diff --git a/.github/workflows/docker-githubaction.yml b/.github/workflows/docker-githubaction.yml new file mode 100644 index 00000000..1f0a3140 --- /dev/null +++ b/.github/workflows/docker-githubaction.yml @@ -0,0 +1,75 @@ +name: Release Docker GitHub Action + +on: + workflow_dispatch: + inputs: + image_version: + description: 'yq version to tag the github-action image with (e.g. 4.53.3)' + required: true + +permissions: {} + +jobs: + publishGithubActionDocker: + environment: dockerhub + env: + IMAGE_NAME: mikefarah/yq + IMAGE_VERSION: ${{ inputs.image_version }} + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + steps: + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + + - name: Set up QEMU + uses: docker/setup-qemu-action@06116385d9baf250c9f4dcb4858b16962ea869c3 # v4.1.0 + with: + platforms: all + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 + with: + version: latest + + - name: Login to Docker Hub + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Login to GitHub Container Registry + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push github-action image + working-directory: github-action + run: | + PLATFORMS="linux/amd64,linux/ppc64le,linux/arm64,linux/arm/v7,linux/s390x" + + echo "Building and pushing github-action image for version ${IMAGE_VERSION}" + docker buildx build \ + --label "org.opencontainers.image.authors=https://github.com/mikefarah/yq/graphs/contributors" \ + --label "org.opencontainers.image.created=$(date --rfc-3339=seconds)" \ + --label "org.opencontainers.image.description=yq is a portable command-line data file processor" \ + --label "org.opencontainers.image.documentation=https://mikefarah.gitbook.io/yq/" \ + --label "org.opencontainers.image.licenses=MIT" \ + --label "org.opencontainers.image.revision=$(git rev-parse HEAD)" \ + --label "org.opencontainers.image.source=https://github.com/mikefarah/yq" \ + --label "org.opencontainers.image.title=yq" \ + --label "org.opencontainers.image.url=https://mikefarah.gitbook.io/yq/" \ + --label "org.opencontainers.image.version=${IMAGE_VERSION}" \ + --platform "${PLATFORMS}" \ + --pull \ + --push \ + -t "${IMAGE_NAME}:${IMAGE_VERSION}-githubaction" \ + -t "${IMAGE_NAME}:4-githubaction" \ + -t "${IMAGE_NAME}:latest-githubaction" \ + -t "ghcr.io/${IMAGE_NAME}:${IMAGE_VERSION}-githubaction" \ + -t "ghcr.io/${IMAGE_NAME}:4-githubaction" \ + -t "ghcr.io/${IMAGE_NAME}:latest-githubaction" \ + . diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml index 00180443..17ac18fc 100644 --- a/.github/workflows/docker-release.yml +++ b/.github/workflows/docker-release.yml @@ -80,26 +80,3 @@ jobs: -t "ghcr.io/${IMAGE_NAME}:4" \ -t "ghcr.io/${IMAGE_NAME}:latest" \ . - - cd github-action - docker buildx build \ - --label "org.opencontainers.image.authors=https://github.com/mikefarah/yq/graphs/contributors" \ - --label "org.opencontainers.image.created=$(date --rfc-3339=seconds)" \ - --label "org.opencontainers.image.description=yq is a portable command-line data file processor" \ - --label "org.opencontainers.image.documentation=https://mikefarah.gitbook.io/yq/" \ - --label "org.opencontainers.image.licenses=MIT" \ - --label "org.opencontainers.image.revision=$(git rev-parse HEAD)" \ - --label "org.opencontainers.image.source=https://github.com/mikefarah/yq" \ - --label "org.opencontainers.image.title=yq" \ - --label "org.opencontainers.image.url=https://mikefarah.gitbook.io/yq/" \ - --label "org.opencontainers.image.version=${IMAGE_VERSION}" \ - --platform "${PLATFORMS}" \ - --pull \ - --push \ - -t "${IMAGE_NAME}:${IMAGE_VERSION}-githubaction" \ - -t "${IMAGE_NAME}:4-githubaction" \ - -t "${IMAGE_NAME}:latest-githubaction" \ - -t "ghcr.io/${IMAGE_NAME}:${IMAGE_VERSION}-githubaction" \ - -t "ghcr.io/${IMAGE_NAME}:4-githubaction" \ - -t "ghcr.io/${IMAGE_NAME}:latest-githubaction" \ - . diff --git a/release_instructions.txt b/release_instructions.txt index aeac43bd..06b4e9dd 100644 --- a/release_instructions.txt +++ b/release_instructions.txt @@ -12,6 +12,8 @@ skopeo inspect docker://docker.io/mikefarah/yq:4 --override-arch amd64 --override-os linux | python3 -c "import sys,json; d=json.load(sys.stdin); print(d['Digest'])" then update the FROM line in github-action/Dockerfile with the new digest: FROM mikefarah/yq:4@sha256: +- commit the Dockerfile change, then manually run the "Release Docker GitHub Action" workflow + (Actions -> Release Docker GitHub Action -> Run workflow) with the new version number // release artifacts are signed with cosign keyless signing (Sigstore) // users can verify with: