smokephil/extract_otp_secret_keys
1
0
Fork 0
mirror of https://github.com/scito/extract_otp_secret_keys.git synced 2025-12-06 23:05:06 +01:00
Code Issues Projects Releases Wiki Activity

ci: fix digest artifact names for multi-platform Docker builds (fix #367) (#376)

Browse source 
* ci: fix digest artifact names for multi-platform Docker builds

* ci: remove unused platforms parameter from Docker build steps

* ci: push Docker images exceptionally on feature branch

* ci: update Dockerfile to include uname command and fix label formatting

* ci: update CI workflow to set platforms dynamically for Docker builds

* ci: disable arm64 docker

* ci: only arm64 docker

* ci: update CI workflow for multiarch Docker builds and manifest creation

* ci: add multiarch manifest creation

* ci: fix multiarch manifest for loop

* ci: restore push conditions for Docker image builds

* ci: restore push conditions for Docker image builds
This commit is contained in:
Roland Kurmann 2025-03-01 20:19:15 +01:00 committed by GitHub
parent 95c34277ca
commit d5a8b6f0c0
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 147 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

169
.github/workflows/ci_docker.yml vendored
View file

@ -30,10 +30,12 @@ jobs:
strategy:
matrix:
include:
- DOCKER_PLATFORM: linux/amd64
- DOCKER_ARCH: amd64
platform: ubuntu-latest
- DOCKER_PLATFORM: linux/arm64
PLATFORM_ARCH: x86_64
- DOCKER_ARCH: arm64
platform: ubuntu-24.04-arm
PLATFORM_ARCH: arm64
runs-on: ${{ matrix.platform }}
@ -58,11 +60,6 @@ jobs:
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
# Workaround for failing builds: https://github.com/docker/build-push-action/issues/761#issuecomment-1383822381
# TODO remove workaround when fixed
with:
driver-opts: |
image=moby/buildkit:latest
- name: Login to DockerHub
uses: docker/login-action@v3
@ -79,11 +76,11 @@ jobs:
username: ${{ github.actor }}
password: ${{ secrets.GHCR_IO_TOKEN }}
- name: "Build image and push to Docker Hub and GitHub Container Registry"
- name: "Build image (Bookworm/Debian 12) and push to Docker Hub and GitHub Container Registry"
id: docker_build_qr_reader_latest
uses: docker/build-push-action@v5
with:
platforms: ${{ matrix.DOCKER_PLATFORM }}
platforms: linux/${{ matrix.DOCKER_ARCH }}
# relative path to the place where source code with Dockerfile is located
# TODO file:, move to docker/
context: .
@ -94,10 +91,10 @@ jobs:
BASE_IMAGE=python:3.13-slim-bookworm
pull: true
tags: |
scit0/extract_otp_secrets:latest
scit0/extract_otp_secrets:bookworm
ghcr.io/scito/extract_otp_secrets:latest
ghcr.io/scito/extract_otp_secrets:bookworm
docker.io/scit0/extract_otp_secrets:latest-${{ matrix.PLATFORM_ARCH }}
docker.io/scit0/extract_otp_secrets:bookworm-${{ matrix.PLATFORM_ARCH }}
ghcr.io/scito/extract_otp_secrets:latest-${{ matrix.PLATFORM_ARCH }}
ghcr.io/scito/extract_otp_secrets:bookworm-${{ matrix.PLATFORM_ARCH }}
# build on feature branches, push only on master branch
push: ${{ github.ref == 'refs/heads/master' && github.secret_source == 'Actions'}}
@ -110,19 +107,57 @@ jobs:
if: github.ref == 'refs/heads/master'
uses: actions/upload-artifact@v4
with:
name: debian_digests
name: digests_bookworm_${{ matrix.PLATFORM_ARCH }}
path: digests.txt
create-multiarch-debian-manifests:
name: Create multiarch manifests for Debian image
runs-on: ubuntu-latest
needs:
- build-and-push-docker-debian-image
steps:
- name: Login to DockerHub
uses: docker/login-action@v3
if: github.secret_source == 'Actions'
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to Github Packages
uses: docker/login-action@v3
if: github.secret_source == 'Actions'
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GHCR_IO_TOKEN }}
- name: Create multiarch manifests
shell: bash
run: |
for tag in \
docker.io/scit0/extract_otp_secrets:latest \
ghcr.io/scito/extract_otp_secrets:latest \
docker.io/scit0/extract_otp_secrets:bookworm \
ghcr.io/scito/extract_otp_secrets:bookworm \
; do
docker buildx imagetools create -t $tag \
$tag-x86_64 \
$tag-arm64
done
build-and-push-docker-alpine-image:
name: Build Docker Alpine image and push to repositories
# run only when code is compiling and tests are passing
strategy:
matrix:
include:
- DOCKER_PLATFORM: linux/amd64
- DOCKER_ARCH: amd64
platform: ubuntu-latest
- DOCKER_PLATFORM: linux/arm64
PLATFORM_ARCH: x86_64
- DOCKER_ARCH: arm64
platform: ubuntu-24.04-arm
PLATFORM_ARCH: arm64
