From edff35bfb00a288ff5a437c06afe15b026e78458 Mon Sep 17 00:00:00 2001
From: parra <parrazam@users.noreply.github.com>
Date: Fri, 4 Mar 2022 12:52:45 +0100
Subject: [PATCH] GitHub actions to publish docker image (#12)

* Added DockerHub action and grouped DockerHub and GitHub registries
---
 ...docker-publish.yml => docker-registry.yml} | 68 ++++++++++++-------
 1 file changed, 42 insertions(+), 26 deletions(-)
 rename .github/workflows/{docker-publish.yml => docker-registry.yml} (58%)

diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-registry.yml
similarity index 58%
rename from .github/workflows/docker-publish.yml
rename to .github/workflows/docker-registry.yml
index 6fd833b..a46e721 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-registry.yml
@@ -1,30 +1,27 @@
-name: Docker
-
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
+name: Build and Publish
 
 on:
-  schedule:
-    - cron: '24 11 * * *'
+  # run it on push to the default repository branch
   push:
-    branches: [ master ]
+    branches: [master, develop]
     # Publish semver tags as releases.
     tags: [ 'v*.*.*' ]
+  # run it during pull request
   pull_request:
     branches: [ master ]
 
 env:
-  # Use docker.io for Docker Hub if empty
-  REGISTRY: ghcr.io
   # github.repository as <account>/<repo>
   IMAGE_NAME: ${{ github.repository }}
-
+  PLATFORMS: linux/amd64,linux/arm64,linux/arm/v7
+  GH_REPO: ghcr.io
 
 jobs:
-  build:
 
+  # define job to build and publish docker image
+  build-and-push-docker-image:
+    name: Build Docker image and push to repositories
+    # run only when code is compiling and tests are passing
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -33,8 +30,9 @@ jobs:
       # with sigstore/fulcio when running outside of PRs.
       id-token: write
 
+    # steps to perform in job
     steps:
-      - name: Checkout repository
+      - name: Checkout code
         uses: actions/checkout@v2
 
       # Install the cosign tool except on PR
@@ -45,18 +43,32 @@ jobs:
         with:
           cosign-release: 'v1.4.0'
 
+      - name: Set up QEMU
+        id: qemu
+        uses: docker/setup-qemu-action@v1
+        with:
+          image: tonistiigi/binfmt:latest
+          platforms: ${{ env.PLATFORMS }}
 
-      # Workaround: https://github.com/docker/build-push-action/issues/461
-      - name: Setup Docker buildx
-        uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
+      # setup Docker buld action
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Login to DockerHub
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       # Login against a Docker registry except on PR
       # https://github.com/docker/login-action
       - name: Log into registry ${{ env.REGISTRY }}
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
+        uses: docker/login-action@v1
         with:
-          registry: ${{ env.REGISTRY }}
+          registry: ${{ env.GH_REPO }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
@@ -66,15 +78,16 @@ jobs:
         id: meta
         uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
         with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-
-      # Build and push Docker image with Buildx (don't push on PR)
-      # https://github.com/docker/build-push-action
-      - name: Build and push Docker image
+          images: |
+            ${{ env.IMAGE_NAME }}
+            ${{ env.GH_REPO }}/${{ env.IMAGE_NAME }}
+      
+      - name: Build image and push to Docker Hub and GitHub Container Registry
         id: build-and-push
-        uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
+        uses: docker/build-push-action@v2
         with:
           context: .
+          platforms: ${{ env.PLATFORMS }}
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
@@ -90,4 +103,7 @@ jobs:
           COSIGN_EXPERIMENTAL: "true"
         # This step uses the identity token to provision an ephemeral certificate
         # against the sigstore community Fulcio instance.
-        run: cosign sign ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}
+        run: cosign sign ${{ env.GH_REPO }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}
+
+      - name: Image digest
+        run: echo ${{ steps.build-and-push.outputs.digest }}