Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions hooks/post_gen_project.py
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,24 @@ def write_context(*, context: dict) -> None:
yaml.dump(context, file)


def notify_dockerhub_secrets() -> None:
"""Notify user about required Docker Hub secrets for releases."""
print("\n" + "=" * 70)
print("IMPORTANT: Docker Hub Publishing Enabled")
print("=" * 70)
print("\nYou have enabled Docker Hub publishing for releases.")
print("Please ensure the following GitHub secrets are configured:")
print("\n • DOCKERHUB_USERNAME - Your Docker Hub username")
print(" • DOCKERHUB_PAT - Your Docker Hub Personal Access Token")
print("\nWithout these secrets, your releases will fail during the")
print("Docker image publishing step.")
print("\nTo add these secrets:")
print("1. Go to your GitHub repository settings")
print("2. Navigate to Settings → Secrets and variables → Actions")
print("3. Add the required secrets")
print("=" * 70 + "\n")


def run_post_gen_hook():
"""Run post generation hook"""
try:
Expand Down Expand Up @@ -199,6 +217,10 @@ def run_post_gen_hook():
# Run the initial setup step automatically so pre-commit hooks, etc. are pre-installed. However, if it fails, don't fail the overall repo generation
# (i.e. check=False)
subprocess.run(["task", "init"], check=False, capture_output=True)

# Notify about Docker Hub secrets if Docker Hub publishing is enabled
if cookiecutter_context.get("dockerhub") == "yes":
notify_dockerhub_secrets()
except subprocess.CalledProcessError as error:
stdout = error.stdout.decode("utf-8") if error.stdout else "No stdout"
stderr = error.stderr.decode("utf-8") if error.stderr else "No stderr"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -102,42 +102,3 @@ jobs:
name: vulns-${{ "{{ env.SANITIZED_PLATFORM }}" }}
path: vulns.*.json
if-no-files-found: error
{%- if cookiecutter.dockerhub == 'yes' %}
publish:
name: Publish the container(s)
needs: bump-version
runs-on: ubuntu-24.04
strategy:
fail-fast: false
matrix:
platform:
- linux/amd64
- linux/arm64
steps:
- name: Checkout the repository
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: "${{ "{{ needs.bump-version.outputs.tag }}" }}"
persist-credentials: 'false'
- name: Bootstrap repository
uses: ./.github/actions/bootstrap
with:
token: ${{ "{{ secrets.GITHUB_TOKEN }}" }}
python-version: ${{ "{{ env.python_version }}" }}
- name: Set up QEMU for cross-platform emulation
uses: docker/setup-qemu-action@v3
- name: Build the container
run: task -v build
env:
PLATFORM: ${{ "{{ matrix.platform }}" }}
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ "{{ secrets.DOCKERHUB_USERNAME }}" }}
password: ${{ "{{ secrets.DOCKERHUB_PAT }}" }}
- name: Publish the container
Comment thread
JonZeolla marked this conversation as resolved.
run: task -v publish
env:
PLATFORM: ${{ "{{ matrix.platform }}" }}
{%- endif %}
Original file line number Diff line number Diff line change
Expand Up @@ -48,3 +48,41 @@ jobs:
TAG=$(git describe --tags --abbrev=0)
echo "tag=${TAG}" | tee -a "${GITHUB_OUTPUT}"
echo "Created release tag: ${TAG}"
{%- if cookiecutter.dockerhub == 'yes' %}

publish-docker:
name: Publish Docker Image
needs: release
runs-on: ubuntu-24.04
steps:
- name: Checkout the repository
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ "{{ needs.release.outputs.tag }}" }}
persist-credentials: 'false'

- name: Bootstrap repository
uses: ./.github/actions/bootstrap
with:
token: ${{ "{{ secrets.GITHUB_TOKEN }}" }}
python-version: ${{ "{{ env.python_version }}" }}

- name: Set up QEMU for cross-platform emulation
uses: docker/setup-qemu-action@v3

- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ "{{ secrets.DOCKERHUB_USERNAME }}" }}
password: ${{ "{{ secrets.DOCKERHUB_PAT }}" }}
Comment thread
JonZeolla marked this conversation as resolved.

