-
Notifications
You must be signed in to change notification settings - Fork 25
add: github action to publish docker image #784
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,87 @@ | ||
| name: Build and Push Docker Image | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
| inputs: | ||
| tag_version: | ||
| description: 'Docker image tag version (e.g., 3.3.11)' | ||
| required: true | ||
|
|
||
| env: | ||
| DOCKER_IMAGE_NAME: elevate-user # Configure your image name here | ||
| DOCKER_REGISTRY: docker.io | ||
| DOCKER_NAMESPACE: shikshalokamqa | ||
|
|
||
| jobs: | ||
| docker-image-build-and-push: | ||
| if: github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/docker-image' | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
|
|
||
| - name: Login to Docker Hub | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
| password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
|
|
||
| - name: Get Docker tag version (fail if not provided) | ||
| id: get-version | ||
| run: | | ||
| # Use workflow_dispatch input if provided | ||
| if [ ! -z "${{ github.event.inputs.tag_version }}" ]; then | ||
| VERSION="${{ github.event.inputs.tag_version }}" | ||
| # Or use TAG_VERSION env if set (for push/PR) | ||
| elif [ ! -z "${TAG_VERSION}" ]; then | ||
| VERSION="${TAG_VERSION}" | ||
| else | ||
| echo "Error: Docker image version must be provided as workflow_dispatch input or TAG_VERSION env." | ||
| exit 1 | ||
| fi | ||
| echo "version=$VERSION" >> $GITHUB_OUTPUT | ||
|
|
||
| - name: Check if version exists on Docker Hub | ||
| id: check-version | ||
| run: | | ||
| VERSION=${{ steps.get-version.outputs.version }} | ||
| RESPONSE=$(curl -s -o /dev/null -w "%{http_code}" "https://hub.docker.com/v2/namespaces/${{ env.DOCKER_NAMESPACE }}/repositories/${{ env.DOCKER_IMAGE_NAME }}/tags/$VERSION") | ||
| if [ "$RESPONSE" -eq 200 ]; then | ||
| echo "Error: Tag $VERSION already exists on Docker Hub" | ||
| exit 1 | ||
| else | ||
| echo "Tag $VERSION does not exist, proceeding with build" | ||
| fi | ||
|
Comment on lines
+48
to
+58
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🛠️ Refactor suggestion Unauthenticated tag-existence check is fragile The curl probe is unauthenticated, so: • Private repositories will return 401, not 404. Inject the Docker Hub token to avoid both issues and broaden the status-code check: -RESPONSE=$(curl -s -o /dev/null -w "%{http_code}" "https://hub.docker.com/v2/namespaces/${{ env.DOCKER_NAMESPACE }}/repositories/${{ env.DOCKER_IMAGE_NAME }}/tags/$VERSION")
+RESPONSE=$(curl -s -o /dev/null -w "%{http_code}" \
+ -H "Authorization: Bearer ${{ secrets.DOCKERHUB_TOKEN }}" \
+ "https://hub.docker.com/v2/namespaces/${{ env.DOCKER_NAMESPACE }}/repositories/${{ env.DOCKER_IMAGE_NAME }}/tags/$VERSION")
+# Treat 200 (exists) vs 404 (missing); fail on 401/429 to surface auth or rate-limit problems.
🤖 Prompt for AI Agents |
||
|
|
||
| - name: Extract metadata | ||
| id: meta | ||
| uses: docker/metadata-action@v5 | ||
| with: | ||
| images: ${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_NAMESPACE }}/${{ env.DOCKER_IMAGE_NAME }} | ||
| tags: | | ||
| type=raw,value=${{ steps.get-version.outputs.version }} | ||
|
|
||
| - name: Build and push Docker image | ||
| id: build | ||
| uses: docker/build-push-action@v5 | ||
| with: | ||
| context: . | ||
| file: ./Dockerfile | ||
| push: true | ||
| tags: ${{ steps.meta.outputs.tags }} | ||
| labels: ${{ steps.meta.outputs.labels }} | ||
| platforms: linux/amd64,linux/arm64 | ||
| cache-from: type=gha | ||
| cache-to: type=gha,mode=max | ||
|
|
||
| - name: Image digest | ||
| run: echo "Image pushed with digest ${{ steps.build.outputs.digest }}" | ||
|
|
||
| - name: Print pushed tags | ||
| run: | | ||
| echo "Pushed tags:" | ||
| echo "${{ steps.meta.outputs.tags }}" | tr ',' '\n' | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🛠️ Refactor suggestion
Job-level
if:clause is redundant and over-restrictiveThe workflow is already limited to
workflow_dispatchvia theon:section.Adding an extra
if:gate that hard-codesrefs/heads/docker-imageprevents maintainers from manually triggering the build from forks or feature branches—even thoughworkflow_dispatchsupports abranches:filter.Consider removing the
if:or moving the branch filter into theon.workflow_dispatchblock:🤖 Prompt for AI Agents