Switch the container registry used for deploying images from docker

to ghcr.io (github). Images are now first build with '-build'
appended to the tag. E.g. ghcr.io/mailu/admin:master-build.
This is to prevent the image being available before automatic testing has completed.
In the deploy job, the final image is pushed (this still works the same).

Update setup & documentation for switch to ghcr.io
main
Dimitri Huisman 2 years ago
parent 03ff2f2132
commit 120cd34989
No known key found for this signature in database

@ -7,20 +7,10 @@ on:
concurrency: ci-arm-${{ github.ref }} concurrency: ci-arm-${{ github.ref }}
###############################################
# REQUIRED secrets
# ${{ secrets.Docker_Login }}
# Username of docker login for pushing the images to repo env.DOCKER_ORG and env.DOCKER_ORG_TESTS
# ${{ secrets.Docker_Password }}
# Password of docker login for pushing the images to repo env.DOCKER_ORG and env.DOCKER_ORG_TESTS
# Add the above secrets to your github repo to determine where the images will be pushed.
################################################
# REQUIRED global variables # REQUIRED global variables
# DOCKER_ORG, docker org used for pushing release images (branch x.y and master) # DOCKER_ORG, docker org used for pushing images.
# DOCKER_ORG_TEST, docker org used for pushing images for testing (branch testing).
env: env:
DOCKER_ORG: mailu DOCKER_ORG: ghcr.io/mailu
DOCKER_ORG_TEST: mailuci
jobs: jobs:
# This job calculates all global job variables that are required by all the subsequent jobs. # This job calculates all global job variables that are required by all the subsequent jobs.

