Add support for Quay.io and GHCR.io as registries

- Added support for Quay.io
- Added support for GHCR.io

To enable support for these container image registries the following needs to be added.

As `Actions secrets and variables` - `Secrets`
- `DOCKERHUB_TOKEN` and `DOCKERHUB_USERNAME`
- `QUAY_TOKEN` and `QUAY_USERNAME`

As `Actions secrets and variables` - `Variables` - `Repository Variables`
- `DOCKERHUB_REPO`
- `GHCR_REPO`
- `QUAY_REPO`

The `DOCKERHUB_REPO` currently configured in `Secrets` can be removed if wanted, probably best after this PR has been merged.

If one of the vars/secrets are not configured it will skip that specific registry!

.github/workflows/build.yml

@@ -43,7 +43,7 @@ jobs:
     steps:
       # Checkout the repo
       - name: "Checkout"
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
       # End Checkout the repo
 
 
@@ -71,7 +71,7 @@ jobs:
 
       # Only install the clippy and rustfmt components on the default rust-toolchain
       - name: "Install rust-toolchain version"
-        uses: dtolnay/rust-toolchain@e12eda571dc9a5ee5d58eecf4738ec291c66f295 # master @ 2023-02-19 - 02:23 GMT+1
+        uses: dtolnay/rust-toolchain@fc3253060d0c959bea12a59f10f8391454a0b02d # master @ 2023-03-21 - 06:36 GMT+1
         if: ${{ matrix.channel == 'rust-toolchain' }}
         with:
           toolchain: "${{steps.toolchain.outputs.RUST_TOOLCHAIN}}"
@@ -81,7 +81,7 @@ jobs:
 
       # Install the any other channel to be used for which we do not execute clippy and rustfmt
       - name: "Install MSRV version"
-        uses: dtolnay/rust-toolchain@e12eda571dc9a5ee5d58eecf4738ec291c66f295 # master @ 2023-02-19 - 02:23 GMT+1
+        uses: dtolnay/rust-toolchain@fc3253060d0c959bea12a59f10f8391454a0b02d # master @ 2023-03-21 - 06:36 GMT+1
         if: ${{ matrix.channel != 'rust-toolchain' }}
         with:
           toolchain: "${{steps.toolchain.outputs.RUST_TOOLCHAIN}}"

.github/workflows/hadolint.yml

@@ -13,7 +13,7 @@ jobs:
     steps:
       # Checkout the repo
       - name: Checkout
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
       # End Checkout the repo
 
 

.github/workflows/release.yml

@@ -52,10 +52,19 @@ jobs:
       # build performance and the ability to copy extended file attributes
       # (e.g., for executable capabilities) across build phases.
       DOCKER_BUILDKIT: 1
-      # DOCKER_REPO/secrets.DOCKERHUB_REPO needs to be 'index.docker.io/<user>/<repo>'
-      DOCKER_REPO: ${{ secrets.DOCKERHUB_REPO }}
       SOURCE_COMMIT: ${{ github.sha }}
       SOURCE_REPOSITORY_URL: "https://github.com/${{ github.repository }}"
+      # The *_REPO variables need to be configured as repository variables
+      # Append `/settings/variables/actions` to your repo url
+      # DOCKERHUB_REPO needs to be 'index.docker.io/<user>/<repo>'
+      # Check for Docker hub credentials in secrets
+      HAVE_DOCKERHUB_LOGIN: ${{ vars.DOCKERHUB_REPO != '' && secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }}
+      # GHCR_REPO needs to be 'ghcr.io/<user>/<repo>'
+      # Check for Github credentials in secrets
+      HAVE_GHCR_LOGIN: ${{ vars.GHCR_REPO != '' && github.repository_owner != '' && secrets.GITHUB_TOKEN != '' }}
+      # QUAY_REPO needs to be 'quay.io/<user>/<repo>'
+      # Check for Quay.io credentials in secrets
+      HAVE_QUAY_LOGIN: ${{ vars.QUAY_REPO != '' && secrets.QUAY_USERNAME != '' && secrets.QUAY_TOKEN != '' }}
     if: ${{ needs.skip_check.outputs.should_skip != 'true' && github.repository == 'dani-garcia/vaultwarden' }}
     strategy:
       matrix:
@@ -64,17 +73,10 @@ jobs:
     steps:
       # Checkout the repo
       - name: Checkout
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
         with:
           fetch-depth: 0
 
-      # Login to Docker Hub
-      - name: Login to Docker Hub
-        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
       # Determine Docker Tag
       - name: Init Variables
         id: vars
@@ -88,34 +90,146 @@ jobs:
           fi
       # End Determine Docker Tag
 
