taskfile/examples/publish-docker/Taskfile.yml at main · pyfunc/taskfile · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
version: "1"
name: my-docker-app
description: Docker image → GHCR + Docker Hub (multi-arch)

variables:
  APP_NAME: my-docker-app
  GHCR_IMAGE: ghcr.io/myorg/my-docker-app
  DOCKERHUB_IMAGE: myorg/my-docker-app
  TAG: latest
  PLATFORMS: linux/amd64,linux/arm64

environments:
  prod:
    ssh_host: prod.example.com
    ssh_user: deploy
    ssh_key: ~/.ssh/id_ed25519
    container_runtime: podman

tasks:

  build:
    desc: Build image (local arch)
    cmds:
      - docker build -t ${APP_NAME}:${TAG} .

  build-multiarch:
    desc: Build + push multi-arch (amd64 + arm64)
    cmds:
      - docker buildx create --use --name multiarch 2>/dev/null || true
      - >-
        docker buildx build --platform ${PLATFORMS}
        -t ${GHCR_IMAGE}:${TAG} -t ${DOCKERHUB_IMAGE}:${TAG} --push .

  push-ghcr:
    desc: Push to GitHub Container Registry
    deps: [build]
    cmds:
      - docker tag ${APP_NAME}:${TAG} ${GHCR_IMAGE}:${TAG}
      - docker push ${GHCR_IMAGE}:${TAG}

  push-dockerhub:
    desc: Push to Docker Hub
    deps: [build]
    cmds:
      - docker tag ${APP_NAME}:${TAG} ${DOCKERHUB_IMAGE}:${TAG}
      - docker push ${DOCKERHUB_IMAGE}:${TAG}

  push-all:
    desc: Push to both registries (parallel)
    deps: [push-ghcr, push-dockerhub]
    parallel: true
    cmds:
      - echo "Pushed to GHCR + Docker Hub"

  deploy:
    desc: Pull + restart on production
    env: [prod]
    cmds:
      - "@remote podman pull ${GHCR_IMAGE}:${TAG}"
      - "@remote podman stop ${APP_NAME} 2>/dev/null || true"
      - "@remote podman rm ${APP_NAME} 2>/dev/null || true"
      - "@remote podman run -d --name ${APP_NAME} --restart=always -p 8080:8080 ${GHCR_IMAGE}:${TAG}"

  release:
    desc: Tag + build multi-arch + push
    cmds:
      - git tag -a v${TAG} -m "Release v${TAG}"
      - git push origin v${TAG}
      - docker buildx create --use --name multiarch 2>/dev/null || true
      - >-
        docker buildx build --platform ${PLATFORMS}
        -t ${GHCR_IMAGE}:${TAG} -t ${DOCKERHUB_IMAGE}:${TAG} --push .

  scan:
    desc: Scan image for vulnerabilities
    deps: [build]
    cmds:
      - docker scout cves ${APP_NAME}:${TAG}
    ignore_errors: true

  clean:
    desc: Remove images and build cache
    cmds:
      - docker rmi ${APP_NAME}:${TAG} ${GHCR_IMAGE}:${TAG} ${DOCKERHUB_IMAGE}:${TAG} 2>/dev/null || true
      - docker buildx prune -f