@ -1,3 +1,11 @@
###############################################
# REQUIRED secrets
# ${{ secrets.Docker_Login }}
# Username of docker login for logging in docker for pulling images (higher pull rate limit)
# ${{ secrets.Docker_Password }}
# Password of docker login for logging in docker for pulling images (higher pull rate limit)
################################################
name: build-test-deploy name: build-test-deploy
on: on:
workflow_call: workflow_call:
@ -16,7 +24,7 @@ on:
required: true required: true
type: string type: string
docker_org: docker_org:
description: 'The docker organisation where the images are pushed to.' description: 'The docker organisation where the images are pushed to. E.g. ghcr.io/mailu'
required: true required: true
type: string type: string
branch: branch:
@ -24,7 +32,7 @@ on:
required: true required: true
type: string type: string
deploy: deploy:
description: Deploy to docker hub. Happens for all branches but staging. Use string true or false. description: Deploy to container registry. Happens for all branches but staging. Use string true or false.
default: true default: true
required: false required: false
type: string type: string
@ -50,7 +58,7 @@ on:
required: true required: true
type: string type: string
docker_org: docker_org:
description: 'The docker organisation where the images are pushed to.' description: 'The docker organisation where the images are pushed to. E.g. ghcr.io/mailu'
required: true required: true
type: string type: string
branch: branch:
@ -58,7 +66,7 @@ on:
required: true required: true
type: string type: string
deploy: deploy:
description: Deploy to docker hub. Happens for all branches but staging. Use string true or false. description: Deploy to container registry. Happens for all branches but staging. Use string true or false.
default: true default: true
required: false required: false
type: string type: string
@ -250,8 +258,8 @@ jobs:
- name: Build all docker images - name: Build all docker images
env: env:
DOCKER_ORG: ghcr.io/${{ steps.string.outputs.lowercase }} DOCKER_ORG: ghcr.io/${{ steps.string.outputs.lowercase }}
MAILU_VERSION: ${{ env.MAILU_VERSION }} MAILU_VERSION: ${{ env.MAILU_VERSION }}-build
PINNED_MAILU_VERSION: ${{ env.PINNED_MAILU_VERSION }} PINNED_MAILU_VERSION: ${{ env.PINNED_MAILU_VERSION }}-build
uses: docker/bake-action@v2 uses: docker/bake-action@v2
with: with:
files: ${{env.HCL_FILE}} files: ${{env.HCL_FILE}}
@ -313,8 +321,8 @@ jobs:
- name: Build all docker images - name: Build all docker images
env: env:
DOCKER_ORG: ghcr.io/${{ steps.string.outputs.lowercase }} DOCKER_ORG: ghcr.io/${{ steps.string.outputs.lowercase }}
MAILU_VERSION: ${{ env.MAILU_VERSION }} MAILU_VERSION: ${{ env.MAILU_VERSION }}-build
PINNED_MAILU_VERSION: ${{ env.PINNED_MAILU_VERSION }} PINNED_MAILU_VERSION: ${{ env.PINNED_MAILU_VERSION }}-build
uses: docker/bake-action@v2 uses: docker/bake-action@v2
with: with:
files: ${{env.HCL_FILE}} files: ${{env.HCL_FILE}}
@ -381,8 +389,8 @@ jobs:
run: python tests/compose/test.py ${{ matrix.target }} ${{ matrix.time }} run: python tests/compose/test.py ${{ matrix.target }} ${{ matrix.time }}
env: env:
DOCKER_ORG: ghcr.io/${{ steps.string.outputs.lowercase }} DOCKER_ORG: ghcr.io/${{ steps.string.outputs.lowercase }}
MAILU_VERSION: ${{ env.MAILU_VERSION }} MAILU_VERSION: ${{ env.MAILU_VERSION }}-build
PINNED_MAILU_VERSION: ${{ env.PINNED_MAILU_VERSION }} PINNED_MAILU_VERSION: ${{ env.PINNED_MAILU_VERSION }}-build
deploy: deploy:
name: Deploy images name: Deploy images
@ -409,17 +417,18 @@ jobs:
- uses: crazy-max/ghaction-github-runtime@v2 - uses: crazy-max/ghaction-github-runtime@v2
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2 uses: docker/setup-buildx-action@v2
- name: Login to Docker Hub - name: Login to GitHub Container Registry
uses: docker/login-action@v2 uses: docker/login-action@v2
with: with:
username: ${{ secrets.Docker_Login }} registry: ghcr.io
password: ${{ secrets.Docker_Password }} username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Helper to convert docker org to lowercase - name: Helper to convert docker org to lowercase
id: string id: string
uses: ASzc/change-string-case-action@v5 uses: ASzc/change-string-case-action@v5
with: with:
string: ${{ github.repository_owner }} string: ${{ github.repository_owner }}
- name: Push image to Docker - name: Push image to Github (ghcr.io)
shell: bash shell: bash
run: | run: |
if [ '${{ env.MAILU_VERSION }}' == 'master' ]; then pinned_mailu_version='master'; else pinned_mailu_version=${{ env.PINNED_MAILU_VERSION}}; fi; if [ '${{ env.MAILU_VERSION }}' == 'master' ]; then pinned_mailu_version='master'; else pinned_mailu_version=${{ env.PINNED_MAILU_VERSION}}; fi;
@ -427,7 +436,7 @@ jobs:
--tag ${{ inputs.docker_org }}/${{ matrix.target }}:${{ env.MAILU_VERSION }} \ --tag ${{ inputs.docker_org }}/${{ matrix.target }}:${{ env.MAILU_VERSION }} \
--tag ${{ inputs.docker_org }}/${{ matrix.target }}:$pinned_mailu_version \ --tag ${{ inputs.docker_org }}/${{ matrix.target }}:$pinned_mailu_version \
--tag ${{ inputs.docker_org }}/${{ matrix.target }}:latest \ --tag ${{ inputs.docker_org }}/${{ matrix.target }}:latest \
ghcr.io/${{ steps.string.outputs.lowercase }}/${{ matrix.target }}:${{ env.MAILU_VERSION }} ghcr.io/${{ steps.string.outputs.lowercase }}/${{ matrix.target }}:${{ env.MAILU_VERSION }}-build
deploy-arm: deploy-arm:
name: Deploy images for arm name: Deploy images for arm
@ -454,17 +463,18 @@ jobs:
- uses: crazy-max/ghaction-github-runtime@v2 - uses: crazy-max/ghaction-github-runtime@v2
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2 uses: docker/setup-buildx-action@v2
- name: Login to Docker Hub - name: Login to GitHub Container Registry
uses: docker/login-action@v2 uses: docker/login-action@v2
with: with:
username: ${{ secrets.Docker_Login }} registry: ghcr.io
password: ${{ secrets.Docker_Password }} username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Helper to convert docker org to lowercase - name: Helper to convert docker org to lowercase
id: string id: string
uses: ASzc/change-string-case-action@v5 uses: ASzc/change-string-case-action@v5
with: with:
string: ${{ github.repository_owner }} string: ${{ github.repository_owner }}
- name: Push image to Docker - name: Push image to Github (ghcr.io)
shell: bash shell: bash
run: | run: |
if [ '${{ env.MAILU_VERSION }}' == 'master-arm' ]; then pinned_mailu_version='master-arm'; else pinned_mailu_version=${{ env.PINNED_MAILU_VERSION}}; fi; if [ '${{ env.MAILU_VERSION }}' == 'master-arm' ]; then pinned_mailu_version='master-arm'; else pinned_mailu_version=${{ env.PINNED_MAILU_VERSION}}; fi;
@ -472,7 +482,7 @@ jobs:
--tag ${{ inputs.docker_org }}/${{ matrix.target }}:${{ env.MAILU_VERSION }} \ --tag ${{ inputs.docker_org }}/${{ matrix.target }}:${{ env.MAILU_VERSION }} \
--tag ${{ inputs.docker_org }}/${{ matrix.target }}:$pinned_mailu_version \ --tag ${{ inputs.docker_org }}/${{ matrix.target }}:$pinned_mailu_version \
--tag ${{ inputs.docker_org }}/${{ matrix.target }}:latest \ --tag ${{ inputs.docker_org }}/${{ matrix.target }}:latest \
ghcr.io/${{ steps.string.outputs.lowercase }}/${{ matrix.target }}:${{ env.MAILU_VERSION }} ghcr.io/${{ steps.string.outputs.lowercase }}/${{ matrix.target }}:${{ env.MAILU_VERSION }}-build
#This job creates a tagged release. A tag is created for the pinned version x.y.z. The GH release refers to this tag. #This job creates a tagged release. A tag is created for the pinned version x.y.z. The GH release refers to this tag.
tag-release: tag-release:

