main

main #181

Workflow file for this run

	name: main

	on:
	schedule:
	# update the pointers once a week
	# https://crontab.guru/once-a-week
	- cron: "0 0 * * 0"
	push:
	branches: main

	env:
	TARGET_PLATFORMS: linux/amd64,linux/arm64/v8

	jobs:
	docker:
	strategy:
	fail-fast: false
	matrix:
	repository:
	- 'ghcr.io'
	- 'docker.io'
	python:
	- '3.13'
	- '3.12'
	- '3.11'
	- '3.10'
	- '3.9'
	- '3.8'
	alpine:
	- '3.20'
	- '3.21'
	os:
	- 'ubuntu-latest'
	exclude:
	# No tag
	- python: '3.8'
	alpine: '3.21'

	runs-on: ${{ matrix.os }}
	permissions:
	packages: write

	steps:
	-
	name: Checkout
	uses: actions/checkout@v4

	-
	name: Set up QEMU
	uses: docker/setup-qemu-action@v3
	-
	name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	-
	id: image_env
	run: \|
	. ./env.sh \
	'${{ matrix.alpine }}' \
	'${{ matrix.python }}' \
	'${{ github.repository_owner }}' \
	'${{ matrix.repository }}'

	docker pull "${SOURCE_IMAGE}" \|\| true
	echo "IMAGE_HOME=$(mktemp -d)" >> "$GITHUB_OUTPUT"

	echo ALPINE_VERSION="${ALPINE_VERSION}" >> "$GITHUB_OUTPUT"
	echo PYTHON_VERSION="${PYTHON_VERSION}" >> "$GITHUB_OUTPUT"
	echo SOURCE_IMAGE="${SOURCE_IMAGE}" >> "$GITHUB_OUTPUT"
	echo IMAGE_TAG="${IMAGE_TAG}" >> "$GITHUB_OUTPUT"
	echo REPOSITORY="${REPOSITORY}" >> "$GITHUB_OUTPUT"
	echo BASE_IMAGE_DIGEST="$(digest_of "$SOURCE_IMAGE")" >> "$GITHUB_OUTPUT"
	echo 'IMAGE_DESCRIPTION=${{ github.event.repository.description }}. See ${{ github.server_url }}/${{ github.repository }} for more info.' >> "$GITHUB_OUTPUT"