- name: Build and publish multiplatform Docker image
run: |
# Extract version from tag (remove 'v' prefix if present)
VERSION="${{ "{{ needs.release.outputs.tag }}" }}"
VERSION="${VERSION#v}"

# Build and push multiplatform image
task -v publish VERSION="${VERSION}" PLATFORM=all
{%- endif %}
40 changes: 14 additions & 26 deletions {{cookiecutter.project_name|replace(" ", "")}}/Taskfile.yml
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,7 @@ tasks:
build:
desc: Build the project; docker images, compiled binaries, etc.
vars:
PUBLISH: '{{ '{{.PUBLISH | default "false"}}' }}'
TIMESTAMP:
sh: '{{ '{{.RUN_SCRIPT}}' }} {{ '{{.SCRIPTS_DIR}}' }}/get_rfc3339_timestamp.py'
EPOCH:
Expand All @@ -98,12 +99,12 @@ tasks:
OUTPUT_FILE: '{{ '{{.IMAGE_NAME | replace "/" "_"}}' }}_latest_{{ '{{.PLATFORM_SUFFIX}}' }}.tar'
DESCRIPTION: '{{ cookiecutter.project_short_description }}'
cmds:
# First build: load if same platform, output to file if cross-platform
# First build: load if same platform, output to file if cross-platform, or push if PUBLISH is true
- |
docker buildx build \
--platform {{ '{{.BUILD_PLATFORM}}' }} \
--pull \
{{ '{{if eq .PLATFORM .LOCAL_PLATFORM}}' }}--load{{ '{{else}}' }}-o type=oci,dest="{{ '{{.OUTPUT_FILE}}' }}"{{ '{{end}}' }} \
{{ '{{if eq .PUBLISH "true"}}' }}--push{{ "{{else if eq .PLATFORM .LOCAL_PLATFORM}}" }}--load{{ "{{else}}" }}-o type=oci,dest="{{ '{{.OUTPUT_FILE}}' }}"{{ "{{end}}" }} \
Comment thread
JonZeolla marked this conversation as resolved.
{{ '{{if eq .GITHUB_ACTIONS "true"}}' }}--cache-from type=gha --cache-to type=gha,mode=max{{ '{{end}}' }} \
--build-arg NAME="{{ '{{.PROJECT_SLUG}}' }}" \
--build-arg DESCRIPTION="{{ '{{.DESCRIPTION}}' }}" \
Expand Down Expand Up @@ -243,29 +244,16 @@ tasks:

publish:
desc: Publish the project artifacts; docker images, compiled binaries, etc.
vars:
INPUT_FILE:
# Find the latest tar file for cross-platform builds
sh: '{{ '{{if and (ne .LOCAL_PLATFORM .PLATFORM) (ne .PLATFORM "all")}}' }}ls {{ '{{.IMAGE_NAME | replace "/" "_"}}' }}_*_{{ '{{.PLATFORM | replace "/" "_" | replace "," "_"}}' }}.tar 2>/dev/null | sort -r | head -1{{ '{{end}}' }}'
preconditions:
- sh: which docker
msg: "docker is required for publishing"
requires:
vars:
- VERSION
cmds:
- |
{{ '{{if or (eq .LOCAL_PLATFORM .PLATFORM) (eq .PLATFORM "all")}}' }}
docker push {{ '{{.IMAGE_NAME}}:{{.VERSION}}' }}
docker push {{ '{{.IMAGE_NAME}}:latest' }}
{{ '{{else}}' }}
echo "Publishing cross-platform image from {{ '{{.INPUT_FILE}}' }}"
docker run --rm \
-v "$(pwd):/src" \
-w /src \
quay.io/skopeo/stable:latest \
copy oci-archive:{{ '{{.INPUT_FILE}}' }} docker://{{ '{{.IMAGE_NAME}}:{{.VERSION}}' }}
docker run --rm \
-v "$(pwd):/src" \
-w /src \
quay.io/skopeo/stable:latest \
copy oci-archive:{{ '{{.INPUT_FILE}}' }} docker://{{ '{{.IMAGE_NAME}}:latest' }}
{{ '{{end}}' }}
Comment thread
JonZeolla marked this conversation as resolved.
- task: build
vars:
PUBLISH: 'true'
VERSION: '{{ '{{.VERSION}}' }}'
PLATFORM: '{{ '{{.PLATFORM | default "all"}}' }}'
DOCKER_BUILDX_CUSTOM_ARGS: '{{ '{{.DOCKER_BUILDX_CUSTOM_ARGS | default ""}}' }}'
DOCKER_BUILDX_CUSTOM_TAGS: '{{ '{{.DOCKER_BUILDX_CUSTOM_TAGS | default ""}}' }}'
DOCKER_BUILDX_CUSTOM_CONTEXT: '{{ '{{.DOCKER_BUILDX_CUSTOM_CONTEXT}}' }}'
Comment thread
JonZeolla marked this conversation as resolved.
{%- endif %}
Loading