From 4dca17036a1b7808721cb6cddaa8e80426d6f8ca Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Fri, 23 Feb 2024 19:45:11 +0100 Subject: [PATCH 01/53] Test multi-platform build --- .github/workflows/alpine-mainline.yml | 632 +++++++++++++++----------- 1 file changed, 358 insertions(+), 274 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index d1653ba..332eeb0 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -32,10 +32,12 @@ jobs: slim: name: Build Alpine NGINX mainline slim Docker image + needs: [version] runs-on: ubuntu-22.04 strategy: fail-fast: false - needs: version + matrix: + platform: [linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/s390x] steps: - name: Check out the codebase uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -46,52 +48,49 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 - - name: Configure AWS credentials - if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 - with: - aws-region: ${{ secrets.AWS_REGION }} - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - - - name: Login to Amazon ECR Public Gallery - if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 - with: - registry: public.ecr.aws - - - name: Login to Docker Hub - if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} + # - name: Configure AWS credentials + # if: ${{ github.event_name != 'pull_request' }} + # uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + # with: + # aws-region: ${{ secrets.AWS_REGION }} + # aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + # aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + + # - name: Login to Amazon ECR Public Gallery + # if: ${{ github.event_name != 'pull_request' }} + # uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + # with: + # registry: public.ecr.aws + + # - name: Login to Docker Hub + # # if: ${{ github.event_name != 'pull_request' }} + # uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + # with: + # username: ${{ secrets.DOCKERHUB_USERNAME }} + # password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry - if: ${{ github.event_name != 'pull_request' }} + # if: ${{ github.event_name != 'pull_request' }} uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Login to Quay - if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 - with: - registry: quay.io - username: ${{ secrets.QUAY_USERNAME }} - password: ${{ secrets.QUAY_TOKEN }} + # - name: Login to Quay + # if: ${{ github.event_name != 'pull_request' }} + # uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + # with: + # registry: quay.io + # username: ${{ secrets.QUAY_USERNAME }} + # password: ${{ secrets.QUAY_TOKEN }} - name: Extract metadata (tags, labels) for Docker id: meta uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: images: | - docker.io/nginxinc/nginx-unprivileged ghcr.io/nginxinc/nginx-unprivileged - public.ecr.aws/nginx/nginx-unprivileged - quay.io/nginx/nginx-unprivileged tags: | type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-slim @@ -108,269 +107,354 @@ jobs: id: build uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 with: - platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/s390x + platforms: ${{ matrix.platform }} context: "{{ defaultContext }}:mainline/alpine-slim" tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - push: ${{ github.event_name != 'pull_request' }} + outputs: type=image,name=ghcr.io/nginxinc/nginx-unprivileged,push-by-digest=true,name-canonical=true,push=true + # push: ${{ github.event_name != 'pull_request' }} # cache-from: type=gha,scope=alpine-slim # cache-to: type=gha,mode=min,scope=alpine-slim - - name: Sign Docker Hub Manifest - if: ${{ github.event_name != 'pull_request' }} + - name: Export digest run: | - set -ex - sudo apt update - sudo apt install -y notary - mkdir -p ~/.docker/trust/private - echo "$DOCKER_CONTENT_TRUST_REPOSITORY_KEY" > ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key - chmod 0400 ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key - docker trust key load ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key --name nginx - DIGEST=$(printf '${{ steps.build.outputs.metadata }}' | jq -r '."containerimage.descriptor".digest' | cut -d ':' -f2) - SIZE=$(printf '${{ steps.build.outputs.metadata }}' | jq -r '."containerimage.descriptor".size') - export NOTARY_AUTH=$(printf "${{ secrets.DOCKERHUB_USERNAME }}:${{ secrets.DOCKERHUB_TOKEN }}" | base64 -w0) - notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim $SIZE --sha256 $DIGEST --publish --verbose - notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-slim $SIZE --sha256 $DIGEST --publish --verbose - notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine-slim $SIZE --sha256 $DIGEST --publish --verbose - notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}-slim $SIZE --sha256 $DIGEST --publish --verbose - notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}-alpine-slim $SIZE --sha256 $DIGEST --publish --verbose - notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }}-slim $SIZE --sha256 $DIGEST --publish --verbose - notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged mainline-alpine-slim $SIZE --sha256 $DIGEST --publish --verbose - notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged mainline-alpine${{ needs.version.outputs.distro }}-slim $SIZE --sha256 $DIGEST --publish --verbose - notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged alpine-slim $SIZE --sha256 $DIGEST --publish --verbose - notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged alpine${{ needs.version.outputs.distro }}-slim $SIZE --sha256 $DIGEST --publish --verbose - env: - DOCKER_CONTENT_TRUST_REPOSITORY_KEY: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY }} - DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID }} - DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} - NOTARY_TARGETS_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} - - core: - name: Build Alpine NGINX mainline Docker image - runs-on: ubuntu-22.04 - strategy: - fail-fast: false - needs: [version, slim] - steps: - - name: Check out the codebase - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + mkdir -p /tmp/digests + digest="${{ steps.build.outputs.digest }}" + touch "/tmp/digests/${digest#sha256:}" - - name: Set up QEMU - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 - - - name: Configure AWS credentials - if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + - name: Upload digest + uses: actions/upload-artifact@v3 with: - aws-region: ${{ secrets.AWS_REGION }} - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - - - name: Login to Amazon ECR Public Gallery - if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 - with: - registry: public.ecr.aws - - - name: Login to Docker Hub - if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Login to GitHub Container Registry - if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Login to Quay - if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 - with: - registry: quay.io - username: ${{ secrets.QUAY_USERNAME }} - password: ${{ secrets.QUAY_TOKEN }} - - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 - with: - images: | - docker.io/nginxinc/nginx-unprivileged - ghcr.io/nginxinc/nginx-unprivileged - public.ecr.aws/nginx/nginx-unprivileged - quay.io/nginx/nginx-unprivileged - tags: | - type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine - type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }} - type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine - type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }} - type=raw,value=${{ needs.version.outputs.major }}-alpine - type=raw,value=${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }} - type=raw,value=mainline-alpine - type=raw,value=mainline-alpine${{ needs.version.outputs.distro }} - type=raw,value=alpine - type=raw,value=alpine${{ needs.version.outputs.distro }} - - - name: Build and push NGINX mainline Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay - id: build - uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 - with: - platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/s390x - context: "{{ defaultContext }}:mainline/alpine" - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - push: ${{ github.event_name != 'pull_request' }} - # cache-from: type=gha,scope=debian-perl - # cache-to: type=gha,mode=min,scope=debian-perl - - - name: Sign Docker Hub Manifest - if: ${{ github.event_name != 'pull_request' }} - run: | - set -ex - sudo apt update - sudo apt install -y notary - mkdir -p ~/.docker/trust/private - echo "$DOCKER_CONTENT_TRUST_REPOSITORY_KEY" > ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key - chmod 0400 ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key - docker trust key load ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key --name nginx - DIGEST=$(printf '${{ steps.build.outputs.metadata }}' | jq -r '."containerimage.descriptor".digest' | cut -d ':' -f2) - SIZE=$(printf '${{ steps.build.outputs.metadata }}' | jq -r '."containerimage.descriptor".size') - export NOTARY_AUTH=$(printf "${{ secrets.DOCKERHUB_USERNAME }}:${{ secrets.DOCKERHUB_TOKEN }}" | base64 -w0) - notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine $SIZE --sha256 $DIGEST --publish --verbose - notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }} $SIZE --sha256 $DIGEST --publish --verbose - notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine $SIZE --sha256 $DIGEST --publish --verbose - notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }} $SIZE --sha256 $DIGEST --publish --verbose - notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}-alpine $SIZE --sha256 $DIGEST --publish --verbose - notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }} $SIZE --sha256 $DIGEST --publish --verbose - notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged mainline-alpine $SIZE --sha256 $DIGEST --publish --verbose - notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged mainline-alpine${{ needs.version.outputs.distro }} $SIZE --sha256 $DIGEST --publish --verbose - notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged alpine $SIZE --sha256 $DIGEST --publish --verbose - notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged alpine${{ needs.version.outputs.distro }} $SIZE --sha256 $DIGEST --publish --verbose - env: - DOCKER_CONTENT_TRUST_REPOSITORY_KEY: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY }} - DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID }} - DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} - NOTARY_TARGETS_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} - - perl: - name: Build Alpine NGINX mainline perl Docker image - runs-on: ubuntu-22.04 - strategy: - fail-fast: false - needs: [version, core] + name: digests + path: /tmp/digests/* + if-no-files-found: error + retention-days: 1 + + merge: + runs-on: ubuntu-latest + needs: + - slim steps: - - name: Check out the codebase - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - name: Set up QEMU - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 - - - name: Configure AWS credentials - if: ${{ github.event_name != 'pull_request' }} - uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + - name: Download digests + uses: actions/download-artifact@v4 with: - aws-region: ${{ secrets.AWS_REGION }} - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + path: /tmp/digests + pattern: digests-* + merge-multiple: true - - name: Login to Amazon ECR Public Gallery - if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 - with: - registry: public.ecr.aws + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - - name: Login to Docker Hub - if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} + images: ghcr.io/nginxinc/nginx-unprivileged - name: Login to