	-
	name: Login to GitHub Container Registry
	if: ${{ matrix.repository == 'ghcr.io' }}
	uses: docker/login-action@v3
	with:
	registry: 'ghcr.io'
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GITHUB_TOKEN }}
	-
	name: Login to DockerHub
	if: ${{ matrix.repository == 'docker.io' }}
	uses: docker/login-action@v3
	with:
	registry: 'docker.io'
	username: ${{ github.repository_owner }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}
	-
	name: Upload Buildroot
	uses: docker/build-push-action@v6
	with:
	push: true
	platforms: ${{ env.TARGET_PLATFORMS }}
	context: "."
	file: Dockerfile.alpine
	target: buildroot
	cache-to: \|
	type=gha,mode=max
	cache-from: \|
	type=gha
	type=registry,ref=${{ steps.image_env.outputs.IMAGE_TAG }}-buildroot
	type=registry,ref=${{ steps.image_env.outputs.SOURCE_IMAGE }}@${{ steps.image_env.outputs.BASE_IMAGE_DIGEST }}
	build-args: \|
	ALPINE_VERSION=${{ steps.image_env.outputs.ALPINE_VERSION }}
	BASE_IMAGE_DIGEST=${{ steps.image_env.outputs.BASE_IMAGE_DIGEST }}
	PYTHON_VERSION=${{ steps.image_env.outputs.PYTHON_VERSION }}
	SOURCE_IMAGE=${{ steps.image_env.outputs.SOURCE_IMAGE }}
	BUILD_ROOT=/d
	tags: "${{ steps.image_env.outputs.IMAGE_TAG }}-buildroot"
	-
	name: Upload
	uses: docker/build-push-action@v6
	env:
	SOURCE_DATE_EPOCH: 0
	with:
	push: true
	context: "."
	platforms: ${{ env.TARGET_PLATFORMS }}
	file: Dockerfile.alpine
	cache-to: \|
	type=gha,mode=max
	cache-from: \|
	type=gha
	type=registry,ref=${{ steps.image_env.outputs.IMAGE_TAG }}
	type=registry,ref=${{ steps.image_env.outputs.IMAGE_TAG }}-buildroot
	type=registry,ref=${{ steps.image_env.outputs.SOURCE_IMAGE }}@${{ steps.image_env.outputs.BASE_IMAGE_DIGEST }}
	build-args: \|
	ALPINE_VERSION=${{ steps.image_env.outputs.ALPINE_VERSION }}
	BASE_IMAGE_DIGEST=${{ steps.image_env.outputs.BASE_IMAGE_DIGEST }}
	PYTHON_VERSION=${{ steps.image_env.outputs.PYTHON_VERSION }}
	SOURCE_IMAGE=${{ steps.image_env.outputs.SOURCE_IMAGE }}
	BUILD_ROOT=/d
	tags: "${{ steps.image_env.outputs.IMAGE_TAG }}"
	labels: ${{steps.image_env.outputs.IMAGE_LABELS}}
	sbom: true
	annotations: \|
	index,manifest:org.opencontainers.image.authors=distroless-python image developers <autumn.jolitz+distroless-python@gmail.com>
	index,manifest:org.opencontainers.image.source=https://github.com/autumnjolitz/distroless-python
	index,manifest:org.opencontainers.image.title=distroless-python${{ steps.image_env.outputs.PYTHON_VERSION }}-alpine${{ steps.image_env.outputs.ALPINE_VERSION }}
	index,manifest:org.opencontainers.image.description=${{ steps.image_env.outputs.IMAGE_DESCRIPTION }}
	index,manifest:org.opencontainers.image.base.digest=${{ steps.image_env.outputs.BASE_IMAGE_DIGEST }}
	index,manifest:org.opencontainers.image.base.name=${{ steps.image_env.outputs.SOURCE_IMAGE }}
	index,manifest:distroless.python-version=${{ steps.image_env.outputs.PYTHON_VERSION }}
	index,manifest:distroless.alpine-version=${{ steps.image_env.outputs.ALPINE_VERSION }}
	index,manifest:distroless.base-image=alpine${{ steps.image_env.outputs.ALPINE_VERSION }}

	-
	name: examples/simple-flask
	uses: docker/build-push-action@v6
	with:
	context: "examples/simple-flask"
	platforms: ${{ env.TARGET_PLATFORMS }}
	cache-from: \|
	type=gha
	type=registry,ref=${{ steps.image_env.outputs.IMAGE_TAG }}
	type=registry,ref=${{ steps.image_env.outputs.IMAGE_TAG }}-buildroot
	type=registry,ref=${{ steps.image_env.outputs.SOURCE_IMAGE }}@${{ steps.image_env.outputs.BASE_IMAGE_DIGEST }}
	build-args: \|
	SOURCE_IMAGE=${{ steps.image_env.outputs.IMAGE_TAG }}
	tags: "${{ steps.image_env.outputs.IMAGE_TAG }}-example1-amd64"
	outputs: type=oci,dest=${{ steps.image_env.outputs.IMAGE_HOME }}/example1.tar


	update-dockerhub-desc:
	needs: [docker]
	runs-on: "ubuntu-latest"
	steps:
	-
	name: Checkout
	uses: actions/checkout@v4
	-
	name: Convert README.rst to markdown
	uses: docker://pandoc/core:2.9
	with:
	args: >-
	-s
	--wrap=none
	-t gfm
	-o README.md
	README.rst

	- name: Update repo description
	uses: peter-evans/dockerhub-description@e98e4d1628a5f3be2be7c231e50981aee98723ae # v4.0.0
	with:
	username: ${{ github.repository_owner }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}
	short-description: ${{ github.event.repository.description }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

main #181

Workflow file

main #181

Uh oh!

Workflow file for this run