runs-on: ${{ matrix.platform }}
@ -167,20 +202,20 @@ jobs:
id: docker_build_only_txt
uses: docker/build-push-action@v5
with:
platforms: linux/${{ matrix.DOCKER_ARCH }}
# relative path to the place where source code with Dockerfile is located
platforms: ${{ matrix.DOCKER_PLATFORM }}
context: .
file: docker/Dockerfile_only_txt
# builder: ${{ steps.buildx.outputs.name }}
# Note: tags has to be all lower-case
pull: true
tags: |
scit0/extract_otp_secrets:only-txt
scit0/extract_otp_secrets:alpine
ghcr.io/scito/extract_otp_secrets:only-txt
ghcr.io/scito/extract_otp_secrets:alpine
docker.io/scit0/extract_otp_secrets:only-txt-${{ matrix.PLATFORM_ARCH }}
docker.io/scit0/extract_otp_secrets:alpine-${{ matrix.PLATFORM_ARCH }}
ghcr.io/scito/extract_otp_secrets:only-txt-${{ matrix.PLATFORM_ARCH }}
ghcr.io/scito/extract_otp_secrets:alpine-${{ matrix.PLATFORM_ARCH }}
# build on feature branches, push only on master branch
push: ${{ github.ref == 'refs/heads/master' && github.secret_source == 'Actions'}}
push: true # ${{ github.ref == 'refs/heads/master' && github.secret_source == 'Actions'}}
build-args: |
RUN_TESTS=true
@ -194,19 +229,59 @@ jobs:
if: github.ref == 'refs/heads/master'
uses: actions/upload-artifact@v4
with:
name: alpine_digests
name: digests_alpine_${{ matrix.PLATFORM_ARCH }}
path: digests.txt
create-multiarch-alpine-manifests:
name: Create multiarch manifests for Alpine image
runs-on: ubuntu-latest
needs:
- build-and-push-docker-alpine-image
defaults:
run:
shell: bash
steps:
- name: Login to DockerHub
uses: docker/login-action@v3
if: github.secret_source == 'Actions'
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to Github Packages
uses: docker/login-action@v3
if: github.secret_source == 'Actions'
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GHCR_IO_TOKEN }}
- name: Create multiarch manifests
shell: bash
run: |
for tag in \
docker.io/scit0/extract_otp_secrets:only-txt \
docker.io/scit0/extract_otp_secrets:alpine \
ghcr.io/scito/extract_otp_secrets:only-txt \
ghcr.io/scito/extract_otp_secrets:alpine \
; do
docker buildx imagetools create -t $tag \
$tag-x86_64 \
$tag-arm64
done
build-and-push-docker-bullseye-image:
name: Build Docker Bullseye image (for PyInstsaller) and push to repositories
# run only when code is compiling and tests are passing
strategy:
matrix:
include:
- DOCKER_PLATFORM: linux/amd64
- DOCKER_ARCH: amd64
platform: ubuntu-latest
- DOCKER_PLATFORM: linux/arm64
PLATFORM_ARCH: x86_64
- DOCKER_ARCH: arm64
platform: ubuntu-24.04-arm
PLATFORM_ARCH: arm64
runs-on: ${{ matrix.platform }}
@ -247,12 +322,12 @@ jobs:
username: ${{ github.actor }}
password: ${{ secrets.GHCR_IO_TOKEN }}
- name: "Build image from Bullseye and push to GitHub Container Registry"
- name: "Build image from Bullseye (Debian 11) and push to GitHub Container Registry"
id: docker_build_bullseye
if: github.ref == 'refs/heads/master'
uses: docker/build-push-action@v5
with:
platforms: ${{ matrix.DOCKER_PLATFORM }}
platforms: linux/${{ matrix.DOCKER_ARCH }}
# relative path to the place where source code with Dockerfile is located
context: .
file: docker/Dockerfile
@ -262,8 +337,8 @@ jobs:
# Note: tags has to be all lower-case
pull: true
tags: |
scit0/extract_otp_secrets:bullseye
ghcr.io/scito/extract_otp_secrets:bullseye
docker.io/scit0/extract_otp_secrets:bullseye-${{ matrix.PLATFORM_ARCH }}
ghcr.io/scito/extract_otp_secrets:bullseye-${{ matrix.PLATFORM_ARCH }}
push: ${{ github.secret_source == 'Actions' }}
- name: Image digest
@ -275,5 +350,39 @@ jobs:
if: github.ref == 'refs/heads/master'
uses: actions/upload-artifact@v4
with:
name: bullseye_digests
name: digests_bullseye_${{ matrix.PLATFORM_ARCH }}
path: digests.txt
create-multiarch-bullseye-manifests:
name: Create multiarch manifests for Bullseye image
runs-on: ubuntu-latest
needs:
- build-and-push-docker-bullseye-image
steps:
- name: Login to DockerHub
uses: docker/login-action@v3
if: github.secret_source == 'Actions'
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to Github Packages
uses: docker/login-action@v3
if: github.secret_source == 'Actions'
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GHCR_IO_TOKEN }}
- name: Create multiarch manifests
shell: bash
run: |
for tag in \
docker.io/scit0/extract_otp_secrets:bullseye \
ghcr.io/scito/extract_otp_secrets:bullseye \
; do
docker buildx imagetools create -t $tag \
$tag-x86_64 \
$tag-arm64
done