GitHub Container Registry - if: ${{ github.event_name != 'pull_request' }} + # if: ${{ github.event_name != 'pull_request' }} uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Login to Quay - if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 - with: - registry: quay.io - username: ${{ secrets.QUAY_USERNAME }} - password: ${{ secrets.QUAY_TOKEN }} - - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 - with: - images: | - docker.io/nginxinc/nginx-unprivileged - ghcr.io/nginxinc/nginx-unprivileged - public.ecr.aws/nginx/nginx-unprivileged - quay.io/nginx/nginx-unprivileged - tags: | - type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-perl - type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-perl - type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine-perl - type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}-perl - type=raw,value=${{ needs.version.outputs.major }}-alpine-perl - type=raw,value=${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }}-perl - type=raw,value=mainline-alpine-perl - type=raw,value=mainline-alpine${{ needs.version.outputs.distro }}-perl - type=raw,value=alpine-perl - type=raw,value=alpine${{ needs.version.outputs.distro }}-perl - - - name: Build and push NGINX mainline perl Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay - id: build - uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 - with: - platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/s390x - context: "{{ defaultContext }}:mainline/alpine-perl" - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - push: ${{ github.event_name != 'pull_request' }} - # cache-from: type=gha,scope=alpine-perl - # cache-to: type=gha,mode=min,scope=alpine-perl + - name: Create manifest list and push + working-directory: /tmp/digests + run: | + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf 'ghcr.io/nginxinc/nginx-unprivileged@sha256:%s ' *) - - name: Sign Docker Hub Manifest - if: ${{ github.event_name != 'pull_request' }} + - name: Inspect image run: | - set -ex - sudo apt update - sudo apt install -y notary - mkdir -p ~/.docker/trust/private - echo "$DOCKER_CONTENT_TRUST_REPOSITORY_KEY" > ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key - chmod 0400 ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key - docker trust key load ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key --name nginx - DIGEST=$(printf '${{ steps.build.outputs.metadata }}' | jq -r '."containerimage.descriptor".digest' | cut -d ':' -f2) - SIZE=$(printf '${{ steps.build.outputs.metadata }}' | jq -r '."containerimage.descriptor".size') - export NOTARY_AUTH=$(printf "${{ secrets.DOCKERHUB_USERNAME }}:${{ secrets.DOCKERHUB_TOKEN }}" | base64 -w0) - notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-perl $SIZE --sha256 $DIGEST --publish --verbose - notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-perl $SIZE --sha256 $DIGEST --publish --verbose - notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine-perl $SIZE --sha256 $DIGEST --publish --verbose - notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}-perl $SIZE --sha256 $DIGEST --publish --verbose - notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}-alpine-perl $SIZE --sha256 $DIGEST --publish --verbose - notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }}-perl $SIZE --sha256 $DIGEST --publish --verbose - notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged mainline-alpine-perl $SIZE --sha256 $DIGEST --publish --verbose - notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged mainline-alpine${{ needs.version.outputs.distro }}-perl $SIZE --sha256 $DIGEST --publish --verbose - notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged alpine-perl $SIZE --sha256 $DIGEST --publish --verbose - notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged alpine${{ needs.version.outputs.distro }}-perl $SIZE --sha256 $DIGEST --publish --verbose - env: - DOCKER_CONTENT_TRUST_REPOSITORY_KEY: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY }} - DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID }} - DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} - NOTARY_TARGETS_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} + docker buildx imagetools inspect ghcr.io/nginxinc/nginx-unprivileged:${{ steps.meta.outputs.version }} + + # - name: Sign Docker Hub Manifest + # if: ${{ github.event_name != 'pull_request' }} + # run: | + # set -ex + # sudo apt update + # sudo apt install -y notary + # mkdir -p ~/.docker/trust/private + # echo "$DOCKER_CONTENT_TRUST_REPOSITORY_KEY" > ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key + # chmod 0400 ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key + # docker trust key load ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key --name nginx + # DIGEST=$(printf '${{ steps.build.outputs.metadata }}' | jq -r '."containerimage.descriptor".digest' | cut -d ':' -f2) + # SIZE=$(printf '${{ steps.build.outputs.metadata }}' | jq -r '."containerimage.descriptor".size') + # export NOTARY_AUTH=$(printf "${{ secrets.DOCKERHUB_USERNAME }}:${{ secrets.DOCKERHUB_TOKEN }}" | base64 -w0) + # notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim $SIZE --sha256 $DIGEST --publish --verbose + # notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-slim $SIZE --sha256 $DIGEST --publish --verbose + # notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine-slim $SIZE --sha256 $DIGEST --publish --verbose + # notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}-slim $SIZE --sha256 $DIGEST --publish --verbose + # notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}-alpine-slim $SIZE --sha256 $DIGEST --publish --verbose + # notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }}-slim $SIZE --sha256 $DIGEST --publish --verbose + # notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged mainline-alpine-slim $SIZE --sha256 $DIGEST --publish --verbose + # notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged mainline-alpine${{ needs.version.outputs.distro }}-slim $SIZE --sha256 $DIGEST --publish --verbose + # notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged alpine-slim $SIZE --sha256 $DIGEST --publish --verbose + # notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged alpine${{ needs.version.outputs.distro }}-slim $SIZE --sha256 $DIGEST --publish --verbose + # env: + # DOCKER_CONTENT_TRUST_REPOSITORY_KEY: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY }} + # DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID }} + # DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} + # NOTARY_TARGETS_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} + + # core: + # name: Build Alpine NGINX mainline Docker image + # runs-on: ubuntu-22.04 + # strategy: + # fail-fast: false + # needs: [version, slim] + # steps: + # - name: Check out the codebase + # uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + # - name: Set up QEMU + # uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + + # - name: Set up Docker Buildx + # uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + + # - name: Configure AWS credentials + # if: ${{ github.event_name != 'pull_request' }} + # uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + # with: + # aws-region: ${{ secrets.AWS_REGION }} + # aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + # aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + + # - name: Login to Amazon ECR Public Gallery + # if: ${{ github.event_name != 'pull_request' }} + # uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + # with: + # registry: public.ecr.aws + + # - name: Login to Docker Hub + # if: ${{ github.event_name != 'pull_request' }} + # uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + # with: + # username: ${{ secrets.DOCKERHUB_USERNAME }} + # password: ${{ secrets.DOCKERHUB_TOKEN }} + + # - name: Login to GitHub Container Registry + # if: ${{ github.event_name != 'pull_request' }} + # uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + # with: + # registry: ghcr.io + # username: ${{ github.actor }} + # password: ${{ secrets.GITHUB_TOKEN }} + + # - name: Login to Quay + # if: ${{ github.event_name != 'pull_request' }} + # uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + # with: + # registry: quay.io + # username: ${{ secrets.QUAY_USERNAME }} + # password: ${{ secrets.QUAY_TOKEN }} + + # - name: Extract metadata (tags, labels) for Docker + # id: meta + # uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + # with: + # images: | + # docker.io/nginxinc/nginx-unprivileged + # ghcr.io/nginxinc/nginx-unprivileged + # public.ecr.aws/nginx/nginx-unprivileged + # quay.io/nginx/nginx-unprivileged + # tags: | + # type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine + # type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }} + # type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine + # type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }} + # type=raw,value=${{ needs.version.outputs.major }}-alpine + # type=raw,value=${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }} + # type=raw,value=mainline-alpine + # type=raw,value=mainline-alpine${{ needs.version.outputs.distro }} + # type=raw,value=alpine + # type=raw,value=alpine${{ needs.version.outputs.distro }} + + # - name: Build and push NGINX mainline Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay + # id: build + # uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 + # with: + # platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/s390x + # context: "{{ defaultContext }}:mainline/alpine" + # tags: ${{ steps.meta.outputs.tags }} + # labels: ${{ steps.meta.outputs.labels }} + # push: ${{ github.event_name != 'pull_request' }} + # # cache-from: type=gha,scope=debian-perl + # # cache-to: type=gha,mode=min,scope=debian-perl + + # - name: Sign Docker Hub Manifest + # if: ${{ github.event_name != 'pull_request' }} + # run: | + # set -ex + # sudo apt update + # sudo apt install -y notary + # mkdir -p ~/.docker/trust/private + # echo "$DOCKER_CONTENT_TRUST_REPOSITORY_KEY" > ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key + # chmod 0400 ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key + # docker trust key load ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key --name nginx + # DIGEST=$(printf '${{ steps.build.outputs.metadata }}' | jq -r '."containerimage.descriptor".digest' | cut -d ':' -f2) + # SIZE=$(printf '${{ steps.build.outputs.metadata }}' | jq -r '."containerimage.descriptor".size') + # export NOTARY_AUTH=$(printf "${{ secrets.DOCKERHUB_USERNAME }}:${{ secrets.DOCKERHUB_TOKEN }}" | base64 -w0) + # notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine $SIZE --sha256 $DIGEST --publish --verbose + # notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }} $SIZE --sha256 $DIGEST --publish --verbose + # notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine $SIZE --sha256 $DIGEST --publish --verbose + # notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }} $SIZE --sha256 $DIGEST --publish --verbose + # notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}-alpine $SIZE --sha256 $DIGEST --publish --verbose + # notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }} $SIZE --sha256 $DIGEST --publish --verbose + # notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged mainline-alpine $SIZE --sha256 $DIGEST --publish --verbose + # notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged mainline-alpine${{ needs.version.outputs.distro }} $SIZE --sha256 $DIGEST --publish --verbose + # notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged alpine $SIZE --sha256 $DIGEST --publish --verbose + # notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged alpine${{ needs.version.outputs.distro }} $SIZE --sha256 $DIGEST --publish --verbose + # env: + # DOCKER_CONTENT_TRUST_REPOSITORY_KEY: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY }} + # DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID }} + # DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} + # NOTARY_TARGETS_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} + + # perl: + # name: Build Alpine NGINX mainline perl Docker image + # runs-on: ubuntu-22.04 + # strategy: + # fail-fast: false + # needs: [version, core] + # steps: + # - name: Check out the codebase + # uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + # - name: Set up QEMU + # uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + + # - name: Set up Docker Buildx + # uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + + # - name: Configure AWS credentials + # if: ${{ github.event_name != 'pull_request' }} + # uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + # with: + # aws-region: ${{ secrets.AWS_REGION }} + # aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + # aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + + # - name: Login to Amazon ECR Public Gallery + # if: ${{ github.event_name != 'pull_request' }} + # uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + # with: + # registry: public.ecr.aws + + # - name: Login to Docker Hub + # if: ${{ github.event_name != 'pull_request' }} + # uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + # with: + # username: ${{ secrets.DOCKERHUB_USERNAME }} + # password: ${{ secrets.DOCKERHUB_TOKEN }} + + # - name: Login to GitHub Container Registry + # if: ${{ github.event_name != 'pull_request' }} + # uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + # with: + # registry: ghcr.io + # username: ${{ github.actor }} + # password: ${{ secrets.GITHUB_TOKEN }} + + # - name: Login to Quay + # if: ${{ github.event_name != 'pull_request' }} + # uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + # with: + # registry: quay.io + # username: ${{ secrets.QUAY_USERNAME }} + # password: ${{ secrets.QUAY_TOKEN }} + + # - name: Extract metadata (tags, labels) for Docker + # id: meta + # uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + # with: + # images: | + # docker.io/nginxinc/nginx-unprivileged + # ghcr.io/nginxinc/nginx-unprivileged + # public.ecr.aws/nginx/nginx-unprivileged + # quay.io/nginx/nginx-unprivileged + # tags: | + # type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-perl + # type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-perl + # type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine-perl + # type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}-perl + # type=raw,value=${{ needs.version.outputs.major }}-alpine-perl + # type=raw,value=${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }}-perl + # type=raw,value=mainline-alpine-perl + # type=raw,value=mainline-alpine${{ needs.version.outputs.distro }}-perl + # type=raw,value=alpine-perl + # type=raw,value=alpine${{ needs.version.outputs.distro }}-perl + + # - name: Build and push NGINX mainline perl Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay + # id: build + # uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 + # with: + # platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/s390x + # context: "{{ defaultContext }}:mainline/alpine-perl" + # tags: ${{ steps.meta.outputs.tags }} + # labels: ${{ steps.meta.outputs.labels }} + # push: ${{ github.event_name != 'pull_request' }} + # # cache-from: type=gha,scope=alpine-perl + # # cache-to: type=gha,mode=min,scope=alpine-perl + + # - name: Sign Docker Hub Manifest + # if: ${{ github.event_name != 'pull_request' }} + # run: | + # set -ex + # sudo apt update + # sudo apt install -y notary + # mkdir -p ~/.docker/trust/private + # echo "$DOCKER_CONTENT_TRUST_REPOSITORY_KEY" > ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key + # chmod 0400 ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key + # docker trust key load ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key --name nginx + # DIGEST=$(printf '${{ steps.build.outputs.metadata }}' | jq -r '."containerimage.descriptor".digest' | cut -d ':' -f2) + # SIZE=$(printf '${{ steps.build.outputs.metadata }}' | jq -r '."containerimage.descriptor".size') + # export NOTARY_AUTH=$(printf "${{ secrets.DOCKERHUB_USERNAME }}:${{ secrets.DOCKERHUB_TOKEN }}" | base64 -w0) + # notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-perl $SIZE --sha256 $DIGEST --publish --verbose + # notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-perl $SIZE --sha256 $DIGEST --publish --verbose + # notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine-perl $SIZE --sha256 $DIGEST --publish --verbose + # notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}-perl $SIZE --sha256 $DIGEST --publish --verbose + # notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}-alpine-perl $SIZE --sha256 $DIGEST --publish --verbose + # notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }}-perl $SIZE --sha256 $DIGEST --publish --verbose + # notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged mainline-alpine-perl $SIZE --sha256 $DIGEST --publish --verbose + # notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged mainline-alpine${{ needs.version.outputs.distro }}-perl $SIZE --sha256 $DIGEST --publish --verbose + # notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged alpine-perl $SIZE --sha256 $DIGEST --publish --verbose + # notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged alpine${{ needs.version.outputs.distro }}-perl $SIZE --sha256 $DIGEST --publish --verbose + # env: + # DOCKER_CONTENT_TRUST_REPOSITORY_KEY: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY }} + # DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID }} + # DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} + # NOTARY_TARGETS_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }} + + # cleanup: + # name: Delete untagged Alpine NGINX mainline Docker images on the Amazon ECR Public Gallery and the GitHub Container Registry + # if: ${{ github.event_name != 'pull_request' }} + # runs-on: ubuntu-22.04 + # strategy: + # fail-fast: false + # needs: [slim, core, perl] + # steps: + # - name: Check out the codebase + # uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + # - name: Configure AWS credentials + # uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + # with: + # aws-region: ${{ secrets.AWS_REGION }} + # aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + # aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + + # - name: Delete untagged Alpine NGINX mainline Docker images on the Amazon ECR Public Gallery + # run: | + # .github/workflows/scripts/delete-untagged-amazon-public-ecr-images.sh + + # - name: Delete untagged Alpine NGINX mainline Docker images on the GitHub Container Registry + # uses: stumpylog/image-cleaner-action/untagged@9255a1b3b8ca44b3e5887e2168155223b277ca1d # v0.5.0 + # with: + # is_org: true + # owner: nginxinc + # package_name: nginx-unprivileged + # do_delete: true + # token: ${{ secrets.GITHUB_TOKEN }} From 90ee573d776b4eb4d4e6b0dd7fab4fde0f612148 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Fri, 23 Feb 2024 21:45:33 +0100 Subject: [PATCH 02/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 332eeb0..a278bdc 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -92,16 +92,16 @@ jobs: images: | ghcr.io/nginxinc/nginx-unprivileged tags: | - type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim - type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-slim - type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine-slim - type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}-slim - type=raw,value=${{ needs.version.outputs.major }}-alpine-slim - type=raw,value=${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }}-slim - type=raw,value=mainline-alpine-slim - type=raw,value=mainline-alpine${{ needs.version.outputs.distro }}-slim - type=raw,value=alpine-slim - type=raw,value=alpine${{ needs.version.outputs.distro }}-slim + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim-test + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-slim-test + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine-slim-test + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}-slim-test + type=raw,value=${{ needs.version.outputs.major }}-alpine-slim-test + type=raw,value=${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }}-slim-test + type=raw,value=mainline-alpine-slim-test + type=raw,value=mainline-alpine${{ needs.version.outputs.distro }}-slim-test + type=raw,value=alpine-slim-test + type=raw,value=alpine${{ needs.version.outputs.distro }}-slim-test - name: Build and push NGINX mainline slim Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build From dbcf59aca802c094baa275737aa6b9d5e32c3e39 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Fri, 23 Feb 2024 22:53:46 +0100 Subject: [PATCH 03/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index a278bdc..dc88b9b 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -109,7 +109,7 @@ jobs: with: platforms: ${{ matrix.platform }} context: "{{ defaultContext }}:mainline/alpine-slim" - tags: ${{ steps.meta.outputs.tags }} + # tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} outputs: type=image,name=ghcr.io/nginxinc/nginx-unprivileged,push-by-digest=true,name-canonical=true,push=true # push: ${{ github.event_name != 'pull_request' }} From b64365d59d851de6626704e64c32921001b9523e Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Fri, 23 Feb 2024 23:22:26 +0100 Subject: [PATCH 04/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index dc88b9b..cf80f60 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -123,7 +123,7 @@ jobs: touch "/tmp/digests/${digest#sha256:}" - name: Upload digest - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: digests path: /tmp/digests/* @@ -138,9 +138,9 @@ jobs: - name: Download digests uses: actions/download-artifact@v4 with: + name: digests path: /tmp/digests - pattern: digests-* - merge-multiple: true + # merge-multiple: true - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 From 626f60a5e32bf7cb7212a4b22d6be650574b4cac Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Fri, 23 Feb 2024 23:30:22 +0100 Subject: [PATCH 05/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index cf80f60..1eb83ed 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -134,6 +134,7 @@ jobs: runs-on: ubuntu-latest needs: - slim + - version steps: - name: Download digests uses: actions/download-artifact@v4 @@ -145,11 +146,23 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Docker meta + - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: - images: ghcr.io/nginxinc/nginx-unprivileged + images: | + ghcr.io/nginxinc/nginx-unprivileged + tags: | + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim-test + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-slim-test + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine-slim-test + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}-slim-test + type=raw,value=${{ needs.version.outputs.major }}-alpine-slim-test + type=raw,value=${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }}-slim-test + type=raw,value=mainline-alpine-slim-test + type=raw,value=mainline-alpine${{ needs.version.outputs.distro }}-slim-test + type=raw,value=alpine-slim-test + type=raw,value=alpine${{ needs.version.outputs.distro }}-slim-test - name: Login to GitHub Container Registry # if: ${{ github.event_name != 'pull_request' }} From 957cf26a0891b049da5992ebe712c4e8834bbc6f Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Sat, 24 Feb 2024 00:16:25 +0100 Subject: [PATCH 06/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 1eb83ed..1ba53c0 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -123,7 +123,7 @@ jobs: touch "/tmp/digests/${digest#sha256:}" - name: Upload digest - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v3 with: name: digests path: /tmp/digests/* From 651255ce0e9c32a8ff5f0d4f4f7374a7d53b4859 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Sat, 24 Feb 2024 00:17:11 +0100 Subject: [PATCH 07/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 1ba53c0..d8ebfc3 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -137,7 +137,7 @@ jobs: - version steps: - name: Download digests - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v3 with: name: digests path: /tmp/digests From 1bc157a8cbbf19fcc9842160758323d2a187bd87 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Sat, 24 Feb 2024 00:19:18 +0100 Subject: [PATCH 08/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index d8ebfc3..9b8dc59 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -122,10 +122,15 @@ jobs: digest="${{ steps.build.outputs.digest }}" touch "/tmp/digests/${digest#sha256:}" + - name: Prepare env + run: | + platform=${{ matrix.platform }} + echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + - name: Upload digest - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: - name: digests + name: digests-${{ env.PLATFORM_PAIR }} path: /tmp/digests/* if-no-files-found: error retention-days: 1 @@ -137,11 +142,11 @@ jobs: - version steps: - name: Download digests - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: - name: digests + pattern: digests-* path: /tmp/digests - # merge-multiple: true + merge-multiple: true - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 From 817483d82f7c4e635e87f4b5cdd9cbb8d6b36697 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Mon, 26 Feb 2024 23:18:46 +0100 Subject: [PATCH 09/53] multiple hosts --- .github/workflows/alpine-mainline.yml | 54 ++++++++++++++++----------- 1 file changed, 33 insertions(+), 21 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 9b8dc59..1ab4fd1 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -62,12 +62,12 @@ jobs: # with: # registry: public.ecr.aws - # - name: Login to Docker Hub - # # if: ${{ github.event_name != 'pull_request' }} - # uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 - # with: - # username: ${{ secrets.DOCKERHUB_USERNAME }} - # password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Login to Docker Hub + # if: ${{ github.event_name != 'pull_request' }} + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry # if: ${{ github.event_name != 'pull_request' }} @@ -88,20 +88,21 @@ jobs: - name: Extract metadata (tags, labels) for Docker id: meta uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 - with: - images: | - ghcr.io/nginxinc/nginx-unprivileged - tags: | - type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim-test - type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-slim-test - type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine-slim-test - type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}-slim-test - type=raw,value=${{ needs.version.outputs.major }}-alpine-slim-test - type=raw,value=${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }}-slim-test - type=raw,value=mainline-alpine-slim-test - type=raw,value=mainline-alpine${{ needs.version.outputs.distro }}-slim-test - type=raw,value=alpine-slim-test - type=raw,value=alpine${{ needs.version.outputs.distro }}-slim-test + # with: + # images: | + # docker.io/nginxinc/nginx-unprivileged + # ghcr.io/nginxinc/nginx-unprivileged + # tags: | + # type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim-test + # type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-slim-test + # type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine-slim-test + # type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}-slim-test + # type=raw,value=${{ needs.version.outputs.major }}-alpine-slim-test + # type=raw,value=${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }}-slim-test + # type=raw,value=mainline-alpine-slim-test + # type=raw,value=mainline-alpine${{ needs.version.outputs.distro }}-slim-test + # type=raw,value=alpine-slim-test + # type=raw,value=alpine${{ needs.version.outputs.distro }}-slim-test - name: Build and push NGINX mainline slim Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build @@ -111,7 +112,7 @@ jobs: context: "{{ defaultContext }}:mainline/alpine-slim" # tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - outputs: type=image,name=ghcr.io/nginxinc/nginx-unprivileged,push-by-digest=true,name-canonical=true,push=true + outputs: type=image,name=ghcr.io/nginxinc/nginx-unprivileged,name=docker.io/nginxinc/nginx-unprivileged,push-by-digest=true,name-canonical=true,push=true # push: ${{ github.event_name != 'pull_request' }} # cache-from: type=gha,scope=alpine-slim # cache-to: type=gha,mode=min,scope=alpine-slim @@ -157,6 +158,7 @@ jobs: with: images: | ghcr.io/nginxinc/nginx-unprivileged + docker.io/nginxinc/nginx-unprivileged tags: | type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim-test type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-slim-test @@ -169,6 +171,13 @@ jobs: type=raw,value=alpine-slim-test type=raw,value=alpine${{ needs.version.outputs.distro }}-slim-test + - name: Login to Docker Hub + # if: ${{ github.event_name != 'pull_request' }} + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Login to GitHub Container Registry # if: ${{ github.event_name != 'pull_request' }} uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 @@ -182,10 +191,13 @@ jobs: run: | docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ $(printf 'ghcr.io/nginxinc/nginx-unprivileged@sha256:%s ' *) + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf 'docker.io/nginxinc/nginx-unprivileged@sha256:%s ' *) - name: Inspect image run: | docker buildx imagetools inspect ghcr.io/nginxinc/nginx-unprivileged:${{ steps.meta.outputs.version }} + docker buildx imagetools inspect docker.io/nginxinc/nginx-unprivileged:${{ steps.meta.outputs.version }} # - name: Sign Docker Hub Manifest # if: ${{ github.event_name != 'pull_request' }} From c61d15e9ccfd4ad62762fcdfc71d91761086e82b Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Mon, 26 Feb 2024 23:44:25 +0100 Subject: [PATCH 10/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 84c16f2..3d38ffd 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -112,7 +112,7 @@ jobs: context: "{{ defaultContext }}:mainline/alpine-slim" # tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - outputs: type=image,name=ghcr.io/nginxinc/nginx-unprivileged,name=docker.io/nginxinc/nginx-unprivileged,push-by-digest=true,name-canonical=true,push=true + outputs: type=image,"name=ghcr.io/nginxinc/nginx-unprivileged,name=docker.io/nginxinc/nginx-unprivileged",push-by-digest=true,name-canonical=true,push=true # push: ${{ github.event_name != 'pull_request' }} # cache-from: type=gha,scope=alpine-slim # cache-to: type=gha,mode=min,scope=alpine-slim @@ -189,10 +189,8 @@ jobs: - name: Create manifest list and push working-directory: /tmp/digests run: | - docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ - $(printf 'ghcr.io/nginxinc/nginx-unprivileged@sha256:%s ' *) - docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ - $(printf 'docker.io/nginxinc/nginx-unprivileged@sha256:%s ' *) + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $(printf 'ghcr.io/nginxinc/nginx-unprivileged@sha256:%s ' *) + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $(printf 'docker.io/nginxinc/nginx-unprivileged@sha256:%s ' *) - name: Inspect image run: | From 2757790643fde0013c46b27a0fd0e427e4d5c314 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Tue, 27 Feb 2024 00:01:45 +0100 Subject: [PATCH 11/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 3d38ffd..2ad4d5d 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -112,7 +112,7 @@ jobs: context: "{{ defaultContext }}:mainline/alpine-slim" # tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - outputs: type=image,"name=ghcr.io/nginxinc/nginx-unprivileged,name=docker.io/nginxinc/nginx-unprivileged",push-by-digest=true,name-canonical=true,push=true + outputs: type=image,\"name=ghcr.io/nginxinc/nginx-unprivileged,name=docker.io/nginxinc/nginx-unprivileged\",push-by-digest=true,name-canonical=true,push=true # push: ${{ github.event_name != 'pull_request' }} # cache-from: type=gha,scope=alpine-slim # cache-to: type=gha,mode=min,scope=alpine-slim From 0ed9a0d6268d3b1e1671524806da2c28321c29bd Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Tue, 27 Feb 2024 02:38:40 +0100 Subject: [PATCH 12/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 2ad4d5d..d1e18a2 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -112,7 +112,7 @@ jobs: context: "{{ defaultContext }}:mainline/alpine-slim" # tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - outputs: type=image,\"name=ghcr.io/nginxinc/nginx-unprivileged,name=docker.io/nginxinc/nginx-unprivileged\",push-by-digest=true,name-canonical=true,push=true + outputs: type=image,"name=ghcr.io/nginxinc/nginx-unprivileged,docker.io/nginxinc/nginx-unprivileged",push-by-digest=true,name-canonical=true,push=true # push: ${{ github.event_name != 'pull_request' }} # cache-from: type=gha,scope=alpine-slim # cache-to: type=gha,mode=min,scope=alpine-slim From 7f78bc739b892ac2b08642cf3e765aa40bb84ec8 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Tue, 27 Feb 2024 02:54:53 +0100 Subject: [PATCH 13/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index d1e18a2..bb4ae4b 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -112,7 +112,9 @@ jobs: context: "{{ defaultContext }}:mainline/alpine-slim" # tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - outputs: type=image,"name=ghcr.io/nginxinc/nginx-unprivileged,docker.io/nginxinc/nginx-unprivileged",push-by-digest=true,name-canonical=true,push=true + outputs: | + type=image,name=ghcr.io/nginxinc/nginx-unprivileged,push-by-digest=true,name-canonical=true,push=true + type=image,name=docker.io/nginxinc/nginx-unprivileged,push-by-digest=true,name-canonical=true,push=true # push: ${{ github.event_name != 'pull_request' }} # cache-from: type=gha,scope=alpine-slim # cache-to: type=gha,mode=min,scope=alpine-slim From 907a1c92f14d8a1702e2f790bb13474f589cd722 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Tue, 27 Feb 2024 02:57:32 +0100 Subject: [PATCH 14/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index bb4ae4b..14f2693 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -112,9 +112,7 @@ jobs: context: "{{ defaultContext }}:mainline/alpine-slim" # tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - outputs: | - type=image,name=ghcr.io/nginxinc/nginx-unprivileged,push-by-digest=true,name-canonical=true,push=true - type=image,name=docker.io/nginxinc/nginx-unprivileged,push-by-digest=true,name-canonical=true,push=true + outputs: type=image,name=ghcr.io/nginxinc/nginx-unprivileged,docker.io/nginxinc/nginx-unprivileged,push-by-digest=true,name-canonical=true,push=true # push: ${{ github.event_name != 'pull_request' }} # cache-from: type=gha,scope=alpine-slim # cache-to: type=gha,mode=min,scope=alpine-slim From 968d0d41d3465cac2dff423e8eda1b17fcd77342 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Tue, 27 Feb 2024 03:01:39 +0100 Subject: [PATCH 15/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 14f2693..d552aae 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -112,7 +112,7 @@ jobs: context: "{{ defaultContext }}:mainline/alpine-slim" # tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - outputs: type=image,name=ghcr.io/nginxinc/nginx-unprivileged,docker.io/nginxinc/nginx-unprivileged,push-by-digest=true,name-canonical=true,push=true + outputs: type=image,name=docker.io/nginxinc/nginx-unprivileged,push-by-digest=true,name-canonical=true,push=true # push: ${{ github.event_name != 'pull_request' }} # cache-from: type=gha,scope=alpine-slim # cache-to: type=gha,mode=min,scope=alpine-slim From 66d0945dd340100591d14118037ecad3704710c5 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Tue, 27 Feb 2024 03:02:42 +0100 Subject: [PATCH 16/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index d552aae..c4537e1 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -112,7 +112,7 @@ jobs: context: "{{ defaultContext }}:mainline/alpine-slim" # tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - outputs: type=image,name=docker.io/nginxinc/nginx-unprivileged,push-by-digest=true,name-canonical=true,push=true + outputs: type=image,name=docker.io/nginxinc/nginx-unprivileged,ghcr.io/nginxinc/nginx-unprivileged,push-by-digest=true,name-canonical=true,push=true # push: ${{ github.event_name != 'pull_request' }} # cache-from: type=gha,scope=alpine-slim # cache-to: type=gha,mode=min,scope=alpine-slim From 2abeaf26570d88beb5dacab343daa880cd448f81 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Wed, 28 Feb 2024 14:49:33 +0100 Subject: [PATCH 17/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index c4537e1..47b3cac 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -112,7 +112,7 @@ jobs: context: "{{ defaultContext }}:mainline/alpine-slim" # tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - outputs: type=image,name=docker.io/nginxinc/nginx-unprivileged,ghcr.io/nginxinc/nginx-unprivileged,push-by-digest=true,name-canonical=true,push=true + outputs: type=image,name='docker.io/nginxinc/nginx-unprivileged,ghcr.io/nginxinc/nginx-unprivileged',push-by-digest=true,name-canonical=true,push=true # push: ${{ github.event_name != 'pull_request' }} # cache-from: type=gha,scope=alpine-slim # cache-to: type=gha,mode=min,scope=alpine-slim From 306276b4edc9097a46f1b05afc604cebeac6acbb Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Wed, 28 Feb 2024 14:53:27 +0100 Subject: [PATCH 18/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 47b3cac..b2d30c0 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -112,7 +112,7 @@ jobs: context: "{{ defaultContext }}:mainline/alpine-slim" # tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - outputs: type=image,name='docker.io/nginxinc/nginx-unprivileged,ghcr.io/nginxinc/nginx-unprivileged',push-by-digest=true,name-canonical=true,push=true + outputs: type=image,name=\""docker.io/nginxinc/nginx-unprivileged,ghcr.io/nginxinc/nginx-unprivileged\"",push-by-digest=true,name-canonical=true,push=true # push: ${{ github.event_name != 'pull_request' }} # cache-from: type=gha,scope=alpine-slim # cache-to: type=gha,mode=min,scope=alpine-slim From 8dd102a6606f11d8e02a2270cfe01cae6f4627c0 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Wed, 28 Feb 2024 15:07:09 +0100 Subject: [PATCH 19/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index b2d30c0..5d4e467 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -112,7 +112,7 @@ jobs: context: "{{ defaultContext }}:mainline/alpine-slim" # tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - outputs: type=image,name=\""docker.io/nginxinc/nginx-unprivileged,ghcr.io/nginxinc/nginx-unprivileged\"",push-by-digest=true,name-canonical=true,push=true + outputs: type=image,name=test,push-by-digest=true,name-canonical=true,push=true # push: ${{ github.event_name != 'pull_request' }} # cache-from: type=gha,scope=alpine-slim # cache-to: type=gha,mode=min,scope=alpine-slim From ca4bff69e37f20e5d15158e6e147dd1e971bb4a7 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Wed, 28 Feb 2024 15:10:44 +0100 Subject: [PATCH 20/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 5d4e467..865c35d 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -112,7 +112,7 @@ jobs: context: "{{ defaultContext }}:mainline/alpine-slim" # tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - outputs: type=image,name=test,push-by-digest=true,name-canonical=true,push=true + outputs: type=image,name='"'docker.io/nginxinc/nginx-unprivileged,ghcr.io/nginxinc/nginx-unprivileged'"',push-by-digest=true,name-canonical=true,push=true # push: ${{ github.event_name != 'pull_request' }} # cache-from: type=gha,scope=alpine-slim # cache-to: type=gha,mode=min,scope=alpine-slim From 7f065009674a8b9773b33952f7eb8e431f9a9fbd Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Wed, 28 Feb 2024 15:51:30 +0100 Subject: [PATCH 21/53] update --- .github/workflows/alpine-mainline.yml | 2 +- .github/workflows/alpine-stable.yml | 2 +- .github/workflows/debian-mainline.yml | 2 +- .github/workflows/debian-stable.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 865c35d..64ad019 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -112,7 +112,7 @@ jobs: context: "{{ defaultContext }}:mainline/alpine-slim" # tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - outputs: type=image,name='"'docker.io/nginxinc/nginx-unprivileged,ghcr.io/nginxinc/nginx-unprivileged'"',push-by-digest=true,name-canonical=true,push=true + outputs: type=image,name=""docker.io/nginxinc/nginx-unprivileged,ghcr.io/nginxinc/nginx-unprivileged"",push-by-digest=true,name-canonical=true,push=true # push: ${{ github.event_name != 'pull_request' }} # cache-from: type=gha,scope=alpine-slim # cache-to: type=gha,mode=min,scope=alpine-slim diff --git a/.github/workflows/alpine-stable.yml b/.github/workflows/alpine-stable.yml index 40c3ee8..2bbd71f 100644 --- a/.github/workflows/alpine-stable.yml +++ b/.github/workflows/alpine-stable.yml @@ -1,7 +1,7 @@ --- name: Alpine Stable on: - pull_request: + # pull_request: schedule: - cron: "0 0 * * 1" workflow_dispatch: diff --git a/.github/workflows/debian-mainline.yml b/.github/workflows/debian-mainline.yml index 1100db8..932e039 100644 --- a/.github/workflows/debian-mainline.yml +++ b/.github/workflows/debian-mainline.yml @@ -1,7 +1,7 @@ --- name: Debian Mainline on: - pull_request: + # pull_request: schedule: - cron: "0 0 * * 1" workflow_dispatch: diff --git a/.github/workflows/debian-stable.yml b/.github/workflows/debian-stable.yml index adf1d26..5661684 100644 --- a/.github/workflows/debian-stable.yml +++ b/.github/workflows/debian-stable.yml @@ -1,7 +1,7 @@ --- name: Debian Stable on: - pull_request: + # pull_request: schedule: - cron: "0 0 * * 1" workflow_dispatch: From 52f82eca4502ac9687495edaa74b4236b40b6515 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Wed, 28 Feb 2024 15:55:17 +0100 Subject: [PATCH 22/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 34 +++++++++++++-------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 64ad019..ebb5476 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -88,21 +88,21 @@ jobs: - name: Extract metadata (annotations, labels, tags) for Docker id: meta uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 - # with: - # images: | - # docker.io/nginxinc/nginx-unprivileged - # ghcr.io/nginxinc/nginx-unprivileged - # tags: | - # type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim-test - # type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-slim-test - # type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine-slim-test - # type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}-slim-test - # type=raw,value=${{ needs.version.outputs.major }}-alpine-slim-test - # type=raw,value=${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }}-slim-test - # type=raw,value=mainline-alpine-slim-test - # type=raw,value=mainline-alpine${{ needs.version.outputs.distro }}-slim-test - # type=raw,value=alpine-slim-test - # type=raw,value=alpine${{ needs.version.outputs.distro }}-slim-test + with: + images: | + docker.io/nginxinc/nginx-unprivileged + ghcr.io/nginxinc/nginx-unprivileged + tags: | + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim-test + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-slim-test + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine-slim-test + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}-slim-test + type=raw,value=${{ needs.version.outputs.major }}-alpine-slim-test + type=raw,value=${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }}-slim-test + type=raw,value=mainline-alpine-slim-test + type=raw,value=mainline-alpine${{ needs.version.outputs.distro }}-slim-test + type=raw,value=alpine-slim-test + type=raw,value=alpine${{ needs.version.outputs.distro }}-slim-test - name: Build and push NGINX mainline slim Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build @@ -110,9 +110,9 @@ jobs: with: platforms: ${{ matrix.platform }} context: "{{ defaultContext }}:mainline/alpine-slim" - # tags: ${{ steps.meta.outputs.tags }} + tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - outputs: type=image,name=""docker.io/nginxinc/nginx-unprivileged,ghcr.io/nginxinc/nginx-unprivileged"",push-by-digest=true,name-canonical=true,push=true + outputs: type=image,push-by-digest=true,name-canonical=true,push=true # push: ${{ github.event_name != 'pull_request' }} # cache-from: type=gha,scope=alpine-slim # cache-to: type=gha,mode=min,scope=alpine-slim From 643759ac13f4b02fbb15af556a5a86d9535f6dcd Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Wed, 28 Feb 2024 17:58:41 +0100 Subject: [PATCH 23/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index ebb5476..8a3f544 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -92,17 +92,17 @@ jobs: images: | docker.io/nginxinc/nginx-unprivileged ghcr.io/nginxinc/nginx-unprivileged - tags: | - type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim-test - type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-slim-test - type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine-slim-test - type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}-slim-test - type=raw,value=${{ needs.version.outputs.major }}-alpine-slim-test - type=raw,value=${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }}-slim-test - type=raw,value=mainline-alpine-slim-test - type=raw,value=mainline-alpine${{ needs.version.outputs.distro }}-slim-test - type=raw,value=alpine-slim-test - type=raw,value=alpine${{ needs.version.outputs.distro }}-slim-test + # tags: | + # type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim-test + # type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-slim-test + # type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine-slim-test + # type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}-slim-test + # type=raw,value=${{ needs.version.outputs.major }}-alpine-slim-test + # type=raw,value=${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }}-slim-test + # type=raw,value=mainline-alpine-slim-test + # type=raw,value=mainline-alpine${{ needs.version.outputs.distro }}-slim-test + # type=raw,value=alpine-slim-test + # type=raw,value=alpine${{ needs.version.outputs.distro }}-slim-test - name: Build and push NGINX mainline slim Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build From edde250465ace0e8f4a9817f61765f65b36e1d25 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Wed, 28 Feb 2024 19:37:14 +0100 Subject: [PATCH 24/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 8a3f544..3f1c9c3 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -92,17 +92,17 @@ jobs: images: | docker.io/nginxinc/nginx-unprivileged ghcr.io/nginxinc/nginx-unprivileged - # tags: | - # type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim-test - # type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-slim-test - # type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine-slim-test - # type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}-slim-test - # type=raw,value=${{ needs.version.outputs.major }}-alpine-slim-test - # type=raw,value=${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }}-slim-test - # type=raw,value=mainline-alpine-slim-test - # type=raw,value=mainline-alpine${{ needs.version.outputs.distro }}-slim-test - # type=raw,value=alpine-slim-test - # type=raw,value=alpine${{ needs.version.outputs.distro }}-slim-test + tags: | + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim-test + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-slim-test + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine-slim-test + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}-slim-test + type=raw,value=${{ needs.version.outputs.major }}-alpine-slim-test + type=raw,value=${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }}-slim-test + type=raw,value=mainline-alpine-slim-test + type=raw,value=mainline-alpine${{ needs.version.outputs.distro }}-slim-test + type=raw,value=alpine-slim-test + type=raw,value=alpine${{ needs.version.outputs.distro }}-slim-test - name: Build and push NGINX mainline slim Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build @@ -110,9 +110,9 @@ jobs: with: platforms: ${{ matrix.platform }} context: "{{ defaultContext }}:mainline/alpine-slim" - tags: ${{ steps.meta.outputs.tags }} + # tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - outputs: type=image,push-by-digest=true,name-canonical=true,push=true + outputs: type=image,name=ghcr.io/nginxinc/nginx-unprivileged,push-by-digest=true,name-canonical=true,push=true # push: ${{ github.event_name != 'pull_request' }} # cache-from: type=gha,scope=alpine-slim # cache-to: type=gha,mode=min,scope=alpine-slim From 7c4bf9374c67c55096242542d554a9ece37e73c7 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Wed, 28 Feb 2024 20:59:26 +0100 Subject: [PATCH 25/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 3f1c9c3..e2b84d8 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -190,7 +190,6 @@ jobs: working-directory: /tmp/digests run: | docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $(printf 'ghcr.io/nginxinc/nginx-unprivileged@sha256:%s ' *) - docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $(printf 'docker.io/nginxinc/nginx-unprivileged@sha256:%s ' *) - name: Inspect image run: | From c5467012f220c51f9dd48e86691c88258505235e Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Wed, 28 Feb 2024 21:39:26 +0100 Subject: [PATCH 26/53] Don't run cleanup on failed workflow_run triggers --- .github/workflows/image-cleanup.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image-cleanup.yml b/.github/workflows/image-cleanup.yml index 615b9ea..9e9b5f2 100644 --- a/.github/workflows/image-cleanup.yml +++ b/.github/workflows/image-cleanup.yml @@ -8,7 +8,7 @@ on: jobs: cleanup: name: Delete untagged NGINX Unprivileged Docker images on the Amazon ECR Public Gallery and the GitHub Container Registry - # if: ${{ github.event_name != 'pull_request' }} + if: ${{ github.event.workflow_run.conclusion == 'success' }} runs-on: ubuntu-22.04 strategy: fail-fast: false From 7a1409e9b9396dde1419fde9673564c867b32c46 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Wed, 28 Feb 2024 23:47:14 +0100 Subject: [PATCH 27/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index e2b84d8..f2083d7 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -112,7 +112,7 @@ jobs: context: "{{ defaultContext }}:mainline/alpine-slim" # tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - outputs: type=image,name=ghcr.io/nginxinc/nginx-unprivileged,push-by-digest=true,name-canonical=true,push=true + outputs: type=image,name="ghcr.io/nginxinc/nginx-unprivileged,docker.io/nginxinc/nginx-unprivileged",push-by-digest=true,name-canonical=true,push=true # push: ${{ github.event_name != 'pull_request' }} # cache-from: type=gha,scope=alpine-slim # cache-to: type=gha,mode=min,scope=alpine-slim @@ -158,7 +158,7 @@ jobs: with: images: | ghcr.io/nginxinc/nginx-unprivileged - docker.io/nginxinc/nginx-unprivileged + # docker.io/nginxinc/nginx-unprivileged tags: | type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim-test type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-slim-test From 4d3b6290e104adc0da10403a0dcbf10034b85e9f Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Thu, 29 Feb 2024 00:04:36 +0100 Subject: [PATCH 28/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index f2083d7..9c404ce 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -112,7 +112,7 @@ jobs: context: "{{ defaultContext }}:mainline/alpine-slim" # tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - outputs: type=image,name="ghcr.io/nginxinc/nginx-unprivileged,docker.io/nginxinc/nginx-unprivileged",push-by-digest=true,name-canonical=true,push=true + outputs: "type=image,name=""ghcr.io/nginxinc/nginx-unprivileged,docker.io/nginxinc/nginx-unprivileged"",push-by-digest=true,name-canonical=true,push=true" # push: ${{ github.event_name != 'pull_request' }} # cache-from: type=gha,scope=alpine-slim # cache-to: type=gha,mode=min,scope=alpine-slim From c6a8300f2b077edb7dcfaee94105deab7f914519 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Thu, 29 Feb 2024 00:06:11 +0100 Subject: [PATCH 29/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 9c404ce..dfa1350 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -112,7 +112,8 @@ jobs: context: "{{ defaultContext }}:mainline/alpine-slim" # tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - outputs: "type=image,name=""ghcr.io/nginxinc/nginx-unprivileged,docker.io/nginxinc/nginx-unprivileged"",push-by-digest=true,name-canonical=true,push=true" + outputs: | + "type=image,name=""ghcr.io/nginxinc/nginx-unprivileged,docker.io/nginxinc/nginx-unprivileged"",push-by-digest=true,name-canonical=true,push=true" # push: ${{ github.event_name != 'pull_request' }} # cache-from: type=gha,scope=alpine-slim # cache-to: type=gha,mode=min,scope=alpine-slim From e30e6f75251bc2bb47150beb0ce5941b43b3f96a Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Thu, 29 Feb 2024 00:26:42 +0100 Subject: [PATCH 30/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index dfa1350..e2b84d8 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -112,8 +112,7 @@ jobs: context: "{{ defaultContext }}:mainline/alpine-slim" # tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - outputs: | - "type=image,name=""ghcr.io/nginxinc/nginx-unprivileged,docker.io/nginxinc/nginx-unprivileged"",push-by-digest=true,name-canonical=true,push=true" + outputs: type=image,name=ghcr.io/nginxinc/nginx-unprivileged,push-by-digest=true,name-canonical=true,push=true # push: ${{ github.event_name != 'pull_request' }} # cache-from: type=gha,scope=alpine-slim # cache-to: type=gha,mode=min,scope=alpine-slim @@ -159,7 +158,7 @@ jobs: with: images: | ghcr.io/nginxinc/nginx-unprivileged - # docker.io/nginxinc/nginx-unprivileged + docker.io/nginxinc/nginx-unprivileged tags: | type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim-test type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-slim-test From a52242b1ec33baa13a9c1659e54be90a666911d9 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Thu, 29 Feb 2024 00:49:46 +0100 Subject: [PATCH 31/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index e2b84d8..373977e 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -157,7 +157,7 @@ jobs: uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: images: | - ghcr.io/nginxinc/nginx-unprivileged + # ghcr.io/nginxinc/nginx-unprivileged docker.io/nginxinc/nginx-unprivileged tags: | type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim-test From faeebfa6951d9a64c3b7ca8fa9840b599ca388f6 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Thu, 29 Feb 2024 00:50:51 +0100 Subject: [PATCH 32/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 373977e..e2b84d8 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -157,7 +157,7 @@ jobs: uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: images: | - # ghcr.io/nginxinc/nginx-unprivileged + ghcr.io/nginxinc/nginx-unprivileged docker.io/nginxinc/nginx-unprivileged tags: | type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim-test From 6fa2b8bfb90f64fc86312991c24e0557af16dada Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Thu, 29 Feb 2024 01:15:05 +0100 Subject: [PATCH 33/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index e2b84d8..373977e 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -157,7 +157,7 @@ jobs: uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: images: | - ghcr.io/nginxinc/nginx-unprivileged + # ghcr.io/nginxinc/nginx-unprivileged docker.io/nginxinc/nginx-unprivileged tags: | type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim-test From 3dd15bd74b6ce33606a482d4a6dcd5aa6eec2155 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Thu, 29 Feb 2024 17:13:50 +0100 Subject: [PATCH 34/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 31 ++++++++++++++++++++++----- 1 file changed, 26 insertions(+), 5 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 373977e..7270118 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -90,7 +90,6 @@ jobs: uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: images: | - docker.io/nginxinc/nginx-unprivileged ghcr.io/nginxinc/nginx-unprivileged tags: | type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim-test @@ -157,8 +156,7 @@ jobs: uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: images: | - # ghcr.io/nginxinc/nginx-unprivileged - docker.io/nginxinc/nginx-unprivileged + ghcr.io/nginxinc/nginx-unprivileged tags: | type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim-test type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-slim-test @@ -191,10 +189,33 @@ jobs: run: | docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $(printf 'ghcr.io/nginxinc/nginx-unprivileged@sha256:%s ' *) + - name: Extract metadata (annotations, labels, tags) for Docker + id: meta2 + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + with: + images: | + docker.io/nginxinc/nginx-unprivileged + tags: | + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim-test + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-slim-test + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine-slim-test + type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}-slim-test + type=raw,value=${{ needs.version.outputs.major }}-alpine-slim-test + type=raw,value=${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }}-slim-test + type=raw,value=mainline-alpine-slim-test + type=raw,value=mainline-alpine${{ needs.version.outputs.distro }}-slim-test + type=raw,value=alpine-slim-test + type=raw,value=alpine${{ needs.version.outputs.distro }}-slim-test + + - name: Create manifest list and push 2 + working-directory: /tmp/digests + run: | + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") ghcr.io/nginxinc/nginx-unprivileged:alpine-slim-test + - name: Inspect image run: | - docker buildx imagetools inspect ghcr.io/nginxinc/nginx-unprivileged:${{ steps.meta.outputs.version }} - docker buildx imagetools inspect docker.io/nginxinc/nginx-unprivileged:${{ steps.meta.outputs.version }} + docker buildx imagetools inspect ghcr.io/nginxinc/nginx-unprivileged:alpine-slim-test + docker buildx imagetools inspect docker.io/nginxinc/nginx-unprivileged:alpine-slim-test # - name: Sign Docker Hub Manifest # if: ${{ github.event_name != 'pull_request' }} From b786b26b5619712dc14b9de1cab2a76e0def52f6 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Fri, 1 Mar 2024 00:54:51 +0100 Subject: [PATCH 35/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 7270118..ca33182 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -187,6 +187,7 @@ jobs: - name: Create manifest list and push working-directory: /tmp/digests run: | + set -x docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $(printf 'ghcr.io/nginxinc/nginx-unprivileged@sha256:%s ' *) - name: Extract metadata (annotations, labels, tags) for Docker @@ -194,7 +195,7 @@ jobs: uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: images: | - docker.io/nginxinc/nginx-unprivileged + nginxinc/nginx-unprivileged tags: | type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim-test type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-slim-test @@ -210,12 +211,13 @@ jobs: - name: Create manifest list and push 2 working-directory: /tmp/digests run: | + set -x docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") ghcr.io/nginxinc/nginx-unprivileged:alpine-slim-test - name: Inspect image run: | docker buildx imagetools inspect ghcr.io/nginxinc/nginx-unprivileged:alpine-slim-test - docker buildx imagetools inspect docker.io/nginxinc/nginx-unprivileged:alpine-slim-test + docker buildx imagetools inspect nginxinc/nginx-unprivileged:alpine-slim-test # - name: Sign Docker Hub Manifest # if: ${{ github.event_name != 'pull_request' }} From 8e03353cfcbe5b42f883b25b2cc0ff42f25ed450 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Fri, 1 Mar 2024 11:55:37 +0100 Subject: [PATCH 36/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 28 +++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index ca33182..8201e28 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -69,13 +69,13 @@ jobs: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Login to GitHub Container Registry - # if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} + # - name: Login to GitHub Container Registry + # # if: ${{ github.event_name != 'pull_request' }} + # uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + # with: + # registry: ghcr.io + # username: ${{ github.actor }} + # password: ${{ secrets.GITHUB_TOKEN }} # - name: Login to Quay # if: ${{ github.event_name != 'pull_request' }} @@ -90,7 +90,7 @@ jobs: uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: images: | - ghcr.io/nginxinc/nginx-unprivileged + docker.io/nginxinc/nginx-unprivileged tags: | type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim-test type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-slim-test @@ -111,7 +111,7 @@ jobs: context: "{{ defaultContext }}:mainline/alpine-slim" # tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - outputs: type=image,name=ghcr.io/nginxinc/nginx-unprivileged,push-by-digest=true,name-canonical=true,push=true + outputs: type=image,name=docker.io/nginxinc/nginx-unprivileged,push-by-digest=true,name-canonical=true,push=true # push: ${{ github.event_name != 'pull_request' }} # cache-from: type=gha,scope=alpine-slim # cache-to: type=gha,mode=min,scope=alpine-slim @@ -156,7 +156,7 @@ jobs: uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: images: | - ghcr.io/nginxinc/nginx-unprivileged + docker.io/nginxinc/nginx-unprivileged tags: | type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim-test type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-slim-test @@ -188,14 +188,14 @@ jobs: working-directory: /tmp/digests run: | set -x - docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $(printf 'ghcr.io/nginxinc/nginx-unprivileged@sha256:%s ' *) + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $(printf 'docker.io/nginxinc/nginx-unprivileged@sha256:%s ' *) - name: Extract metadata (annotations, labels, tags) for Docker id: meta2 uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: images: | - nginxinc/nginx-unprivileged + ghcr.io/nginxinc/nginx-unprivileged tags: | type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim-test type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-slim-test @@ -212,12 +212,12 @@ jobs: working-directory: /tmp/digests run: | set -x - docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") ghcr.io/nginxinc/nginx-unprivileged:alpine-slim-test + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") docker.io/nginxinc/nginx-unprivileged:alpine-slim-test - name: Inspect image run: | docker buildx imagetools inspect ghcr.io/nginxinc/nginx-unprivileged:alpine-slim-test - docker buildx imagetools inspect nginxinc/nginx-unprivileged:alpine-slim-test + docker buildx imagetools inspect docker.nginxinc/nginx-unprivileged:alpine-slim-test # - name: Sign Docker Hub Manifest # if: ${{ github.event_name != 'pull_request' }} From 0a54d709020ff16ac2891c0ca2ca38231c6decea Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Fri, 1 Mar 2024 13:42:39 +0100 Subject: [PATCH 37/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 8201e28..03930e5 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -150,6 +150,8 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + with: + version: https://github.com/docker/buildx.git#5723ceefb6a52e16339acfed86871ffdabf240a7 - name: Extract metadata (annotations, labels, tags) for Docker id: meta From d7bed2b97b83371b485a08fd3414581a679db991 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Fri, 1 Mar 2024 14:13:48 +0100 Subject: [PATCH 38/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 03930e5..685c96a 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -151,7 +151,7 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 with: - version: https://github.com/docker/buildx.git#5723ceefb6a52e16339acfed86871ffdabf240a7 + version: https://github.com/docker/buildx.git#e273a53c88832df6dceebd727a259cae2fd5be88 - name: Extract metadata (annotations, labels, tags) for Docker id: meta From 08f76a127a607442ef0e53de69101cbaef3b15ef Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Fri, 1 Mar 2024 14:14:04 +0100 Subject: [PATCH 39/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 685c96a..bd1e130 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -47,6 +47,8 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + with: + version: https://github.com/docker/buildx.git#e273a53c88832df6dceebd727a259cae2fd5be88 # - name: Configure AWS credentials # if: ${{ github.event_name != 'pull_request' }} From c5cee4f777b08df25a804ee300120edc18a1cd0e Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Fri, 8 Mar 2024 12:22:47 +0100 Subject: [PATCH 40/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 77 ++++++++++++++------------- 1 file changed, 39 insertions(+), 38 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index bd1e130..bfa7267 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -64,20 +64,20 @@ jobs: # with: # registry: public.ecr.aws - - name: Login to Docker Hub - # if: ${{ github.event_name != 'pull_request' }} - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - # - name: Login to GitHub Container Registry + # - name: Login to Docker Hub # # if: ${{ github.event_name != 'pull_request' }} # uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 # with: - # registry: ghcr.io - # username: ${{ github.actor }} - # password: ${{ secrets.GITHUB_TOKEN }} + # username: ${{ secrets.DOCKERHUB_USERNAME }} + # password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Login to GitHub Container Registry + # if: ${{ github.event_name != 'pull_request' }} + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} # - name: Login to Quay # if: ${{ github.event_name != 'pull_request' }} @@ -92,7 +92,7 @@ jobs: uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: images: | - docker.io/nginxinc/nginx-unprivileged + ghcr.io/nginxinc/nginx-unprivileged tags: | type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim-test type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-slim-test @@ -107,13 +107,13 @@ jobs: - name: Build and push NGINX mainline slim Alpine image to Amazon ECR Public Gallery, Docker Hub, GitHub Container Registry, and Quay id: build - uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 + uses: docker/build-push-action@af5a7ed5ba88268d5278f7203fb52cd833f66d6e # v5.2.0 with: platforms: ${{ matrix.platform }} context: "{{ defaultContext }}:mainline/alpine-slim" # tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - outputs: type=image,name=docker.io/nginxinc/nginx-unprivileged,push-by-digest=true,name-canonical=true,push=true + outputs: type=image,"name=ghcr.io/nginxinc/nginx-unprivileged,docker.io/nginxinc/nginx-unprivileged",push-by-digest=true,name-canonical=true,push=true # push: ${{ github.event_name != 'pull_request' }} # cache-from: type=gha,scope=alpine-slim # cache-to: type=gha,mode=min,scope=alpine-slim @@ -160,6 +160,7 @@ jobs: uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: images: | + ghcr.io/nginxinc/nginx-unprivileged docker.io/nginxinc/nginx-unprivileged tags: | type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim-test @@ -192,31 +193,31 @@ jobs: working-directory: /tmp/digests run: | set -x - docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $(printf 'docker.io/nginxinc/nginx-unprivileged@sha256:%s ' *) - - - name: Extract metadata (annotations, labels, tags) for Docker - id: meta2 - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 - with: - images: | - ghcr.io/nginxinc/nginx-unprivileged - tags: | - type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim-test - type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-slim-test - type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine-slim-test - type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}-slim-test - type=raw,value=${{ needs.version.outputs.major }}-alpine-slim-test - type=raw,value=${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }}-slim-test - type=raw,value=mainline-alpine-slim-test - type=raw,value=mainline-alpine${{ needs.version.outputs.distro }}-slim-test - type=raw,value=alpine-slim-test - type=raw,value=alpine${{ needs.version.outputs.distro }}-slim-test + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $(printf 'ghcr.io/nginxinc/nginx-unprivileged@sha256:%s ' *) - - name: Create manifest list and push 2 - working-directory: /tmp/digests - run: | - set -x - docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") docker.io/nginxinc/nginx-unprivileged:alpine-slim-test + # - name: Extract metadata (annotations, labels, tags) for Docker + # id: meta2 + # uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + # with: + # images: | + # ghcr.io/nginxinc/nginx-unprivileged + # tags: | + # type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim-test + # type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-slim-test + # type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine-slim-test + # type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}-slim-test + # type=raw,value=${{ needs.version.outputs.major }}-alpine-slim-test + # type=raw,value=${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }}-slim-test + # type=raw,value=mainline-alpine-slim-test + # type=raw,value=mainline-alpine${{ needs.version.outputs.distro }}-slim-test + # type=raw,value=alpine-slim-test + # type=raw,value=alpine${{ needs.version.outputs.distro }}-slim-test + + # - name: Create manifest list and push 2 + # working-directory: /tmp/digests + # run: | + # set -x + # docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") docker.io/nginxinc/nginx-unprivileged:alpine-slim-test - name: Inspect image run: | From 5c8a7c162c2a36e25ec1a2d1addcf7e796f6fe88 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Fri, 8 Mar 2024 12:46:24 +0100 Subject: [PATCH 41/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index bfa7267..bd40856 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -46,7 +46,7 @@ jobs: uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0 with: version: https://github.com/docker/buildx.git#e273a53c88832df6dceebd727a259cae2fd5be88 @@ -266,8 +266,8 @@ jobs: # - name: Set up QEMU # uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 - # - name: Set up Docker Buildx - # uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + # - name: Set up Docker Buildx + # uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0 # - name: Configure AWS credentials # if: ${{ github.event_name != 'pull_request' }} @@ -381,8 +381,8 @@ jobs: # - name: Set up QEMU # uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 - # - name: Set up Docker Buildx - # uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + # - name: Set up Docker Buildx + # uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0 # - name: Configure AWS credentials # if: ${{ github.event_name != 'pull_request' }} From a326355ae703e0b2bed99d195339ae73a3dfb16b Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Fri, 8 Mar 2024 12:52:40 +0100 Subject: [PATCH 42/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index bd40856..10d47b7 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -64,12 +64,12 @@ jobs: # with: # registry: public.ecr.aws - # - name: Login to Docker Hub - # # if: ${{ github.event_name != 'pull_request' }} - # uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 - # with: - # username: ${{ secrets.DOCKERHUB_USERNAME }} - # password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Login to Docker Hub + # if: ${{ github.event_name != 'pull_request' }} + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry # if: ${{ github.event_name != 'pull_request' }} From 886a4c53227414a4b2b979af5bfe36feacea07d7 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Fri, 8 Mar 2024 13:13:03 +0100 Subject: [PATCH 43/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 10d47b7..6b80edf 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -222,7 +222,7 @@ jobs: - name: Inspect image run: | docker buildx imagetools inspect ghcr.io/nginxinc/nginx-unprivileged:alpine-slim-test - docker buildx imagetools inspect docker.nginxinc/nginx-unprivileged:alpine-slim-test + docker buildx imagetools inspect docker.io/nginx-unprivileged:alpine-slim-test # - name: Sign Docker Hub Manifest # if: ${{ github.event_name != 'pull_request' }} From c797d41bd7c73dd6d61af7b43a43040a6e8c66f9 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Fri, 8 Mar 2024 13:40:41 +0100 Subject: [PATCH 44/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 6b80edf..86452de 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -222,7 +222,7 @@ jobs: - name: Inspect image run: | docker buildx imagetools inspect ghcr.io/nginxinc/nginx-unprivileged:alpine-slim-test - docker buildx imagetools inspect docker.io/nginx-unprivileged:alpine-slim-test + docker buildx imagetools inspect docker.io/nginxinc/nginx-unprivileged:alpine-slim-test # - name: Sign Docker Hub Manifest # if: ${{ github.event_name != 'pull_request' }} From ed32d32ae71ea63ad4cf9f5e8a901c8d06ec042a Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Fri, 8 Mar 2024 14:23:43 +0100 Subject: [PATCH 45/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 28 ++------------------------- 1 file changed, 2 insertions(+), 26 deletions(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 86452de..85cdce0 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -111,8 +111,8 @@ jobs: with: platforms: ${{ matrix.platform }} context: "{{ defaultContext }}:mainline/alpine-slim" - # tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} + annotations: ${{ steps.meta.outputs.annotations }} outputs: type=image,"name=ghcr.io/nginxinc/nginx-unprivileged,docker.io/nginxinc/nginx-unprivileged",push-by-digest=true,name-canonical=true,push=true # push: ${{ github.event_name != 'pull_request' }} # cache-from: type=gha,scope=alpine-slim @@ -193,31 +193,7 @@ jobs: working-directory: /tmp/digests run: | set -x - docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $(printf 'ghcr.io/nginxinc/nginx-unprivileged@sha256:%s ' *) - - # - name: Extract metadata (annotations, labels, tags) for Docker - # id: meta2 - # uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 - # with: - # images: | - # ghcr.io/nginxinc/nginx-unprivileged - # tags: | - # type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim-test - # type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-slim-test - # type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine-slim-test - # type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}-slim-test - # type=raw,value=${{ needs.version.outputs.major }}-alpine-slim-test - # type=raw,value=${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }}-slim-test - # type=raw,value=mainline-alpine-slim-test - # type=raw,value=mainline-alpine${{ needs.version.outputs.distro }}-slim-test - # type=raw,value=alpine-slim-test - # type=raw,value=alpine${{ needs.version.outputs.distro }}-slim-test - - # - name: Create manifest list and push 2 - # working-directory: /tmp/digests - # run: | - # set -x - # docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") docker.io/nginxinc/nginx-unprivileged:alpine-slim-test + docker buildx imagetools create --annotation ${{ steps.meta.outputs.annotations }} $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $(printf 'ghcr.io/nginxinc/nginx-unprivileged@sha256:%s ' *) - name: Inspect image run: | From b86f7e0e1e493eb506d43f0a532cb787862d9635 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Fri, 8 Mar 2024 16:28:19 +0100 Subject: [PATCH 46/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 85cdce0..cb00597 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -193,7 +193,7 @@ jobs: working-directory: /tmp/digests run: | set -x - docker buildx imagetools create --annotation ${{ steps.meta.outputs.annotations }} $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $(printf 'ghcr.io/nginxinc/nginx-unprivileged@sha256:%s ' *) + docker buildx imagetools create $(jq -cr '.annotations | map("--annotations " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $(printf 'ghcr.io/nginxinc/nginx-unprivileged@sha256:%s ' *) - name: Inspect image run: | From 6db502d6c651e2ed12b9cc5ae55c34b68f8f96cf Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Fri, 8 Mar 2024 17:09:24 +0100 Subject: [PATCH 47/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index cb00597..3446676 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -193,7 +193,7 @@ jobs: working-directory: /tmp/digests run: | set -x - docker buildx imagetools create $(jq -cr '.annotations | map("--annotations " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $(printf 'ghcr.io/nginxinc/nginx-unprivileged@sha256:%s ' *) + docker buildx imagetools create $(jq -cr '.annotations | map("--annotation " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $(printf 'ghcr.io/nginxinc/nginx-unprivileged@sha256:%s ' *) - name: Inspect image run: | From 4b016370c79569c3161ae40d135682fa0aaea008 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Fri, 8 Mar 2024 18:01:51 +0100 Subject: [PATCH 48/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 3446676..8aa4d5e 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -193,7 +193,7 @@ jobs: working-directory: /tmp/digests run: | set -x - docker buildx imagetools create $(jq -cr '.annotations | map("--annotation " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $(printf 'ghcr.io/nginxinc/nginx-unprivileged@sha256:%s ' *) + docker buildx imagetools create $(jq -cr '.annotations | map("--annotation \"" + . + "\"") | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $(printf 'ghcr.io/nginxinc/nginx-unprivileged@sha256:%s ' *) - name: Inspect image run: | From 6de251ae637d7e17f2e4a1dfe67e70a15e93990a Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Fri, 8 Mar 2024 20:02:57 +0100 Subject: [PATCH 49/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 8aa4d5e..5029563 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -193,7 +193,7 @@ jobs: working-directory: /tmp/digests run: | set -x - docker buildx imagetools create $(jq -cr '.annotations | map("--annotation \"" + . + "\"") | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $(printf 'ghcr.io/nginxinc/nginx-unprivileged@sha256:%s ' *) + docker buildx imagetools create $(jq -cr '.annotations | map((split("=")[0] + "=\"" + split("=")[1] + "\"") | "--annotation " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $(printf 'ghcr.io/nginxinc/nginx-unprivileged@sha256:%s ' *) - name: Inspect image run: | From d6457d7d93807bc1f95901f40a8258a2626a2e5a Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Sat, 9 Mar 2024 01:15:54 +0100 Subject: [PATCH 50/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 5029563..fc73375 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -193,7 +193,9 @@ jobs: working-directory: /tmp/digests run: | set -x - docker buildx imagetools create $(jq -cr '.annotations | map((split("=")[0] + "=\"" + split("=")[1] + "\"") | "--annotation " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $(printf 'ghcr.io/nginxinc/nginx-unprivileged@sha256:%s ' *) + annotations=$(jq -cr '.annotations | map((split("=")[0] + "=\"" + split("=")[1] + "\"") | "--annotation " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") + tags=$(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") + docker buildx imagetools create $(cat $annotations) $(cat $tags) $(printf 'ghcr.io/nginxinc/nginx-unprivileged@sha256:%s ' *) - name: Inspect image run: | From 1fe4d5e1602d736c737297a8b612775d3eb18184 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Sat, 9 Mar 2024 13:50:20 +0100 Subject: [PATCH 51/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index fc73375..31cedce 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -195,7 +195,7 @@ jobs: set -x annotations=$(jq -cr '.annotations | map((split("=")[0] + "=\"" + split("=")[1] + "\"") | "--annotation " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") tags=$(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") - docker buildx imagetools create $(cat $annotations) $(cat $tags) $(printf 'ghcr.io/nginxinc/nginx-unprivileged@sha256:%s ' *) + docker buildx imagetools create $(echo $annotations) $(echo $tags) $(printf 'ghcr.io/nginxinc/nginx-unprivileged@sha256:%s ' *) - name: Inspect image run: | From 4eaa394a1ae9dabdf7abb7b690a599a54d16d424 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Sat, 9 Mar 2024 13:50:51 +0100 Subject: [PATCH 52/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index 31cedce..d383051 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -195,7 +195,7 @@ jobs: set -x annotations=$(jq -cr '.annotations | map((split("=")[0] + "=\"" + split("=")[1] + "\"") | "--annotation " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") tags=$(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") - docker buildx imagetools create $(echo $annotations) $(echo $tags) $(printf 'ghcr.io/nginxinc/nginx-unprivileged@sha256:%s ' *) + docker buildx imagetools create $annotations $tags $(printf 'ghcr.io/nginxinc/nginx-unprivileged@sha256:%s ' *) - name: Inspect image run: | From 51df98777c73862fcde97993f83b941532afc7f7 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Wed, 13 Mar 2024 21:42:19 +0100 Subject: [PATCH 53/53] Update alpine-mainline.yml --- .github/workflows/alpine-mainline.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/alpine-mainline.yml b/.github/workflows/alpine-mainline.yml index d383051..fe151dd 100644 --- a/.github/workflows/alpine-mainline.yml +++ b/.github/workflows/alpine-mainline.yml @@ -173,6 +173,8 @@ jobs: type=raw,value=mainline-alpine${{ needs.version.outputs.distro }}-slim-test type=raw,value=alpine-slim-test type=raw,value=alpine${{ needs.version.outputs.distro }}-slim-test + env: + DOCKER_METADATA_ANNOTATIONS_LEVELS: index - name: Login to Docker Hub # if: ${{ github.event_name != 'pull_request' }} @@ -195,7 +197,7 @@ jobs: set -x annotations=$(jq -cr '.annotations | map((split("=")[0] + "=\"" + split("=")[1] + "\"") | "--annotation " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") tags=$(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") - docker buildx imagetools create $annotations $tags $(printf 'ghcr.io/nginxinc/nginx-unprivileged@sha256:%s ' *) + eval "docker buildx imagetools create $annotations $tags $(printf 'ghcr.io/nginxinc/nginx-unprivileged@sha256:%s ' *)" - name: Inspect image run: |