name: Build and Push Backend Docker Image on: push: branches: - master paths: - 'media_manager/**' - 'alembic/**' - 'alembic.ini' - 'Dockerfile' - 'pyproject.toml' - 'uv.lock' - '.github/workflows/build-push-backend.yml' - 'tests/**' - 'web/**' pull_request: paths: - 'media_manager/**' - 'alembic/**' - 'alembic.ini' - 'Dockerfile' - 'pyproject.toml' - 'uv.lock' - '.github/workflows/build-push-backend.yml' - 'tests/**' - 'web/**' release: types: [published] workflow_dispatch: jobs: lint-backend: name: Lint Python Code runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: astral-sh/ruff-action@v3 with: src: "./media_manager" lint-frontend: name: Lint Frontend runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: '24' cache: 'npm' cache-dependency-path: './web/package-lock.json' - name: Install dependencies run: npm ci working-directory: ./web - name: Lint code run: npm run lint working-directory: ./web build-and-push: needs: [lint-frontend, lint-backend] strategy: fail-fast: false matrix: include: - arch: amd64 runner: ubuntu-24.04 - arch: arm64 runner: ubuntu-24.04-arm runs-on: ${{ matrix.runner }} permissions: contents: read packages: write env: QUAY_ORG: ${{ secrets.QUAY_ORG || github.repository_owner }} steps: - name: Checkout repository uses: actions/checkout@v4 - name: Set repository name to lowercase id: repo_name run: echo "name=$(echo '${{ github.event.repository.name }}' | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 with: install: true driver-opts: image=moby/buildkit:rootless - name: Log in to GitHub Container Registry if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Log in to Quay if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository uses: docker/login-action@v3 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} password: ${{ secrets.QUAY_PASSWORD }} - name: Extract version id: version run: | if [[ "${{ github.event_name }}" == "release" ]]; then VERSION="${{ github.event.release.tag_name }}" elif [[ "${{ github.ref_type }}" == "tag" ]]; then VERSION="${{ github.ref_name }}" else DATE_STAMP=$(date -u +'%Y.%m.%d') VERSION="dev-${DATE_STAMP}-${{ github.run_number }}" fi echo "version=$VERSION" >> $GITHUB_OUTPUT VERSION_NO_V=${VERSION#v} echo "version_no_v=$VERSION_NO_V" >> $GITHUB_OUTPUT - name: Extract metadata (tags + labels) id: meta uses: docker/metadata-action@v5 with: images: | ghcr.io/${{ github.repository_owner }}/${{ steps.repo_name.outputs.name }}/mediamanager quay.io/${{ env.QUAY_ORG }}/mediamanager tags: | type=raw,value=latest,enable=${{ github.event_name == 'release' }} type=raw,value=${{ steps.version.outputs.version }},enable=${{ github.event_name != 'release' }} type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{major}} type=sha flavor: | suffix=-${{ matrix.arch }},onlatest=true - name: Build and push arch image uses: docker/build-push-action@v6 with: context: . file: ./Dockerfile platforms: linux/${{ matrix.arch }} push: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} build-args: | VERSION=${{ steps.version.outputs.version }} BASE_PATH= publish-manifests: needs: build-and-push if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository runs-on: ubuntu-24.04 permissions: contents: read packages: write env: QUAY_ORG: ${{ secrets.QUAY_ORG }} steps: - name: Checkout repository uses: actions/checkout@v4 - name: Set repository name to lowercase id: repo_name run: echo "name=$(echo '${{ github.event.repository.name }}' | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Log in to GitHub Container Registry uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Log in to Quay uses: docker/login-action@v3 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} password: ${{ secrets.QUAY_PASSWORD }} - name: Extract version id: version run: | if [[ "${{ github.event_name }}" == "release" ]]; then VERSION="${{ github.event.release.tag_name }}" elif [[ "${{ github.ref_type }}" == "tag" ]]; then VERSION="${{ github.ref_name }}" else DATE_STAMP=$(date -u +'%Y.%m.%d') VERSION="dev-${DATE_STAMP}-${{ github.run_number }}" fi echo "version=$VERSION" >> $GITHUB_OUTPUT VERSION_NO_V=${VERSION#v} echo "version_no_v=$VERSION_NO_V" >> $GITHUB_OUTPUT - name: Extract metadata (tags + labels) id: meta uses: docker/metadata-action@v5 with: images: | ghcr.io/${{ github.repository_owner }}/${{ steps.repo_name.outputs.name }}/mediamanager quay.io/${{ env.QUAY_ORG }}/mediamanager tags: | type=raw,value=latest,enable=${{ github.event_name == 'release' }} type=raw,value=${{ steps.version.outputs.version }},enable=${{ github.event_name != 'release' }} type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{major}} type=sha - name: Create and push multi-arch manifests run: | set -euo pipefail mapfile -t TAGS <<< "${{ steps.meta.outputs.tags }}" for TAG in "${TAGS[@]}"; do docker buildx imagetools create \ --tag "${TAG}" \ "${TAG}-amd64" \ "${TAG}-arm64" done - name: Inspect image (GHCR) run: | docker buildx imagetools inspect ghcr.io/${{ github.repository_owner }}/${{ steps.repo_name.outputs.name }}/mediamanager:${{ steps.version.outputs.version_no_v }} - name: Inspect image (Quay) run: | docker buildx imagetools inspect quay.io/${{ env.QUAY_ORG }}/mediamanager:${{ steps.version.outputs.version_no_v }}