From 6ee93f7ac92a49ece115024e46d2dce51c963ebf Mon Sep 17 00:00:00 2001 From: Mike Cao Date: Fri, 7 Nov 2025 12:21:17 -0800 Subject: [PATCH] Updated README and cd.yml. --- .github/workflows/cd.yml | 59 ++++++++++++++++++++++------------------ README.md | 2 +- 2 files changed, 34 insertions(+), 27 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index a4934e79..534b2321 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -7,7 +7,7 @@ on: workflow_dispatch: inputs: version: - description: 'Optional image version (e.g. 3.0.0, beta)' + description: 'Optional image version (e.g. 3.0.0, v3.0.0, or 3.0.0-beta.1)' required: false default: '' @@ -29,6 +29,13 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Log into GHCR + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Log into Docker Hub if: github.repository == 'umami-software/umami' uses: docker/login-action@v3 @@ -37,27 +44,29 @@ jobs: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - - name: Log into GHCR - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - # Normalize manual input if provided - - name: Normalize manual version - id: normalize + # Compute tags for the image + - name: Compute version tags + id: compute run: | INPUT="${{ github.event.inputs.version }}" + TAGS="" + if [[ -n "$INPUT" ]]; then - VERSION="${INPUT#v}" + VERSION="${INPUT#v}" # strip leading v MAJOR=$(echo "$VERSION" | cut -d. -f1) MINOR=$(echo "$VERSION" | cut -d. -f2) - echo "version_tags=${VERSION},${MAJOR}.${MINOR},${MAJOR},latest" >> $GITHUB_ENV - else - echo "version_tags=" >> $GITHUB_ENV + + # prereleases (e.g., 3.0.0-beta) do NOT get 'latest' + if [[ "$VERSION" == *-* ]]; then + TAGS="${VERSION}" + else + TAGS="${VERSION},${MAJOR}.${MINOR},${MAJOR},latest" + fi fi + echo "tags=$TAGS" >> $GITHUB_OUTPUT + echo "Computed tags: $TAGS" + - name: Extract Docker metadata id: meta uses: docker/metadata-action@v5 @@ -65,34 +74,32 @@ jobs: images: | umamisoftware/umami,enable=${{ github.repository == 'umami-software/umami' }} ghcr.io/${{ github.repository }} - flavor: | - latest=auto tags: | - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{major}} - type=raw,value=${{ env.version_tags }},enable=${{ env.version_tags != '' }} + type=semver,pattern={{version}},enable=${{ github.ref_type == 'tag' }} + type=semver,pattern={{major}}.{{minor}},enable=${{ github.ref_type == 'tag' }} + type=semver,pattern={{major}},enable=${{ github.ref_type == 'tag' }} + type=raw,value=${{ steps.compute.outputs.tags }},enable=${{ steps.compute.outputs.tags != '' }} type=ref,event=branch type=sha + # Build and push images - name: Build and push Docker image id: build-and-push uses: docker/build-push-action@v6 with: context: . - platforms: linux/amd64,linux/arm64 push: true + platforms: linux/amd64,linux/arm64 tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max - provenance: false # disable automatic attestations + provenance: false # disable automatic registry attestations - # Generate a local provenance attestation instead of uploading signatures - - name: Generate provenance attestation + # Generate a local provenance attestation (not uploaded) + - name: Generate local provenance attestation run: | cosign attest --yes \ --predicate <(echo '{"build":"github-actions","repo":"${{ github.repository }}","run_id":"${{ github.run_id }}"}') \ --type slsaprovenance \ ${{ steps.meta.outputs.tags }} - diff --git a/README.md b/README.md index 6d166d8c..d3791e26 100644 --- a/README.md +++ b/README.md @@ -89,7 +89,7 @@ docker compose up -d Alternatively, to pull just the Umami Docker image with PostgreSQL support: ```bash -docker pull docker.umami.is/umami-software/umami:postgresql-latest +docker pull docker.umami.is/umami-software/umami:latest ``` ---