name: CI - Build Tonehaus Docker image on: push: branches: [ main ] pull_request: workflow_dispatch: env: IMAGE_NAME: tonehaus DOCKERFILE: docker/php/Dockerfile BUILD_TARGET: prod PLATFORMS: linux/amd64,linux/arm64 jobs: build: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Compute tags id: meta run: | SHA="${GITHUB_SHA:-${GITEA_SHA:-unknown}}" SHORT_SHA="${SHA:0:7}" echo "short_sha=$SHORT_SHA" >> "$GITHUB_OUTPUT" - name: Optional registry login if: ${{ env.REGISTRY != '' && env.REGISTRY_USERNAME != '' && env.REGISTRY_PASSWORD != '' }} env: REGISTRY: ${{ secrets.REGISTRY }} REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} run: | echo "$REGISTRY_PASSWORD" | docker login "$REGISTRY" -u "$REGISTRY_USERNAME" --password-stdin - name: Build and push multi-arch image (if registry configured) if: ${{ env.REGISTRY != '' && env.REGISTRY_IMAGE != '' }} env: REGISTRY: ${{ secrets.REGISTRY }} REGISTRY_IMAGE: ${{ secrets.REGISTRY_IMAGE }} run: | TAG_SHA=${{ steps.meta.outputs.short_sha }} docker buildx build \ --platform "$PLATFORMS" \ --file "$DOCKERFILE" \ --target "$BUILD_TARGET" \ --build-arg APP_ENV=prod \ --tag "$REGISTRY/$REGISTRY_IMAGE:$TAG_SHA" \ --tag "$REGISTRY/$REGISTRY_IMAGE:ci" \ --push \ . - name: Build single-arch images for artifacts (no registry) if: ${{ env.REGISTRY == '' }} run: | TAG_SHA=${{ steps.meta.outputs.short_sha }} for P in linux/amd64; do \ ARCH=${P#linux/}; \ docker buildx build \ --platform "$P" \ --file "$DOCKERFILE" \ --target "$BUILD_TARGET" \ --build-arg APP_ENV=prod \ --output type=docker \ --tag "$IMAGE_NAME:$TAG_SHA-$ARCH" \ . ; \ docker save "$IMAGE_NAME:$TAG_SHA-$ARCH" -o "tonehaus-image-$ARCH.tar" ; \ done - name: Upload artifacts if: ${{ env.REGISTRY == '' }} uses: actions/upload-artifact@v4 with: name: tonehaus-images path: | tonehaus-image-amd64.tar