chore: update Docker workflow configurations and actions

tacxou · tacxou · commit 9341226f9687 · 2026-05-26T14:48:59.000+02:00
- Added Docker Buildx setup step to the docker-image workflow for improved build capabilities.
- Updated Docker login, metadata, and build-push actions to their latest versions for enhanced functionality and security.
- Changed the release workflow to use a local action for building Docker images, streamlining the process.
diff --git a/.github/actions/release/action.yml b/.github/actions/release/action.yml
@@ -0,0 +1,171 @@
+name: 'Release'
+description: 'Update version, publish release and push docker image'
+inputs:
+  version_increment:
+    description: 'La version a incrémenter (major, minor, patch)'
+    required: true
+    default: 'patch'
+
+  build_docker_image:
+    description: "Construire l'image docker ?"
+    required: true
+    default: 'true'
+
+  latest:
+    description: "Tagger l'image docker avec le tag 'latest' ?"
+    required: true
+    default: 'true'
+
+  repository:
+    description: 'Repository to the project'
+    required: true
+
+  username:
+    description: 'Username to the project'
+    required: true
+
+  password:
+    description: 'Password to the project'
+    required: true
+
+  github_token:
+    description: 'Github token to the project'
+    required: true
+
+  registry:
+    description: 'Docker registry base url'
+    default: 'ghcr.io'
+    required: false
+
+  context:
+    description: 'Docker context'
+    default: '.'
+    required: false
+
+  args:
+    description: 'Docker build args'
+    default: ''
+    required: false
+
+  is_branch_protected:
+    description: 'Push on a protected branch ? (required github_token)'
+    default: false
+    required: false
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+      with:
+        repository: ${{ inputs.repository }}
+
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up Git
+      shell: bash
+      run: |
+        git config user.email "github@action.com"
+        git config user.name "Github Action"
+        echo ${{ inputs.github_token }} > token.txt
+        git config credential.helper "store --file=token.txt"
+
+    - name: Update version
+      shell: bash
+      run: |
+        echo NEW_VERSION=$(yarn version --${{ inputs.version_increment }} --json | jq -r '.data | select(contains("New version")) | split(":")[1] | gsub(" ";"")') >> $GITHUB_ENV
+      env:
+        REF: ${{ github.ref }}
+
+    - name: Push to unprotected branch
+      if: inputs.is_branch_protected == 'false'
+      shell: bash
+      run: |
+        git push --follow-tags
+      env:
+        REF: ${{ github.ref }}
+
+    - name: Push to protected branch
+      if: inputs.is_branch_protected == 'true'
+      uses: CasperWA/push-protected@v2
+      with:
+        token: ${{ inputs.github_token }}
+        branch: main
+        unprotect_reviews: true
+        tags: true
+
+    - name: Publish release
+      uses: ncipollo/release-action@v1
+      with:
+        name: Release ${{ env.NEW_VERSION }}
+        commit: ${{ env.REF }}
+        draft: false
+        prerelease: false
+        generateReleaseNotes: true
+        token: ${{ inputs.github_token }}
+        makeLatest: ${{ inputs.latest }}
+        tag: ${{ env.NEW_VERSION }}
+
+    - name: Get repo name
+      shell: bash
+      id: get_repo_name
+      run: |
+        echo "REPO_NAME=$(basename "${{ inputs.repository }}")" >> $GITHUB_ENV
+
+    - name: Get repo full name
+      shell: bash
+      id: get_repo_full_name
+      run: |
+        FULL_NAME=$(echo "${{ inputs.repository }}" | tr '[:upper:]' '[:lower:]')
+        echo "REPO_FULL_NAME=$FULL_NAME" >> $GITHUB_ENV
+
+    - name: Get current date and time
+      shell: bash
+      id: get_current_date_time
+      run: |
+        echo "CURRENT_DATE_TIME=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_ENV
+
+    - name: Define tags
+      shell: bash
+      id: define_tags
+      run: |
+        if [ "${{ inputs.latest }}" = "true" ]; then
+          echo "TAGS=ghcr.io/${{ env.REPO_FULL_NAME }}:${{ env.NEW_VERSION }},ghcr.io/${{ env.REPO_FULL_NAME }}:latest,ghcr.io/${{ env.REPO_FULL_NAME }}:unstable" >> $GITHUB_ENV
+        else
+          echo "TAGS=ghcr.io/${{ env.REPO_FULL_NAME }}:${{ env.NEW_VERSION }},ghcr.io/${{ env.REPO_FULL_NAME }}:unstable" >> $GITHUB_ENV
+        fi
+      env:
+        NEW_VERSION: ${{ env.NEW_VERSION }}
+        REPO_NAME: ${{ env.REPO_NAME }}
+        REPO_FULL_NAME: ${{ env.REPO_FULL_NAME }}
+
+    - name: Set up QEMU
+      if: ${{ inputs.build_docker_image == 'true' }}
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      if: ${{ inputs.build_docker_image == 'true' }}
+      uses: docker/setup-buildx-action@v3.10.0
+
+    - name: Log in to the Container registry
+      if: ${{ inputs.build_docker_image == 'true' }}
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ inputs.registry }}
+        username: ${{ inputs.username }}
+        password: ${{ inputs.password }}
+      env:
+        REGISTRY: ${{ inputs.registry }}
+
+    - name: Build and push Docker image
+      if: ${{ inputs.build_docker_image == 'true' }}
+      uses: docker/build-push-action@v6.18.0
+      with:
+        context: ${{ inputs.context }}
+        push: true
+        tags: ${{ env.TAGS }}
+        build-args: ${{ inputs.args }}
+        platforms: linux/amd64
+      env:
+        TAGS: ${{ env.TAGS }}
diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
@@ -39,16 +39,19 @@ jobs:
       - name: Run API unit tests
         run: yarn workspace @libertech-fr/sesame-orchestrator_api test
 
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3.10.0
+
       - name: Log in to the Container registry
-        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Extract metadata (tags, labels) for Docker
         id: meta
-        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
 
@@ -59,7 +62,7 @@ jobs:
           echo "build_id=${{ github.sha }}" >> $GITHUB_OUTPUT
 
       - name: Build and push Docker image
-        uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
+        uses: docker/build-push-action@v6.18.0
         with:
           context: .
           push: true
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -47,7 +47,7 @@ jobs:
         run: yarn workspace @libertech-fr/sesame-orchestrator_api test
 
       - name: Build docker
-        uses: Libertech-FR/lt-actions/release@main
+        uses: ./.github/actions/release
         with:
           version_increment: ${{ github.event.inputs.version_increment }}
           build_docker_image: ${{ github.event.inputs.build_docker_image }}
