diff --git a/.github/actions/docker-build-push/action.yml b/.github/actions/docker-build-push/action.yml new file mode 100644 index 0000000..7c90618 --- /dev/null +++ b/.github/actions/docker-build-push/action.yml @@ -0,0 +1,57 @@ +name: 'Docker Build and Push' +description: 'Builds and pushes Docker images to Docker Hub and GHCR with flexible tagging.' +runs: + using: 'composite' + steps: + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ inputs.dockerhub_username }} + password: ${{ inputs.dockerhub_token }} + + - name: Log in to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ inputs.ghcr_username }} + password: ${{ inputs.ghcr_token }} + + - name: Build and push Docker image + uses: docker/build-push-action@v5 + with: + context: ${{ inputs.context }} + file: ${{ inputs.dockerfile }} + platforms: ${{ inputs.platforms }} + push: true + tags: ${{ inputs.tags }} + cache-from: type=gha + cache-to: type=gha + +inputs: + dockerhub_username: + required: true + description: 'Docker Hub username' + dockerhub_token: + required: true + description: 'Docker Hub token' + ghcr_username: + required: true + description: 'GHCR username' + ghcr_token: + required: true + description: 'GHCR token' + context: + required: true + description: 'Build context' + dockerfile: + required: true + description: 'Dockerfile path' + platforms: + required: true + description: 'Platforms to build for' + tags: + required: true + description: 'Comma-separated list of image tags' diff --git a/.github/workflows/docker-delete-tag-on-merge.yml b/.github/workflows/docker-delete-tag-on-merge.yml index 4507b80..4052047 100644 --- a/.github/workflows/docker-delete-tag-on-merge.yml +++ b/.github/workflows/docker-delete-tag-on-merge.yml @@ -9,6 +9,8 @@ jobs: delete-docker-tag: if: startsWith(github.event.pull_request.head.ref, 'fix/') runs-on: ubuntu-latest + permissions: + packages: write steps: - name: Extract merged branch name id: extract_branch @@ -18,14 +20,50 @@ jobs: echo "tag=$TAG" >> $GITHUB_OUTPUT shell: bash - - name: Delete Docker tag from Docker Hub + - name: Delete image tag from Docker Hub if: steps.extract_branch.outputs.tag != '' env: DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} TAG: ${{ steps.extract_branch.outputs.tag }} run: | - echo "Deleting Docker tag: $TAG" - curl -X DELETE -u "$DOCKERHUB_USERNAME:$DOCKERHUB_TOKEN" \ - "https://hub.docker.com/v2/repositories/grimsi/gameyfin/tags/$TAG/" + echo "Deleting Docker tag from Docker Hub: $TAG" + RESPONSE=$(curl -s -o /dev/null -w "%{http_code}" -X DELETE -u "$DOCKERHUB_USERNAME:$DOCKERHUB_TOKEN" \ + "https://hub.docker.com/v2/repositories/grimsi/gameyfin/tags/$TAG/") + if [ "$RESPONSE" != "204" ]; then + echo "Failed to delete Docker Hub tag: $TAG (HTTP $RESPONSE)" >&2 + exit 1 + fi + shell: bash + - name: Delete image tag from GHCR + if: steps.extract_branch.outputs.tag != '' + env: + GHCR_TOKEN: ${{ secrets.GITHUB_TOKEN }} + TAG: ${{ steps.extract_branch.outputs.tag }} + REPO: gameyfin/app + OWNER: ${{ github.repository_owner }} + run: | + echo "Deleting Docker tag from GHCR: $TAG" + # Get the package ID + PACKAGE_ID=$(curl -s -H "Authorization: Bearer $GHCR_TOKEN" \ + "https://api.github.com/users/$OWNER/packages/container/$REPO" | jq -r '.id') + if [ "$PACKAGE_ID" = "null" ] || [ -z "$PACKAGE_ID" ]; then + echo "Failed to get GHCR package ID for $REPO" >&2 + exit 1 + fi + # Get the version ID for the tag + VERSION_ID=$(curl -s -H "Authorization: Bearer $GHCR_TOKEN" \ + "https://api.github.com/users/$OWNER/packages/container/$REPO/versions" | jq -r ".