Skip to content

build(deps): bump docker/metadata-action from 5.5.1 to 5.6.1 #108

build(deps): bump docker/metadata-action from 5.5.1 to 5.6.1

build(deps): bump docker/metadata-action from 5.5.1 to 5.6.1 #108

Workflow file for this run

name: Docker CI
on:
# Disabled cronjobs first until we configured the change detection logic.
#schedule:
# - cron: '30 3 * * *'
push:
branches:
- "*"
# Publish semver tags as releases.
tags: [ 'v*.*.*' ]
# TODO: use paths-filter action later
paths:
- "Dockerfile"
- "vaultwarden-startup"
- "src/*"
- ".github/workflows/docker-ci.yml"
pull_request:
branches: [ main ]
workflow_dispatch:
env:
RHQCR_NAMESPACE: recaptime-dev/vaultwarden
GITLAB_MAUDEV_NAMESPACE: recaptime-dev/infra/docker/vaultwarden
GHCR_NAMESPACE: recaptime-dev/vaultwarden-docker
DOCKERHUB_NAMESPACE: ajhalili2006 # TODO: Update this before I add Docker Hub login stuff.
jobs:
docker-build:
name: Build and push
runs-on: ubuntu-latest
permissions:
contents: read
packages: write # use GITHUB_TOKEN instead of my PAT for security reasons
steps:
- name: Checkout repository
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
#- name: Install CLI
# uses: dopplerhq/cli-action@41106dbef2e821dcf2250b0c936a616a438a278a
#- uses: dopplerhq/secrets-fetch-action@ff1719d1b7d1e1b0e44f24dcfec3a9b490ede905
# id: doppler
# if: github.event_name != 'pull_request'
# with:
# doppler-token: ${{ secrets.OCI_REGISTRY_DOPPLER_TOKEN }}
# Login against a Docker registry except on PR
# https://github.com/docker/login-action
- name: Authenicate to GHCR
if: github.event_name != 'pull_request'
uses: docker/login-action@40891eba8c2bcd1309b07ba8b11232f313e86779
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Authenticate to RHQCR
if: github.event_name != 'pull_request'
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc
with:
registry: quay.io
username: ${{ secrets.RHQCR_SERVICE_ACCOUNT_USERNAME }}
password: ${{ secrets.RHQCR_SERVICE_ACCOUNT_PASSWORD }}
- name: Authenticate with dock.mau.dev
if: github.event_name != 'pull_request'
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc
with:
registry: dock.mau.dev
username: ${{ secrets.GITLAB_MAUDEV_SERVICE_ACCOUNT_USERNAME }}
password: ${{ secrets.GITLAB_MAUDEV_SERVICE_ACCOUNT_PASSWORD }}
# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96
with:
context: workflow
github-token: ${{github.token}}
images: |
ghcr.io/${{ env.GHCR_NAMESPACE }}
quay.io/${{ env.RHQCR_NAMESPACE }}
dock.mau.dev/${{ env.GITLAB_MAUDEV_NAMESPACE }}
labels: |
org.opencontainers.image.vendor=RecapTime.dev
org.opencontainers.image.authors=~ajhalili2006
org.opencontainers.image.title=RecapTime.dev's Vaultwarden Docker image
org.opencontainers.image.description=Custom Vaultwarden image, as used by Recap Time Squad for their instance.
tags: |
type=ref,prefix=branch-,event=branch
type=sha,format=long,prefix=commit-
type=raw,value=latest,enable={{is_default_branch}}
type=schedule,pattern=nightly
type=schedule,pattern={{date 'YYYYMMDDhhmmss'}},prefix=nightly-
# Then set up QEMU and Buildx so the Build and push action below will not trigger errors
- name: Set up QEMU
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349
# TODO: Fetch latest release via GitHub API
# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
- name: Build and push Docker image
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
provenance: true
#build-args: |
# VAULTWARDEN_RELEASE=TODO