docs-toolbox/.github/workflows/create-docs-toolbox-image.yml at main · docs-as-code-toolkit/docs-toolbox · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
name: Build Docs Toolbox Image

on:
  push:
    branches: [ main ]
    tags:
      - '*'
  workflow_dispatch:

jobs:
  build-image:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write

    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Set image name
        id: image
        shell: bash
        run: |
          IMAGE_NAME="ghcr.io/${GITHUB_REPOSITORY_OWNER}/docs-toolbox"
          echo "image_name=${IMAGE_NAME}" >> "$GITHUB_OUTPUT"

      - name: Compute tags
        id: meta
        shell: bash
        run: |
          set -euo pipefail

          IMAGE="${{ steps.image.outputs.image_name }}"

          DOCKERFILE_HASH="$(sha256sum Dockerfile | awk '{print $1}' | cut -c1-12)"
          HASH_TAG="df-${DOCKERFILE_HASH}"

          TAGS="${IMAGE}:${HASH_TAG}"
          HAS_GIT_TAG=false
          GIT_TAG=""

          if git tag --points-at HEAD | grep -q .; then
            GIT_TAG="$(git tag --points-at HEAD | head -n1)"
            HAS_GIT_TAG=true
            TAGS="${TAGS},${IMAGE}:${GIT_TAG},${IMAGE}:latest"
          fi

          echo "dockerfile_hash=${DOCKERFILE_HASH}" >> "$GITHUB_OUTPUT"
          echo "hash_tag=${HASH_TAG}" >> "$GITHUB_OUTPUT"
          echo "has_git_tag=${HAS_GIT_TAG}" >> "$GITHUB_OUTPUT"
          echo "git_tag=${GIT_TAG}" >> "$GITHUB_OUTPUT"
          echo "tags=${TAGS}" >> "$GITHUB_OUTPUT"

          echo "Using tags: ${TAGS}"

      - name: Extract description from README marker block
        id: readme
        shell: bash
        run: |
          set -euo pipefail

          FALLBACK="A lightweight Docker image for running Docs-as-Code pipelines in a fully reproducible environment — locally and in CI."

          if [[ ! -f README.md ]]; then
            echo "description=${FALLBACK}" >> "$GITHUB_OUTPUT"
            exit 0
          fi

          DESC="$(
            awk '
              /<!-- image-description:start -->/ { capture=1; next }
              /<!-- image-description:end -->/   { capture=0; exit }
              capture { print }
            ' README.md
          )"

          # Falls Marker fehlen oder leer sind -> Fallback
          if [[ -z "${DESC//[[:space:]]/}" ]]; then
            DESC="$FALLBACK"
          fi

          # Auf eine Zeile reduzieren
          DESC="$(printf '%s' "$DESC" | tr '\n' ' ')"
          DESC="$(printf '%s' "$DESC" | sed -E 's/[[:space:]]+/ /g; s/^ //; s/ $//')"

          # Ein bisschen Markdown entschärfen
          DESC="$(printf '%s' "$DESC" | sed -E 's/\[([^\]]+)\]\([^)]+\)/\1/g')"
          DESC="$(printf '%s' "$DESC" | sed -E 's/`([^`]+)`/\1/g')"

          # Für GITHUB_OUTPUT / Shell sicherer machen
          DESC="$(printf '%s' "$DESC" | sed 's/\\/\\\\/g; s/"/\\"/g')"

          # GHCR description max. 512 Zeichen
          DESC="$(printf '%.512s' "$DESC")"

          echo "description=${DESC}" >> "$GITHUB_OUTPUT"
          echo "Description: ${DESC}"
      - name: Login to GHCR
        run: echo "${{ secrets.GHCR_PAT }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Build and push image
        shell: bash
        run: |
          set -euo pipefail

          IMAGE="${{ steps.image.outputs.image_name }}"
          TAGS="${{ steps.meta.outputs.tags }}"
          DESCRIPTION="${{ steps.readme.outputs.description }}"

          TAG_ARGS=""
          IFS=',' read -ra TAG_ARRAY <<< "$TAGS"
          for tag in "${TAG_ARRAY[@]}"; do
            TAG_ARGS="$TAG_ARGS -t $tag"
          done

          docker buildx build \
            --platform linux/amd64,linux/arm64 \
            --cache-from=type=registry,ref=$IMAGE:cache \
            --cache-to=type=registry,ref=$IMAGE:cache,mode=max \
            $TAG_ARGS \
            --annotation "index:org.opencontainers.image.description=$DESCRIPTION" \
            --annotation "index:org.opencontainers.image.source=https://github.com/${GITHUB_REPOSITORY}" \
            --push .

      - name: Print summary
        shell: bash
        run: |
          echo "Dockerfile hash tag: ${{ steps.meta.outputs.hash_tag }}"
          echo "Description: ${{ steps.readme.outputs.description }}"
          if [[ "${{ steps.meta.outputs.has_git_tag }}" == "true" ]]; then
            echo "Git tag: ${{ steps.meta.outputs.git_tag }}"
            echo "latest tag was also published"
          else
            echo "No Git tag on HEAD, so no latest tag published"
          fi