From f9ff57a26ef75c2606c36c23067364b82e17b423 Mon Sep 17 00:00:00 2001
From: Tom Plant <21111317+pl4nty@users.noreply.github.com>
Date: Tue, 18 Apr 2023 22:32:37 +1000
Subject: [PATCH 1/2] Support GitHub Container Registry

Adds support for GitHub Container Registry to CI/CD and simplifies with third-party Actions
---
 .github/workflows/push-docker.yml | 65 +++++++++++++------------------
 1 file changed, 28 insertions(+), 37 deletions(-)

diff --git a/.github/workflows/push-docker.yml b/.github/workflows/push-docker.yml
index 0aefaa00..78475340 100644
--- a/.github/workflows/push-docker.yml
+++ b/.github/workflows/push-docker.yml
@@ -4,7 +4,6 @@ on:
   push:
     branches: 
       - master
-      - testGit
       - main
 jobs:
   push:
@@ -37,43 +36,35 @@ jobs:
       uses: docker/login-action@v2.1.0
       with:
         username: ${{ secrets.DOCKER_HUB_USERNAME }}
-        password: ${{ secrets.DOCKER_HUB_API }} 
-   
-  #  - name: Check if tag exists
-  #    id: checkIdExists
-  #    continue-on-error: true
-  #    run: |
-  #      response=$(curl -s https://hub.docker.com/v2/repositories/frooodle/s-pdf/tags/?name=${{ steps.versionNumber.outputs.versionNumber }})
-  #      result=$(echo $response | jq ".results")
-  #      if [ "$result" == "[]" ]; then
-  #        echo "Tag ${{ steps.versionNumber.outputs.versionNumber }} doesnt exist. Continuing with build and push."
-  #      else
-  #        echo "Tag ${{ steps.versionNumber.outputs.versionNumber }} already exists. Skipping build and push."
-  #        exit 1;
-  #      fi
-
-   
-   
-    - name: Setup buildx
-      run: |
-        docker buildx create --name mybuilder
-        docker buildx use mybuilder
-
-    - name: Build and push versioned amd64 and v8 
-      if: github.ref == 'refs/heads/main'
-      run: | 
-        docker buildx build --platform="linux/amd64,linux/arm64/v8" --push --tag "frooodle/s-pdf:${{ steps.versionNumber.outputs.versionNumber }}-alpha" .
-
+        password: ${{ secrets.DOCKER_HUB_API }}
         
-    - name: Build and push versioned amd64 and v8 
-      if: github.ref == 'refs/heads/master'
-      run: | 
-        docker buildx build --platform="linux/amd64,linux/arm64/v8" --push --tag "frooodle/s-pdf:${{ steps.versionNumber.outputs.versionNumber }}" .
+    - name: Login to GitHub Container Registry
+      uses: docker/login-action@v2
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ github.token }}
 
+    - name: Generate tags
+      id: meta
+      uses: docker/metadata-action@v4
+      with:
+        images: |
+          frooodle/s-pdf
+          ghcr.io/frooodle/s-pdf
+        tags: |
+          ${{ steps.versionNumber.outputs.versionNumber }}${{ github.ref == 'refs/heads/main' && '-alpha' || '' }}
    
-    - name: Build and push latest amd64 and v8
-      if: github.ref == 'refs/heads/master'
-      run: | 
-        docker buildx build --platform="linux/amd64,linux/arm64/v8" --push --tag "frooodle/s-pdf:latest" .
-        
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v2
+      
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v2
         
+    - name: Build and push
+      uses: docker/build-push-action@v4
+      with:
+        push: true
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+        platforms: linux/amd64,linux/arm64/v8

From e4d7b531125547609193db5047d6669212e35e51 Mon Sep 17 00:00:00 2001
From: Tom Plant <21111317+pl4nty@users.noreply.github.com>
Date: Tue, 18 Apr 2023 22:36:38 +1000
Subject: [PATCH 2/2] Add GHCR perms to CI and pin Action versions

---
 .github/workflows/push-docker.yml | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/push-docker.yml b/.github/workflows/push-docker.yml
index 78475340..306d2cbd 100644
--- a/.github/workflows/push-docker.yml
+++ b/.github/workflows/push-docker.yml
@@ -5,12 +5,14 @@ on:
     branches: 
       - master
       - main
+
 jobs:
   push:
-
     runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: read
     steps:
-
     - uses: actions/checkout@v3
     
     - name: Set up JDK 17
@@ -18,7 +20,6 @@ jobs:
       with:
         java-version: '17'
         distribution: 'temurin'
-    
 
     - uses: gradle/gradle-build-action@v2.3.3
       with:
@@ -39,7 +40,7 @@ jobs:
         password: ${{ secrets.DOCKER_HUB_API }}
         
     - name: Login to GitHub Container Registry
-      uses: docker/login-action@v2
+      uses: docker/login-action@v2.1.0
       with:
         registry: ghcr.io
         username: ${{ github.actor }}
@@ -47,7 +48,7 @@ jobs:
 
     - name: Generate tags
       id: meta
-      uses: docker/metadata-action@v4
+      uses: docker/metadata-action@v4.4.0
       with:
         images: |
           frooodle/s-pdf
@@ -56,13 +57,13 @@ jobs:
           ${{ steps.versionNumber.outputs.versionNumber }}${{ github.ref == 'refs/heads/main' && '-alpha' || '' }}
    
     - name: Set up QEMU
-      uses: docker/setup-qemu-action@v2
+      uses: docker/setup-qemu-action@v2.1.0
       
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v2
+      uses: docker/setup-buildx-action@v2.5.0
         
     - name: Build and push
-      uses: docker/build-push-action@v4
+      uses: docker/build-push-action@v4.0.0
       with:
         push: true
         tags: ${{ steps.meta.outputs.tags }}