name: Build & Push Docker image on: workflow_run: workflows: ['Release'] types: - completed workflow_dispatch: concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true env: REGISTRY_IMAGE: moontechlab/lunatv permissions: contents: write packages: write actions: write jobs: build: strategy: matrix: include: - platform: linux/amd64 os: ubuntu-latest - platform: linux/arm64 os: ubuntu-24.04-arm runs-on: ${{ matrix.os }} steps: - name: Prepare platform name run: | echo "PLATFORM_NAME=${{ matrix.platform }}" | sed 's|/|-|g' >> $GITHUB_ENV - name: Checkout source code run: | git clone https://${{ secrets.PUSH_TOKEN }}@${{ secrets.REPO_URL }}.git . - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Extract metadata id: meta uses: docker/metadata-action@v5 with: images: ghcr.io/${{ env.REGISTRY_IMAGE }} tags: | type=raw,value=latest,enable={{is_default_branch}} type=semver,pattern=${{ env.latest_tag }},enable=${{ github.ref == 'refs/heads/main' && github.event_name == 'workflow_run' }} - name: Get latest tag run: | echo "latest_tag=$( curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ "https://api.github.com/repos/${{ github.repository }}/tags" | \ jq -r '.[0].name // "latest"' | sed 's/^v//' )" >> $GITHUB_ENV - name: Get commit SHA if: github.ref == 'refs/heads/main' id: vars run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT - name: Build and push by digest id: build uses: docker/build-push-action@v5 with: context: . file: ./Dockerfile platforms: ${{ matrix.platform }} labels: ${{ steps.meta.outputs.labels }} build-args: | SHA=${{ steps.vars.outputs.sha_short }} outputs: type=image,name=ghcr.io/${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true - name: Export digest run: | rm -rf /tmp/digests mkdir -p /tmp/digests digest="${{ steps.build.outputs.digest }}" touch "/tmp/digests/${digest#sha256:}" - name: Upload digest uses: actions/upload-artifact@v4 with: name: digests-${{ env.PLATFORM_NAME }} path: /tmp/digests/* if-no-files-found: error retention-days: 1 merge: runs-on: ubuntu-latest needs: - build steps: - name: Download digests uses: actions/download-artifact@v4 with: path: /tmp/digests pattern: digests-* merge-multiple: true - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Get latest tag run: | echo "latest_tag=$( curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ "https://api.github.com/repos/${{ github.repository }}/tags" | \ jq -r '.[0].name // "latest"' | sed 's/^v//' )" >> $GITHUB_ENV - name: Extract metadata id: meta uses: docker/metadata-action@v5 with: images: ghcr.io/${{ env.REGISTRY_IMAGE }} tags: | type=raw,value=latest,enable={{is_default_branch}} type=semver,pattern=${{ env.latest_tag }},enable=${{ github.ref == 'refs/heads/main' && github.event_name == 'workflow_run' }} - name: Create manifest list and push working-directory: /tmp/digests run: | docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ $(printf 'ghcr.io/${{ env.REGISTRY_IMAGE }}@sha256:%s ' *) - name: Inspect image run: | docker buildx imagetools inspect ghcr.io/${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} cleanup: runs-on: ubuntu-latest needs: - merge steps: - name: Delete workflow runs uses: Mattraks/delete-workflow-runs@main with: token: ${{ secrets.GITHUB_TOKEN }} repository: ${{ github.repository }} retain_days: 0 keep_minimum_runs: 4