urbit/.github/workflows/release-docker.yml

name: release-docker

on:
  release: null
  push:
    tags: ['urbit-v*']

jobs:
  upload:
    strategy:
      matrix:
        include:
          - { os: ubuntu-latest, system: x86_64-linux }

    runs-on: ${{ matrix.os }}

    steps:
      - uses: actions/checkout@v2
      - uses: cachix/install-nix-action@v12
        with:
          extra_nix_config: |
            system-features = nixos-test benchmark big-parallel kvm            
      - uses: cachix/cachix-action@v8
        with:
          name: ${{ secrets.CACHIX_NAME }}
          authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
      - uses: docker/docker-login-action@v1.8.0
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - uses: christian-korneck/update-container-description-action@v1
        env:
          DOCKER_USER: ${{ secrets.DOCKERHUB_USERNAME }}
          DOCKER_PASS: ${{ secrets.DOCKERHUB_TOKEN }}
        with:
          destination_container_repo: ${{ secrets.DOCKERHUB_USERNAME }}/urbit
          provider: dockerhub
          short_description: 'Urbit: a clean-slate OS and network for the 21st century'
          readme_file: 'pkg/docker-image/README.md'

      - run: |
          version="$(cat ./pkg/urbit/version)"
          skopeo="$(nix-build -A skopeo)/bin/skopeo"
          image="$(nix-build -A docker-image)"
          $skopeo --insecure-policy copy tarball:$docker docker://${{ secrets.DOCKERHUB_USERNAME }}/urbit:v$version 
          # Apply 'latest' tag. This won't re-copy any layers since layers are checked by hash before copying
          $skopeo --insecure-policy copy tarball:$docker docker://${{ secrets.DOCKERHUB_USERNAME }}/urbit:latest