@ -9,20 +9,10 @@ on:
concurrency: ci-x64-${{ github.ref }} concurrency: ci-x64-${{ github.ref }}
###############################################
# REQUIRED secrets
# ${{ secrets.Docker_Login }}
# Username of docker login for pushing the images to repo env.DOCKER_ORG and env.DOCKER_ORG_TESTS
# ${{ secrets.Docker_Password }}
# Password of docker login for pushing the images to repo env.DOCKER_ORG and env.DOCKER_ORG_TESTS
# Add the above secrets to your github repo to determine where the images will be pushed.
################################################
# REQUIRED global variables # REQUIRED global variables
# DOCKER_ORG, docker org used for pushing release images (branch x.y and master) # DOCKER_ORG, docker org used for pushing images.
# DOCKER_ORG_TEST, docker org used for pushing images for testing (branch testing).
env: env:
DOCKER_ORG: mailu DOCKER_ORG: ghcr.io/mailu
DOCKER_ORG_TEST: mailuci
jobs: jobs:
# This job calculates all global job variables that are required by all the subsequent jobs. # This job calculates all global job variables that are required by all the subsequent jobs.
@ -55,7 +45,7 @@ jobs:
run: | run: |
echo "MAILU_VERSION=pr-${COMMIT_MESSAGE//[!0-9]/}" >> $GITHUB_ENV echo "MAILU_VERSION=pr-${COMMIT_MESSAGE//[!0-9]/}" >> $GITHUB_ENV
echo "PINNED_MAILU_VERSION=pr-${COMMIT_MESSAGE//[!0-9]/}" >> $GITHUB_ENV echo "PINNED_MAILU_VERSION=pr-${COMMIT_MESSAGE//[!0-9]/}" >> $GITHUB_ENV
echo "DOCKER_ORG_DERIVED=${{ env.DOCKER_ORG_TEST }}" >> $GITHUB_ENV echo "DOCKER_ORG_DERIVED=${{ env.DOCKER_ORG }}" >> $GITHUB_ENV
echo "DEPLOY=true" >> $GITHUB_ENV echo "DEPLOY=true" >> $GITHUB_ENV
echo "RELEASE=false" >> $GITHUB_ENV echo "RELEASE=false" >> $GITHUB_ENV
- name: Derive MAILU_VERSION and DEPLOY/RELEASE for other branches than testing - name: Derive MAILU_VERSION and DEPLOY/RELEASE for other branches than testing

