mirror of
https://github.com/DIYgod/RSSHub.git
synced 2026-03-13 10:30:18 +08:00
475372751f
* chore: rename actions * chore: fix path maintainer build * feat: prepare script for node20 * chore: fix semgrep cant access secret
144 lines
4.6 KiB
YAML
144 lines
4.6 KiB
YAML
name: 'Docker Release'
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- master
|
|
paths:
|
|
- '.github/workflows/docker-release.yml'
|
|
- 'lib/**'
|
|
- '!**/maintainer.js'
|
|
- '!**/radar.js'
|
|
- '!**/radar-rules.js'
|
|
- '!lib/v2/test/**'
|
|
- '!test/**'
|
|
- 'Dockerfile'
|
|
workflow_dispatch: {}
|
|
|
|
jobs:
|
|
check-env:
|
|
permissions:
|
|
contents: none
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 5
|
|
outputs:
|
|
check-docker: ${{ steps.check-docker.outputs.defined }}
|
|
steps:
|
|
- id: check-docker
|
|
env:
|
|
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
|
if: ${{ env.DOCKER_USERNAME != '' }}
|
|
run: echo "defined=true" >> $GITHUB_OUTPUT
|
|
release:
|
|
runs-on: ubuntu-latest
|
|
needs: check-env
|
|
if: needs.check-env.outputs.check-docker == 'true'
|
|
timeout-minutes: 120
|
|
permissions:
|
|
packages: write
|
|
contents: read
|
|
id-token: write
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Install cosign
|
|
if: github.event_name != 'pull_request'
|
|
uses: sigstore/cosign-installer@v3
|
|
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@v3
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Log in to Docker Hub
|
|
uses: docker/login-action@v3
|
|
with:
|
|
username: ${{ secrets.DOCKER_USERNAME }}
|
|
password: ${{ secrets.DOCKER_PASSWORD }}
|
|
|
|
- name: Log in to the Container registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Extract Docker metadata (ordinary version)
|
|
id: meta-ordinary
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: |
|
|
${{ secrets.DOCKER_USERNAME }}/rsshub
|
|
ghcr.io/${{ github.repository }}
|
|
tags: |
|
|
type=raw,value=latest,enable=true
|
|
type=raw,value={{date 'YYYY-MM-DD'}},enable=true
|
|
flavor: latest=false
|
|
|
|
- name: Build and push Docker image (ordinary version)
|
|
id: build-and-push
|
|
uses: docker/build-push-action@v5
|
|
with:
|
|
context: .
|
|
push: true
|
|
tags: ${{ steps.meta-ordinary.outputs.tags }}
|
|
labels: ${{ steps.meta-ordinary.outputs.labels }}
|
|
platforms: linux/amd64,linux/arm/v7,linux/arm64
|
|
cache-from: type=gha,scope=docker-release
|
|
cache-to: type=gha,mode=max,scope=docker-release
|
|
|
|
- name: Sign the published Docker image
|
|
if: ${{ github.event_name != 'pull_request' }}
|
|
env:
|
|
COSIGN_EXPERIMENTAL: 'true'
|
|
run: echo "${{ steps.meta-ordinary.outputs.tags }}" | xargs -I {} cosign sign --yes {}@${{ steps.build-and-push.outputs.digest }}
|
|
|
|
- name: Extract Docker metadata (Chromium-bundled version)
|
|
id: meta-chromium-bundled
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: |
|
|
${{ secrets.DOCKER_USERNAME }}/rsshub
|
|
ghcr.io/${{ github.repository }}
|
|
tags: |
|
|
type=raw,value=chromium-bundled,enable=true
|
|
type=raw,value=chromium-bundled-{{date 'YYYY-MM-DD'}},enable=true
|
|
flavor: latest=false
|
|
|
|
- name: Build and push Docker image (Chromium-bundled version)
|
|
id: build-and-push-chromium
|
|
uses: docker/build-push-action@v5
|
|
with:
|
|
context: .
|
|
build-args: PUPPETEER_SKIP_DOWNLOAD=0
|
|
push: true
|
|
tags: ${{ steps.meta-chromium-bundled.outputs.tags }}
|
|
labels: ${{ steps.meta-chromium-bundled.outputs.labels }}
|
|
platforms: linux/amd64,linux/arm/v7,linux/arm64
|
|
cache-from: |
|
|
type=registry,ref=${{ secrets.DOCKER_USERNAME }}/rsshub:chromium-bundled
|
|
cache-to: type=inline,ref=${{ secrets.DOCKER_USERNAME }}/rsshub:chromium-bundled # inline cache is enough
|
|
|
|
- name: Sign the published Docker image
|
|
if: ${{ github.event_name != 'pull_request' }}
|
|
env:
|
|
COSIGN_EXPERIMENTAL: 'true'
|
|
run: echo "${{ steps.meta-chromium-bundled.outputs.tags }}" | xargs -I {} cosign sign --yes {}@${{ steps.build-and-push-chromium.outputs.digest }}
|
|
|
|
description:
|
|
runs-on: ubuntu-latest
|
|
needs: check-env
|
|
if: needs.check-env.outputs.check-docker == 'true'
|
|
timeout-minutes: 5
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Docker Hub Description
|
|
uses: peter-evans/dockerhub-description@v3
|
|
with:
|
|
username: ${{ secrets.DOCKER_USERNAME }}
|
|
password: ${{ secrets.DOCKER_PASSWORD }}
|
|
repository: ${{ secrets.DOCKER_USERNAME }}/rsshub
|