7
docker/Dockerfile
View file

@ -16,7 +16,8 @@ COPY requirements*.txt src/ run_pytest.sh pytest.ini tests/ example_*.txt exampl
ARG RUN_TESTS=true
RUN apt-get update && apt-get install -y --no-install-recommends \
RUN uname -a \
&& apt-get update && apt-get install -y --no-install-recommends \
libgl1 \
libglib2.0-0 \
libsm6 \
@ -31,6 +32,6 @@ WORKDIR /files
ENTRYPOINT ["python", "/extract/extract_otp_secrets.py"]
LABEL org.opencontainers.image.source https://github.com/scito/extract_otp_secrets
LABEL org.opencontainers.image.license GPL-3.0+
LABEL org.opencontainers.image.source=https://github.com/scito/extract_otp_secrets
LABEL org.opencontainers.image.license=GPL-3.0+
LABEL maintainer="Scito https://scito.ch, https://github.com/scito"

7
docker/Dockerfile_only_txt
View file

@ -17,7 +17,8 @@ COPY requirements*.txt src/ run_pytest.sh pytest.ini tests/ example_*.txt exampl
ARG RUN_TESTS=true
RUN apk add --no-cache \
RUN uname -a \
&& apk add --no-cache \
jpeg \
zlib \
&& echo "Arch: $(apk --print-arch)" \
@ -43,6 +44,6 @@ WORKDIR /files
ENTRYPOINT ["python", "/extract/extract_otp_secrets.py"]
LABEL org.opencontainers.image.source https://github.com/scito/extract_otp_secrets
LABEL org.opencontainers.image.license GPL-3.0+
LABEL org.opencontainers.image.source=https://github.com/scito/extract_otp_secrets
LABEL org.opencontainers.image.license=GPL-3.0+
LABEL maintainer="Scito https://scito.ch, https://github.com/scito"