[] | select(.metadata.container.tags[]? == \"$TAG\") | .id") + if [ -z "$VERSION_ID" ]; then + echo "Failed to find GHCR version for tag: $TAG" >&2 + exit 1 + fi + # Delete the version + RESPONSE=$(curl -s -o /dev/null -w "%{http_code}" -X DELETE -H "Authorization: Bearer $GHCR_TOKEN" \ + "https://api.github.com/users/$OWNER/packages/container/$REPO/versions/$VERSION_ID") + if [ "$RESPONSE" != "204" ]; then + echo "Failed to delete GHCR tag: $TAG (HTTP $RESPONSE)" >&2 + exit 1 + fi + shell: bash diff --git a/.github/workflows/docker-develop.yml b/.github/workflows/docker-develop.yml index a0aaa30..ac0cf84 100644 --- a/.github/workflows/docker-develop.yml +++ b/.github/workflows/docker-develop.yml @@ -1,4 +1,4 @@ -name: Build and Push Docker Image (develop) +name: Build and Push Docker Image on: push: @@ -14,6 +14,8 @@ on: jobs: build-and-push: runs-on: ubuntu-latest + permissions: + packages: write steps: - name: Checkout code uses: actions/checkout@v4 @@ -29,20 +31,14 @@ jobs: GAMEYFIN_KEYSTORE_PASSWORD: ${{ secrets.GAMEYFIN_KEYSTORE_PASSWORD }} run: ./gradlew clean build -Pvaadin.productionMode=true - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Log in to Docker Hub - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Build and push Docker image - uses: docker/build-push-action@v5 + uses: ./.github/actions/docker-build-push with: + dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }} + dockerhub_token: ${{ secrets.DOCKERHUB_TOKEN }} + ghcr_username: ${{ github.actor }} + ghcr_token: ${{ secrets.GITHUB_TOKEN }} context: . - file: docker/Dockerfile + dockerfile: docker/Dockerfile platforms: linux/arm64/v8,linux/amd64 - push: true - tags: grimsi/gameyfin:${{ inputs.image_tag || 'develop' }} + tags: grimsi/gameyfin:${{ inputs.image_tag || 'develop' }},ghcr.io/gameyfin/app:${{ inputs.image_tag || 'develop' }} diff --git a/.github/workflows/docker-fix.yml b/.github/workflows/docker-fix.yml index f45f04f..25ace5c 100644 --- a/.github/workflows/docker-fix.yml +++ b/.github/workflows/docker-fix.yml @@ -8,6 +8,8 @@ on: jobs: build-and-push: runs-on: ubuntu-latest + permissions: + packages: write steps: - name: Checkout code uses: actions/checkout@v4 @@ -23,15 +25,6 @@ jobs: GAMEYFIN_KEYSTORE_PASSWORD: ${{ secrets.GAMEYFIN_KEYSTORE_PASSWORD }} run: ./gradlew clean build -Pvaadin.productionMode=true - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Log in to Docker Hub - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Extract tag from branch name id: extract_tag run: | @@ -40,11 +33,13 @@ jobs: echo "tag=$TAG" >> $GITHUB_OUTPUT - name: Build and push Docker image - uses: docker/build-push-action@v5 + uses: ./.github/actions/docker-build-push with: + dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }} + dockerhub_token: ${{ secrets.DOCKERHUB_TOKEN }} + ghcr_username: ${{ github.actor }} + ghcr_token: ${{ secrets.GITHUB_TOKEN }} context: . - file: docker/Dockerfile + dockerfile: docker/Dockerfile platforms: linux/arm64/v8,linux/amd64 - push: true - tags: grimsi/gameyfin:${{ steps.extract_tag.outputs.tag }} - + tags: grimsi/gameyfin:${{ steps.extract_tag.outputs.tag }},ghcr.io/gameyfin/app:${{ steps.extract_tag.outputs.tag }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index dff461e..14a5215 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -26,6 +26,7 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 + - name: Get version from build.gradle.kts if not provided id: get_version run: | @@ -37,14 +38,17 @@ jobs: echo "release_version=${{ github.event.inputs.version }}" >> $GITHUB_OUTPUT echo "RELEASE_VERSION=${{ github.event.inputs.version }}" >> $GITHUB_ENV fi + - name: Update version in build.gradle.kts if: ${{ github.event.inputs.update_version }} run: | sed -i "s/^version = .