-      - name: Build Debian based images
+      # Login to Docker Hub
+      - name: Login to Docker Hub
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+        if: ${{ env.HAVE_DOCKERHUB_LOGIN == 'true' }}
+
+      # Login to GitHub Container Registry
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+        if: ${{ env.HAVE_GHCR_LOGIN == 'true' }}
+
+      # Login to Quay.io
+      - name: Login to Quay.io
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
+        with:
+          registry: quay.io
+          username: ${{ secrets.QUAY_USERNAME }}
+          password: ${{ secrets.QUAY_TOKEN }}
+        if: ${{ env.HAVE_QUAY_LOGIN == 'true' }}
+
+      # Debian
+
+      # Docker Hub
+      - name: Build Debian based images (docker.io)
         shell: bash
         env:
+          DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}"
           DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
         run: |
           ./hooks/build
-        if: ${{ matrix.base_image == 'debian' }}
+        if: ${{ matrix.base_image == 'debian' && env.HAVE_DOCKERHUB_LOGIN == 'true' }}
 
-      - name: Push Debian based images
+      - name: Push Debian based images (docker.io)
         shell: bash
         env:
+          DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}"
           DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
         run: |
           ./hooks/push
-        if: ${{ matrix.base_image == 'debian' }}
+        if: ${{ matrix.base_image == 'debian' && env.HAVE_DOCKERHUB_LOGIN == 'true' }}
 
-      - name: Build Alpine based images
+      # GitHub Container Registry
+      - name: Build Debian based images (ghcr.io)
         shell: bash
         env:
+          DOCKER_REPO: "${{ vars.GHCR_REPO }}"
+          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
+        run: |
+          ./hooks/build
+        if: ${{ matrix.base_image == 'debian' && env.HAVE_GHCR_LOGIN == 'true' }}
+
+      - name: Push Debian based images (ghcr.io)
+        shell: bash
+        env:
+          DOCKER_REPO: "${{ vars.GHCR_REPO }}"
+          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
+        run: |
+          ./hooks/push
+        if: ${{ matrix.base_image == 'debian' && env.HAVE_GHCR_LOGIN == 'true' }}
+
+      # Quay.io
+      - name: Build Debian based images (quay.io)
+        shell: bash
+        env:
+          DOCKER_REPO: "${{ vars.QUAY_REPO }}"
+          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
+        run: |
+          ./hooks/build
+        if: ${{ matrix.base_image == 'debian' && env.HAVE_QUAY_LOGIN == 'true' }}
+
+      - name: Push Debian based images (quay.io)
+        shell: bash
+        env:
+          DOCKER_REPO: "${{ vars.QUAY_REPO }}"
+          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
+        run: |
+          ./hooks/push
+        if: ${{ matrix.base_image == 'debian' && env.HAVE_QUAY_LOGIN == 'true' }}
+
+      # Alpine
+
+      # Docker Hub
+      - name: Build Alpine based images (docker.io)
+        shell: bash
+        env:
+          DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}"
           DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
         run: |
           ./hooks/build
-        if: ${{ matrix.base_image == 'alpine' }}
+        if: ${{ matrix.base_image == 'alpine' && env.HAVE_DOCKERHUB_LOGIN == 'true' }}
 
-      - name: Push Alpine based images
+      - name: Push Alpine based images (docker.io)
         shell: bash
         env:
+          DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}"
           DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
         run: |
           ./hooks/push
-        if: ${{ matrix.base_image == 'alpine' }}
+        if: ${{ matrix.base_image == 'alpine' && env.HAVE_DOCKERHUB_LOGIN == 'true' }}
+
+      # GitHub Container Registry
+      - name: Build Alpine based images (ghcr.io)
+        shell: bash
+        env:
+          DOCKER_REPO: "${{ vars.GHCR_REPO }}"
+          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
+        run: |
+          ./hooks/build
+        if: ${{ matrix.base_image == 'alpine' && env.HAVE_GHCR_LOGIN == 'true' }}
+
+      - name: Push Alpine based images (ghcr.io)
+        shell: bash
+        env:
+          DOCKER_REPO: "${{ vars.GHCR_REPO }}"
+          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
+        run: |
+          ./hooks/push
+        if: ${{ matrix.base_image == 'alpine' && env.HAVE_GHCR_LOGIN == 'true' }}
+
+      # Quay.io
+      - name: Build Alpine based images (quay.io)
+        shell: bash
+        env:
+          DOCKER_REPO: "${{ vars.QUAY_REPO }}"
+          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
+        run: |
+          ./hooks/build
+        if: ${{ matrix.base_image == 'alpine' && env.HAVE_QUAY_LOGIN == 'true' }}
+
+      - name: Push Alpine based images (quay.io)
+        shell: bash
+        env:
+          DOCKER_REPO: "${{ vars.QUAY_REPO }}"
+          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
+        run: |
+          ./hooks/push
+        if: ${{ matrix.base_image == 'alpine' && env.HAVE_QUAY_LOGIN == 'true' }}