Merge pull request #1802 from rocket-admin/backend_mermaid_diagram_fix #137

Workflow file for this run

	name: Push to Quay.io

	on:
	push:
	tags:
	- '*'

	env:
	REGISTRY: quay.io
	REGISTRY_IMAGE: quay.io/rocketadmin/rocketadmin

	jobs:
	prepare:
	runs-on: ubuntu-latest
	outputs:
	matrix: ${{ steps.platforms.outputs.matrix }}
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Create matrix
	id: platforms
	run: \|
	echo "matrix=$(docker buildx bake image-all -f docker-bake.hcl --print \| jq -cr '.target."image-all".platforms')" >>${GITHUB_OUTPUT}

	- name: Show matrix
	run: \|
	echo ${{ steps.platforms.outputs.matrix }}

	- name: Docker meta
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: ${{ env.REGISTRY_IMAGE }}
	tags: \|
	type=semver,pattern={{version}}
	type=semver,pattern={{major}}.{{minor}}
	type=semver,pattern={{major}}
	type=ref,event=tag

	- name: Rename meta bake definition file
	run: \|
	mv "${{ steps.meta.outputs.bake-file }}" "/tmp/bake-meta.json"

	- name: Upload meta bake definition
	uses: actions/upload-artifact@v4
	with:
	name: bake-meta
	path: /tmp/bake-meta.json
	if-no-files-found: error
	retention-days: 1

	build:
	permissions:
	id-token: write
	contents: read
	attestations: write
	runs-on: ${{ contains(matrix.platform, 'arm') && 'arm64' \|\| 'ubuntu-latest' }}
	needs:
	- prepare
	strategy:
	fail-fast: false
	matrix:
	platform: ${{ fromJson(needs.prepare.outputs.matrix) }}
	steps:
	- name: Prepare
	run: \|
	platform=${{ matrix.platform }}
	echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV

	- name: Checkout
	uses: actions/checkout@v4

	- name: Download meta bake definition
	uses: actions/download-artifact@v4
	with:
	name: bake-meta
	path: /tmp

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Login to Quay.io
	uses: docker/login-action@v3
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ secrets.QUAY_USERNAME }}
	password: ${{ secrets.QUAY_PASSWORD }}

	- name: Build
	id: bake
	uses: docker/bake-action@v5
	with:
	sbom: true
	provenance: true
	files: \|
	./docker-bake.hcl
	/tmp/bake-meta.json
	targets: image
	set: \|
	*.tags=
	*.platform=${{ matrix.platform }}
	*.output=type=image,"name=${{ env.REGISTRY_IMAGE }}",push-by-digest=true,name-canonical=true,push=true

	- name: Export digest
	run: \|
	mkdir -p /tmp/digests
	digest="${{ fromJSON(steps.bake.outputs.metadata).image['containerimage.digest'] }}"
	touch "/tmp/digests/${digest#sha256:}"

	- name: Upload digest
	uses: actions/upload-artifact@v4
	with:
	name: digests-${{ env.PLATFORM_PAIR }}
	path: /tmp/digests/*
	if-no-files-found: error
	retention-days: 1

	- name: Attest Build Provenance
	uses: actions/attest-build-provenance@v2
	with:
	subject-digest: "${{ fromJSON(steps.bake.outputs.metadata).image['containerimage.digest'] }}"
	push-to-registry: false
	subject-name: ${{ env.REGISTRY_IMAGE }}

	merge:
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	contents: read
	attestations: write
	needs:
	- build
	steps:
	- name: Download meta bake definition
	uses: actions/download-artifact@v4
	with:
	name: bake-meta
	path: /tmp

	- name: Download digests
	uses: actions/download-artifact@v4
	with:
	path: /tmp/digests
	pattern: digests-*
	merge-multiple: true

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Login to Quay.io
	uses: docker/login-action@v3
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ secrets.QUAY_USERNAME }}
	password: ${{ secrets.QUAY_PASSWORD }}

	- name: Create manifest list and push
	working-directory: /tmp/digests
	run: \|
	docker buildx imagetools create $(jq -cr '.target."docker-metadata-action".tags \| map(select(startswith("${{ env.REGISTRY_IMAGE }}")) \| "-t " + .) \| join(" ")' /tmp/bake-meta.json) \
	$(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)

	- name: Get merged manifest digest
	id: manifest
	run: \|
	TAG=$(jq -r '.target."docker-metadata-action".args.DOCKER_META_VERSION' /tmp/bake-meta.json)
	DIGEST="sha256:$(docker buildx imagetools inspect "${{ env.REGISTRY_IMAGE }}:${TAG}" --raw \| sha256sum \| cut -d ' ' -f1)"
	echo "digest=${DIGEST}" >> $GITHUB_OUTPUT

	- name: Attest Merged Manifest Provenance
	uses: actions/attest-build-provenance@v2
	with:
	subject-digest: ${{ steps.manifest.outputs.digest }}
	subject-name: ${{ env.REGISTRY_IMAGE }}
	push-to-registry: false

	- name: Inspect image
	run: \|
	docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:$(jq -r '.target."docker-metadata-action".args.DOCKER_META_VERSION' /tmp/bake-meta.json)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Merge pull request #1802 from rocket-admin/backend_mermaid_diagram_fix #137

Workflow file

Merge pull request #1802 from rocket-admin/backend_mermaid_diagram_fix #137

Uh oh!

Workflow file for this run