*/version = \"$RELEASE_VERSION\"/" build.gradle.kts + - name: Update version in app/package.json if: ${{ github.event.inputs.update_version }} run: | jq ".version = \"$RELEASE_VERSION\"" app/package.json > app/package.json.tmp && mv app/package.json.tmp app/package.json + - name: Upload modified files uses: actions/upload-artifact@v4 with: @@ -56,15 +60,19 @@ jobs: docker: needs: setup runs-on: ubuntu-latest + permissions: + packages: write steps: - name: Checkout code uses: actions/checkout@v4 with: fetch-depth: 0 + - name: Download modified files uses: actions/download-artifact@v4 with: name: modified-files + - name: Set up JDK 21 uses: actions/setup-java@v4 with: @@ -72,25 +80,39 @@ jobs: java-version: '21' - name: Setup Gradle uses: gradle/actions/setup-gradle@v4 + - name: Run production build env: GAMEYFIN_KEYSTORE_PASSWORD: ${{ secrets.GAMEYFIN_KEYSTORE_PASSWORD }} run: ./gradlew clean build -Pvaadin.productionMode=true - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: Log in to Docker Hub - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Generate container image tags + id: docker_tags + run: | + VERSION="${{ needs.setup.outputs.release_version }}" + DOCKERHUB_TAGS="grimsi/gameyfin:$VERSION" + GHCR_TAGS="ghcr.io/gameyfin/app:$VERSION" + if [[ "$VERSION" =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]; then + MAJOR=${BASH_REMATCH[1]} + MINOR=${BASH_REMATCH[2]} + PATCH=${BASH_REMATCH[3]} + DOCKERHUB_TAGS="grimsi/gameyfin:latest,grimsi/gameyfin:$VERSION,grimsi/gameyfin:$MAJOR.$MINOR,grimsi/gameyfin:$MAJOR" + GHCR_TAGS="ghcr.io/gameyfin/app:latest,ghcr.io/gameyfin/app:$VERSION,ghcr.io/gameyfin/app:$MAJOR.$MINOR,ghcr.io/gameyfin/app:$MAJOR" + fi + TAGS="$DOCKERHUB_TAGS,$GHCR_TAGS" + echo "tags=$TAGS" >> $GITHUB_OUTPUT + - name: Build and push Docker image - uses: docker/build-push-action@v5 + uses: ./.github/actions/docker-build-push with: + dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }} + dockerhub_token: ${{ secrets.DOCKERHUB_TOKEN }} + ghcr_username: ${{ github.actor }} + ghcr_token: ${{ secrets.GITHUB_TOKEN }} context: . - file: docker/Dockerfile + dockerfile: docker/Dockerfile platforms: linux/arm64/v8,linux/amd64 - push: true - tags: grimsi/gameyfin:${{ needs.setup.outputs.release_version }} + tags: ${{ steps.docker_tags.outputs.tags }} plugin_api: needs: setup @@ -100,17 +122,21 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 + - name: Download modified files uses: actions/download-artifact@v4 with: name: modified-files + - name: Set up JDK 21 uses: actions/setup-java@v4 with: distribution: 'temurin' java-version: '21' + - name: Setup Gradle uses: gradle/actions/setup-gradle@v4 + - name: Build and push Plugin-API run: ./gradlew publishAndReleaseToMavenCentral --no-configuration-cache env: @@ -127,16 +153,19 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 + - name: Download modified files uses: actions/download-artifact@v4 with: name: modified-files + - name: Commit version bump if: ${{ github.event.inputs.update_version }} uses: stefanzweifel/git-auto-commit-action@v6 with: commit_message: 'chore: release v${{ github.event.inputs.version }}' tagging_message: v${{ github.event.inputs.version }} + - name: Detect prerelease id: detect_prerelease run: | @@ -147,6 +176,7 @@ jobs: echo "IS_PRERELEASE=true" >> $GITHUB_ENV echo "MAKE_LATEST=false" >> $GITHUB_ENV fi + - name: Create GitHub release if: ${{ github.event.inputs.update_version }} uses: softprops/action-gh-release@v2