ci: auto-pin nx-webmail image digest in compose
Some checks failed
Publish nx-webmail Image / publish (push) Has been cancelled
Some checks failed
Publish nx-webmail Image / publish (push) Has been cancelled
This commit is contained in:
29
.github/workflows/publish-nx-webmail-image.yml
vendored
29
.github/workflows/publish-nx-webmail-image.yml
vendored
@@ -10,15 +10,18 @@ on:
|
|||||||
- ".github/workflows/publish-nx-webmail-image.yml"
|
- ".github/workflows/publish-nx-webmail-image.yml"
|
||||||
|
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: write
|
||||||
packages: write
|
packages: write
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
publish:
|
publish:
|
||||||
|
if: github.actor != 'github-actions[bot]'
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
|
with:
|
||||||
|
fetch-depth: 0
|
||||||
|
|
||||||
- name: Set up QEMU
|
- name: Set up QEMU
|
||||||
uses: docker/setup-qemu-action@v3
|
uses: docker/setup-qemu-action@v3
|
||||||
@@ -57,6 +60,30 @@ jobs:
|
|||||||
${{ steps.meta.outputs.image }}:${{ steps.meta.outputs.version }}
|
${{ steps.meta.outputs.image }}:${{ steps.meta.outputs.version }}
|
||||||
${{ steps.meta.outputs.image }}:latest
|
${{ steps.meta.outputs.image }}:latest
|
||||||
|
|
||||||
|
- name: Pin digest in docker-compose
|
||||||
|
shell: bash
|
||||||
|
run: |
|
||||||
|
digest="${{ steps.build.outputs.digest }}"
|
||||||
|
if [ -z "$digest" ]; then
|
||||||
|
echo "No digest returned by build step" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
pinned=" image: ${{ steps.meta.outputs.image }}:${{ steps.meta.outputs.version }}@${digest}"
|
||||||
|
sed -i -E "s|^ image: .*|$pinned|" nx-webmail/docker-compose.yml
|
||||||
|
|
||||||
|
- name: Commit digest pin
|
||||||
|
shell: bash
|
||||||
|
run: |
|
||||||
|
if git diff --quiet -- nx-webmail/docker-compose.yml; then
|
||||||
|
echo "No docker-compose digest changes to commit."
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
git config user.name "github-actions[bot]"
|
||||||
|
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
|
||||||
|
git add nx-webmail/docker-compose.yml
|
||||||
|
git commit -m "nx-webmail: pin image digest [skip ci]"
|
||||||
|
git push
|
||||||
|
|
||||||
- name: Summary
|
- name: Summary
|
||||||
shell: bash
|
shell: bash
|
||||||
run: |
|
run: |
|
||||||
|
|||||||
@@ -26,7 +26,8 @@ Umbrel installation is most reliable when your app uses a prebuilt image from a
|
|||||||
2. The workflow reads `version` from `nx-webmail/umbrel-app.yml` and publishes:
|
2. The workflow reads `version` from `nx-webmail/umbrel-app.yml` and publishes:
|
||||||
- `ghcr.io/weektab/nx-webmail:<version>`
|
- `ghcr.io/weektab/nx-webmail:<version>`
|
||||||
- `ghcr.io/weektab/nx-webmail:latest`
|
- `ghcr.io/weektab/nx-webmail:latest`
|
||||||
3. Manual fallback:
|
3. The workflow then pins `nx-webmail/docker-compose.yml` to `tag@sha256:digest` automatically.
|
||||||
|
4. Manual fallback:
|
||||||
docker buildx build --platform linux/amd64,linux/arm64 -t ghcr.io/weektab/nx-webmail:1.0.1 --push .
|
docker buildx build --platform linux/amd64,linux/arm64 -t ghcr.io/weektab/nx-webmail:1.0.1 --push .
|
||||||
|
|
||||||
## Umbrel app packaging
|
## Umbrel app packaging
|
||||||
|
|||||||
Reference in New Issue
Block a user