Pin GitHub Actions to SHA hashes (#82) #36
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Publish Docker image to Docker Hub" | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| inputs: | |
| branch: | |
| description: Branch to build from | |
| type: string | |
| required: false | |
| default: "main" | |
| custom_tag: | |
| description: Custom tag to add (optional) | |
| type: string | |
| required: false | |
| emsdk_version: | |
| description: Emscripten SDK version, defaults to 4.0.20 | |
| type: string | |
| required: false | |
| default: "4.0.20" | |
| jobs: | |
| build: | |
| runs-on: "ubuntu-latest" | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| ref: ${{ inputs.branch || github.ref }} | |
| submodules: 'true' | |
| - name: Install Linux deps | |
| run: | | |
| sudo apt update | |
| sudo apt -y install wget unzip | |
| - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 | |
| with: | |
| node-version: 22 | |
| cache: npm | |
| - name: Install Node Dependencies | |
| run: | | |
| npm ci | |
| - name: Setup Emscripten SDK | |
| run: | | |
| EMSDK_VERSION="${{ inputs.emsdk_version || '4.0.20' }}" | |
| wget https://github.com/emscripten-core/emsdk/archive/main.zip | |
| unzip main.zip | |
| cd emsdk-main | |
| ./emsdk install $EMSDK_VERSION | |
| ./emsdk activate $EMSDK_VERSION | |
| source ./emsdk_env.sh | |
| echo "EMSDK=$EMSDK" >> $GITHUB_ENV | |
| echo "EM_CONFIG=$EM_CONFIG" >> $GITHUB_ENV | |
| echo "$EMSDK:$EMSDK/upstream/emscripten" >> $GITHUB_PATH | |
| - name: Build WASM modules | |
| run: | | |
| source "$EMSDK/emsdk_env.sh" | |
| npm run build:wasm | |
| - name: Build main worker bundle | |
| run: | | |
| npm run build:bundle | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3 | |
| - name: Generate Docker tags | |
| id: meta | |
| run: | | |
| SHORT_SHA="${{ github.sha }}" | |
| SHORT_SHA="${SHORT_SHA:0:7}" | |
| TAGS="jitsi/opus-transcriber-proxy:${{ github.sha }},jitsi/opus-transcriber-proxy:$SHORT_SHA" | |
| if [ "${{ inputs.branch }}" = "main" ] || [ "${{ inputs.branch }}" = "" ]; then | |
| TAGS="$TAGS,jitsi/opus-transcriber-proxy:latest" | |
| fi | |
| if [ -n "${{ inputs.custom_tag }}" ]; then | |
| TAGS="$TAGS,jitsi/opus-transcriber-proxy:${{ inputs.custom_tag }}" | |
| fi | |
| echo "tags=$TAGS" >> $GITHUB_OUTPUT | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6 | |
| with: | |
| context: ./ | |
| platforms: linux/amd64,linux/arm64 | |
| pull: true | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} |