Skip to content

Dockerfile / GHCR workflow #780

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
+72 −0
Open

Dockerfile / GHCR workflow #780

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5211524
Set up multi-stage Docker build for application
MrOplus Aug 31, 2025
9215bfd
Create docker-image.yml
MrOplus Aug 31, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 56 additions & 0 deletions .github/workflows/docker-image.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
name: Create and publish a Docker image

on:
release:
types: [published]
push:
branches:
- master
workflow_dispatch:


env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}

jobs:
build-and-push-image:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write

steps:
- name: Checkout
uses: actions/checkout@v2
Copy link

Copilot AI Sep 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using an outdated checkout action version poses security risks. actions/checkout@v2 has known vulnerabilities that have been addressed in newer versions.

Suggested change
uses: actions/checkout@v2
uses: actions/checkout@v4

Copilot uses AI. Check for mistakes.

- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
${{ github.event_name == 'release' && github.event.release.tag_name == 'latest' && 'latest' || '' }}
Copy link

Copilot AI Sep 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The logic for tagging 'latest' is incorrect. Release tag names are typically version numbers (e.g., 'v1.0.0'), not 'latest'. This condition will never be true. Consider using ${{ github.event_name == 'release' && 'latest' || '' }} to tag all releases as latest.

Suggested change
${{ github.event_name == 'release' && github.event.release.tag_name == 'latest' && 'latest' || '' }}
${{ github.event_name == 'release' && 'latest' || '' }}

Copilot uses AI. Check for mistakes.
${{ github.sha }}
type=ref,event=branch
type=pep440,pattern={{version}}
Copy link

Copilot AI Sep 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The pep440 tag type is designed for Python packages, not for general release versioning. For a telegram-bot-api project, use type=semver,pattern={{version}} instead to properly handle semantic versioning.

Suggested change
type=pep440,pattern={{version}}
type=semver,pattern={{version}}

Copilot uses AI. Check for mistakes.

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Build and push Docker image
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
16 changes: 16 additions & 0 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
FROM ubuntu as BUILD

WORKDIR /app

COPY . .

Comment on lines +5 to +6
Copy link

Copilot AI Sep 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Git submodule initialization requires the .git directory, but COPY . . may not include it depending on .dockerignore settings. Consider adding --recurse-submodules to the git clone command in the workflow or ensure .git is copied.

Suggested change
COPY . .
# COPY . .
RUN git clone --recurse-submodules <repo_url> .

Copilot uses AI. Check for mistakes.
RUN apt update && apt install libssl-dev gperf git build-essential cmake zlib1g-dev ccache git -y
Copy link

Copilot AI Sep 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The package 'git' is listed twice in the installation command. Remove the duplicate to clean up the package list.

Suggested change
RUN apt update && apt install libssl-dev gperf git build-essential cmake zlib1g-dev ccache git -y
RUN apt update && apt install libssl-dev gperf git build-essential cmake zlib1g-dev ccache -y

Copilot uses AI. Check for mistakes.
RUN git submodule update --init --recursive
RUN mkdir build
RUN cd build && cmake -DCMAKE_BUILD_TYPE=Release .. && cmake --build . --target install

FROM ubuntu as DIST
WORKDIR /app
COPY --from=BUILD /app/build/telegram-bot-api api
RUN chmod +x api
CMD ["./api"]