" - "docker/**" - "Cargo.*" - "build.rs" - "diesel.toml" - "rust-toolchain.toml" branches: # Only on paths above - main - release-build-revision tags: # Always, regardless of paths above - '*' jobs: # https://github.com/marketplace/actions/skip-duplicate-actions # Some checks to determine if we need to continue with building a new docker. # We will skip this check if we are creating a tag, because that has the same hash as a previous run already. skip_check: runs-on: ubuntu-22.04 if: ${{ github.repository == 'dani-garcia/vaultwarden' }} outputs: should_skip: ${{ steps.skip_check.outputs.should_skip }} steps: - name: Skip Duplicates Actions id: skip_check uses: fkirc/skip-duplicate-actions@12aca0a884f6137d619d6a8a09fcc3406ced5281 # v5.3.0 with: cancel_others: 'true' # Only run this when not creating a tag if: ${{ github.ref_type == 'branch' }} docker-build: runs-on: ubuntu-22.04 timeout-minutes: 120 needs: skip_check if: ${{ needs.skip_check.outputs.should_skip != 'true' && github.repository == 'dani-garcia/vaultwarden' }} # TODO: Start a local docker registry to be used to extract the final Alpine static build images # services: # registry: # image: registry:2 # ports: # - 5000:5000 env: SOURCE_COMMIT: ${{ github.sha }} SOURCE_REPOSITORY_URL: "https://github.com/${{ github.repository }}" # The *_REPO variables need to be configured as repository variables # Append `/settings/variables/actions` to your repo url # DOCKERHUB_REPO needs to be 'index.docker.io//' # Check for Docker hub credentials in secrets HAVE_DOCKERHUB_LOGIN: ${{ vars.DOCKERHUB_REPO != '' && secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }} # GHCR_REPO needs to be 'ghcr.io//' # Check for Github credentials in secrets HAVE_GHCR_LOGIN: ${{ vars.GHCR_REPO != '' && github.repository_owner != '' && secrets.GITHUB_TOKEN != '' }} # QUAY_REPO needs to be 'quay.io//' # Check for Quay.io credentials in secrets HAVE_QUAY_LOGIN: ${{ vars.QUAY_REPO != '' && secrets.QUAY_USERNAME != '' && secrets.QUAY_TOKEN != '' }} strategy: matrix: base_image: ["debian","alpine"] steps: # Checkout the repo - name: Checkout uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 with: fetch-depth: 0 - name: Initialize QEMU binfmt support uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 with: platforms: "arm64,arm" # Start Docker Buildx - name: Setup Docker Buildx uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 # https://github.com/moby/buildkit/issues/3969 # Also set max parallelism to 2, the default of 4 breaks GitHub Actions with: config-inline: | [worker.oci] max-parallelism = 2 driver-opts: | network=host # Determine Base Tags and Source Version - name: Determine Base Tags and Source Version shell: bash run: | # Check which main tag we are going to build determined by github.ref_type if [[ "${{ github.ref_type }}" == "tag" ]]; then echo "BASE_TAGS=latest,${GITHUB_REF#refs/*/}" | tee -a "${GITHUB_ENV}" elif [[ "${{ github.ref_type }}" == "branch" ]]; then echo "BASE_TAGS=testing" | tee -a "${GITHUB_ENV}" fi # Get the Source Version for this release GIT_EXACT_TAG="$(git describe --tags --abbrev=0 --exact-match 2>/dev/null || true)" if [[ -n "${GIT_EXACT_TAG}" ]]; then echo "SOURCE_VERSION=${GIT_EXACT_TAG}" | tee -a "${GITHUB_ENV}" else GIT_LAST_TAG="$(git describe --tags --abbrev=0)" echo "SOURCE_VERSION=${GIT_LAST_TAG}-${SOURCE_COMMIT:0:8}" | tee -a "${GITHUB_ENV}" fi # End Determine Base Tags # Login to Docker Hub - name: Login to Docker Hub uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} if: ${{ env.HAVE_DOCKERHUB_LOGIN == 'true' }} - name: Add registry for DockerHub if: ${{ env.HAVE_DOCKERHUB_LOGIN == 'true' }} shell: bash run: | echo "CONTAINER_REGISTRIES=${{ vars.DOCKERHUB_REPO }}" | tee -a "${GITHUB_ENV}" # Login to GitHub Container Registry - name: Login to GitHub Container Registry uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} if: ${{ env.HAVE_GHCR_LOGIN == 'true' }} - name: Add registry for ghcr.io if: ${{ env.HAVE_GHCR_LOGIN == 'true' }} shell: bash run: | echo "CONTAINER_REGISTRIES=${CONTAINER_REGISTRIES:+${CONTAINER_REGISTRIES},}${{ vars.GHCR_REPO }}" | tee -a "${GITHUB_ENV}" # Login to Quay.io - name: Login to Quay.io uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} password: ${{ secrets.QUAY_TOKEN }} if: ${{ env.HAVE_QUAY_LOGIN == 'true' }} - name: Add registry for Quay.io if: ${{ env.HAVE_QUAY_LOGIN == 'true' }} shell: bash run: | echo "CONTAINER_REGISTRIES=${CONTAINER_REGISTRIES:+${CONTAINER_REGISTRIES},}${{ vars.QUAY_REPO }}" | tee -a "${GITHUB_ENV}" - name: Bake ${{ matrix.base_image }} containers uses: docker/bake-action@511fde2517761e303af548ec9e0ea74a8a100112 # v4.0.0 env: BASE_TAGS: "${{ env.BASE_TAGS }}" SOURCE_COMMIT: "${{ env.SOURCE_COMMIT }}" SOURCE_VERSION: "${{ env.SOURCE_VERSION }}" SOURCE_REPOSITORY_URL: "${{ env.SOURCE_REPOSITORY_URL }}" CONTAINER_REGISTRIES: "${{ env.CONTAINER_REGISTRIES }}" with: pull: true push: true files: docker/docker-bake.hcl targets: "${{ matrix.base_image }}-multi"