@ -116,7 +116,7 @@ After cloning the git repository to your workstation, you can build the images:
The ``build.hcl`` file has three variables: The ``build.hcl`` file has three variables:
#. ``$DOCKER_ORG``: First part of the image tag. Defaults to *mailu* and needs to be changed #. ``$DOCKER_ORG``: First part of the image tag. Defaults to *ghcr.io/mailu* and needs to be changed
only when pushing to your own Docker hub account. only when pushing to your own Docker hub account.
#. ``$MAILU_VERSION``: Last part of the image tag. Defaults to *local* to differentiate from pulled #. ``$MAILU_VERSION``: Last part of the image tag. Defaults to *local* to differentiate from pulled
images. images.
@ -206,14 +206,14 @@ Test images
All PR's automatically get build by a Github Action workflow, controlled by `bors-ng`_. All PR's automatically get build by a Github Action workflow, controlled by `bors-ng`_.
Some primitive auto testing is done. Some primitive auto testing is done.
The resulting images get uploaded to Docker hub, under the The resulting images get uploaded to the Github container registry, under the
tag name ``mailuci/<name>:pr-<no>``. tag name ``ghcr.io/mailu/<name>:pr-<no>``.
For example, to test PR #500 against master, reviewers can use: For example, to test PR #500 against master, reviewers can use:
.. code-block:: bash .. code-block:: bash
export DOCKER_ORG="mailuci" export DOCKER_ORG="ghcr.io/mailu"
export MAILU_VERSION="pr-500" export MAILU_VERSION="pr-500"
docker compose pull docker compose pull
docker compose up -d docker compose up -d

@ -22,7 +22,7 @@ services:
# Core services # Core services
front: front:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-{{ version }}} image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-{{ version }}}
restart: always restart: always
env_file: {{ env }} env_file: {{ env }}
logging: logging:
@ -49,7 +49,7 @@ services:
- {{ dns }} - {{ dns }}
resolver: resolver:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}unbound:${MAILU_VERSION:-{{ version }}} image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}unbound:${MAILU_VERSION:-{{ version }}}
env_file: {{ env }} env_file: {{ env }}
restart: always restart: always
networks: networks:
@ -58,7 +58,7 @@ services:
{% endif %} {% endif %}
admin: admin:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-{{ version }}} image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-{{ version }}}
restart: always restart: always
env_file: {{ env }} env_file: {{ env }}
{% if not admin_enabled %} {% if not admin_enabled %}
@ -77,7 +77,7 @@ services:
{% endif %} {% endif %}
imap: imap:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-{{ version }}} image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-{{ version }}}
restart: always restart: always
env_file: {{ env }} env_file: {{ env }}
volumes: volumes:
@ -92,7 +92,7 @@ services:
{% endif %} {% endif %}
smtp: smtp:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-{{ version }}} image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-{{ version }}}
restart: always restart: always
env_file: {{ env }} env_file: {{ env }}
volumes: volumes:
@ -108,7 +108,7 @@ services:
{% if oletools_enabled %} {% if oletools_enabled %}
oletools: oletools:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}oletools:${MAILU_VERSION:-{{ version }}} image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}oletools:${MAILU_VERSION:-{{ version }}}
hostname: oletools hostname: oletools
restart: always restart: always
networks: networks:
@ -122,7 +122,7 @@ services:
{% endif %} {% endif %}
antispam: antispam:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-{{ version }}} image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-{{ version }}}
hostname: antispam hostname: antispam
restart: always restart: always
env_file: {{ env }} env_file: {{ env }}
@ -152,7 +152,7 @@ services:
# Optional services # Optional services
{% if antivirus_enabled %} {% if antivirus_enabled %}
antivirus: antivirus:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}clamav:${MAILU_VERSION:-{{ version }}} image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}clamav:${MAILU_VERSION:-{{ version }}}
restart: always restart: always
env_file: {{ env }} env_file: {{ env }}
volumes: volumes:
@ -167,7 +167,7 @@ services:
{% if webdav_enabled %} {% if webdav_enabled %}
webdav: webdav:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}radicale:${MAILU_VERSION:-{{ version }}} image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}radicale:${MAILU_VERSION:-{{ version }}}
restart: always restart: always
env_file: {{ env }} env_file: {{ env }}
volumes: volumes:
@ -178,7 +178,7 @@ services:
{% if fetchmail_enabled %} {% if fetchmail_enabled %}
fetchmail: fetchmail:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}fetchmail:${MAILU_VERSION:-{{ version }}} image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}fetchmail:${MAILU_VERSION:-{{ version }}}
restart: always restart: always
env_file: {{ env }} env_file: {{ env }}
volumes: volumes:
@ -197,7 +197,7 @@ services:
# Webmail # Webmail
{% if webmail_type != 'none' %} {% if webmail_type != 'none' %}
webmail: webmail:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}webmail:${MAILU_VERSION:-{{ version }}} image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}webmail:${MAILU_VERSION:-{{ version }}}
restart: always restart: always
env_file: {{ env }} env_file: {{ env }}
volumes: volumes:

Loading…
Cancel
Save