.github/workflows/release.yml

name: ci

# This worflow needs those secrets:
#
# REGISTRY_TOKEN = Quay.io token
# DOCKERPASSWORD = Docker Hub token

on:
  push:
    branches: [master, main]
    tags: 'v*.*.*'
  schedule:
    - cron: "0 13 * * 1"

env:
  PLATFORMS: "linux/amd64,linux/arm/v7,linux/arm/v6,linux/arm64"     # Build for which platforms
  IMAGENAME: "quay.io/tdeutsch/onetimesecret"                        # Name of the image
  DEFAULT_TAG: "latest"                                              # Which tag is beeing used if we are building for master/main branch 
  QUAY_USER: "tdeutsch"                                              # Which user to use to login to quay.io
  DOCKER_USER: "tdeutsch"                                            # Which user to use to login to DockerHub

#####
# To rebuild someone else's repo, do this:
#
# - New env    REPOSITORY: "githubuser/githubrepo"
# - Add this to the checkout:
#        with:
#          repository: ${{ env.REPOSITORY }}
# - One may also need to disable hadolint, due to the quality of others Dockerfile
#####

jobs:
  docker:
    runs-on: ubuntu-latest
    steps:
      -
        name: Generate Build-Args
        id: build-args
        run: |
          # echo ::set-output name=build-arg1::"buildarg1"
          # echo ::set-output name=build-arg2::"buildarg2"
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Prepare
        id: prep
        run: |
          if [[ $GITHUB_REF == refs/tags/* ]]; then
            VERSION=${GITHUB_REF#refs/tags/}
            if [[ $VERSION =~ ^v([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$ ]]; then
               MAJOR="${BASH_REMATCH[1]}"
               MINOR="${BASH_REMATCH[2]}"
               PATCH="${BASH_REMATCH[3]}"

               TAGS="${{ env.IMAGENAME }}:latest"
               TAGS="${TAGS},${{ env.IMAGENAME }}:${MAJOR}"
               TAGS="${TAGS},${{ env.IMAGENAME }}:${MAJOR}.${MINOR}"
               TAGS="${TAGS},${{ env.IMAGENAME }}:${MAJOR}.${MINOR}.${PATCH}"
            else
               TAGS="${{ env.IMAGENAME }}:${VERSION}"
            fi
          elif [[ $GITHUB_REF == refs/heads/* ]]; then
            TIMESTAMP=$(date +%Y%m%d%H%M%S)  
            TAGS="${{ env.IMAGENAME }}:${TIMESTAMP}"
            TAGS="${TAGS},${{ env.IMAGENAME }}:${{ env.DEFAULT_TAG }}"
          elif [[ $GITHUB_REF == refs/pull/* ]]; then
            TAGS="${{ env.IMAGENAME }}:pr-${{ github.event.number }}"
          fi
          echo ::set-output name=tags::${TAGS}
          echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
      -
        name: Hadolint
        uses: brpaz/hadolint-action@v1.5.0
        with: 
          dockerfile: Dockerfile
      -
        name: Set up QEMU
        uses: docker/setup-qemu-action@v3.0.0
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3.0.0
      -
        name: Login to Quay.io
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v3.0.0
        with:
          registry: quay.io
          username: ${{ env.QUAY_USER }}
          password: ${{ secrets.REGISTRY_TOKEN }}
      -
        name: Build and push
        id: docker_build
        uses: docker/build-push-action@v5.0.0
        with:
          context: .
          file: ./Dockerfile
          platforms: ${{ env.PLATFORMS }}
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.prep.outputs.tags }}
          build-args: |
            ${{ steps.build-args.outputs.build-arg1 }}
            ${{ steps.build-args.outputs.build-arg2 }}
          labels: |
            org.opencontainers.image.title=${{ github.event.repository.name }}
            org.opencontainers.image.description=${{ github.event.repository.description }}
            org.opencontainers.image.url=${{ github.event.repository.html_url }}
            org.opencontainers.image.source=${{ github.event.repository.clone_url }}
            org.opencontainers.image.created=${{ steps.prep.outputs.created }}
            org.opencontainers.image.revision=${{ github.sha }}
            org.opencontainers.image.licenses=${{ github.event.repository.license.spdx_id }}
      -
        name: Copy to Docker Hub
        id: copy_images
        run: |
          for i in $(echo ${{ steps.prep.outputs.tags }} | sed "s/,/ /g")
          do
              GHTAG=$(echo $i | sed "s/quay.io/docker.io/g" | sed "s/${{ env.QUAY_USER }}/${{ env.DOCKER_USER }}/g")
              skopeo copy --all --src-creds=${{ env.QUAY_USER }}:${{ secrets.REGISTRY_TOKEN }} --dest-creds=${{ env.DOCKER_USER }}:${{ secrets.DOCKERPASSWORD }} docker://${i} docker://${GHTAG}
          done
          echo ::set-output name=shortname::$(echo ${{ env.IMAGENAME }} | sed "s/quay.io\///g")
      -
        name: Docker Hub Description
        uses: peter-evans/dockerhub-description@v3.4.2
        with:
          username: ${{ env.DOCKER_USER }}
          password: ${{ secrets.DOCKERPASSWORD }}
          repository: ${{ steps.copy_images.outputs.shortname }}