Skip to content
Beanstalkd Docker Image

feat: add GHCR support and security improvements #11

Sign in to view logs

feat: add GHCR support and security improvements

feat: add GHCR support and security improvements #11

Workflow file for this run

.github/workflows/docker-push.yml at 6cff3b9
name: Beanstalkd Docker Image
on:
push:
branches: [main]
pull_request:
branches: [main]
env:
DOCKER_REPOSITORY: 'maateen/docker-beanstalkd'
GHCR_REPOSITORY: 'ghcr.io/maateen/docker-beanstalkd'
PLATFORMS: '["linux/amd64", "linux/arm64"]'
ALPINE_VERSIONS: '["3.18", "3.19", "3.20", "3.21"]'
BEANSTALKD_VERSIONS: '["v1.8", "v1.9", "v1.10", "v1.11", "v1.12", "v1.13"]'
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write # Added permissions for GHCR
strategy:
fail-fast: false
matrix:
alpine_version: ${{ fromJson(env.ALPINE_VERSIONS) }}

Check failure on line 25 in .github/workflows/docker-push.yml

View workflow run for this annotation

GitHub Actions / Beanstalkd Docker Image

Invalid workflow file 

The workflow is not valid. .github/workflows/docker-push.yml (Line: 25, Col: 25): Unrecognized named-value: 'env'. Located at position 10 within expression: fromJson(env.ALPINE_VERSIONS) .github/workflows/docker-push.yml (Line: 25, Col: 25): Unexpected value '${{ fromJson(env.ALPINE_VERSIONS) }}'
beanstalkd_version: ${{ fromJson(env.BEANSTALKD_VERSIONS) }}
platform: ${{ fromJson(env.PLATFORMS) }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Prepare
id: prep
run: |
platform=${{ matrix.platform }}
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
echo "VERSION=${{ matrix.beanstalkd_version }}-alpine-${{ matrix.alpine_version }}" >> $GITHUB_ENV
echo "IS_RELEASE=${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && contains(github.event.head_commit.message, 'Merge pull request') }}" >> $GITHUB_ENV
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: latest
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ env.DOCKER_REPOSITORY }}
${{ env.GHCR_REPOSITORY }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=sha
- name: Login to Docker Hub
if: env.IS_RELEASE == 'true'
uses: docker/login-action@v3
with:
username: ${{ github.repository_owner }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GitHub Container Registry
if: env.IS_RELEASE == 'true'
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push by digest
uses: docker/build-push-action@v6
with:
build-args: |
ALPINE_VERSION=${{ matrix.alpine_version }}
BEANSTALKD_VERSION=${{ matrix.beanstalkd_version }}
BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
VCS_REF=${{ github.sha }}
VERSION=${{ matrix.beanstalkd_version }}
context: .
labels: |
${{ steps.meta.outputs.labels }}
org.opencontainers.image.description=A Docker container for beanstalkd, a simple and fast general purpose work queue
org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}
platforms: ${{ matrix.platform }}
outputs: type=image,name=${{ env.DOCKER_REPOSITORY }},name=${{ env.GHCR_REPOSITORY }},push-by-digest=true,name-canonical=true,push=${{ env.IS_RELEASE == 'true' }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Export digest
if: env.IS_RELEASE == 'true'
run: |
mkdir -p /tmp/digests/${{ env.VERSION }}
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/digests/${{ env.VERSION }}/${digest#sha256:}"
- name: Upload digest
if: env.IS_RELEASE == 'true'
uses: actions/upload-artifact@v4
with:
name: digests-${{ env.VERSION }}-${{ env.PLATFORM_PAIR }}
path: /tmp/digests/${{ env.VERSION }}/*
if-no-files-found: error
retention-days: 1
release:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
if: github.event_name == 'push' && github.ref == 'refs/heads/main' && contains(github.event.head_commit.message, 'Merge pull request')
needs: [build]
strategy:
fail-fast: false
matrix:
alpine_version: ${{ fromJson(env.ALPINE_VERSIONS) }}
beanstalkd_version: ${{ fromJson(env.BEANSTALKD_VERSIONS) }}
steps:
- name: Prepare
run: |
echo "VERSION=${{ matrix.beanstalkd_version }}-alpine-${{ matrix.alpine_version }}" >> $GITHUB_ENV
- name: Download digests
uses: actions/download-artifact@v4
with:
path: /tmp/digests/${{ env.VERSION }}
pattern: digests-${{ env.VERSION }}-*
merge-multiple: true
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ github.repository_owner }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Create manifest list and push
working-directory: /tmp/digests/${{ env.VERSION }}
run: |
# Create manifest for latest tag if this is the latest version
if [[ "${{ matrix.beanstalkd_version }}" == "v1.13" && "${{ matrix.alpine_version }}" == "3.21" ]]; then
docker buildx imagetools create -t ${{ env.DOCKER_REPOSITORY }}:latest \
-t ${{ env.GHCR_REPOSITORY }}:latest \
$(printf '${{ env.DOCKER_REPOSITORY }}@sha256:%s ' *)
fi
docker buildx imagetools create -t ${{ env.DOCKER_REPOSITORY }}:${{ env.VERSION }} \
-t ${{ env.GHCR_REPOSITORY }}:${{ env.VERSION }} \
$(printf '${{ env.DOCKER_REPOSITORY }}@sha256:%s ' *) \
$(printf '${{ env.GHCR_REPOSITORY }}@sha256:%s ' *)
- name: Inspect image
run: |
docker buildx imagetools inspect ${{ env.DOCKER_REPOSITORY }}:${{ env.VERSION }}
docker buildx imagetools inspect ${{ env.GHCR_REPOSITORY }}:${{ env.VERSION }}
if [[ "${{ matrix.beanstalkd_version }}" == "v1.13" && "${{ matrix.alpine_version }}" == "3.21" ]]; then
docker buildx imagetools inspect ${{ env.DOCKER_REPOSITORY }}:latest
docker buildx imagetools inspect ${{ env.GHCR_REPOSITORY }}:latest
fi