diff --git a/.github/workflows/test-docker-build-multi-platform.yml b/.github/workflows/test-docker-build-multi-platform.yml index 3b20da6..b87902e 100644 --- a/.github/workflows/test-docker-build-multi-platform.yml +++ b/.github/workflows/test-docker-build-multi-platform.yml @@ -40,6 +40,7 @@ jobs: login: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} platforms: linux/amd64,linux/arm64 + inspect: false tags: | type=sha,format=long,suffix=-multi-platform,priority=1002 diff --git a/.github/workflows/test-docker-build.yml b/.github/workflows/test-docker-build.yml index 942d452..db476ec 100644 --- a/.github/workflows/test-docker-build.yml +++ b/.github/workflows/test-docker-build.yml @@ -38,7 +38,7 @@ jobs: registry: registry.hub.docker.com login: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} - inspect: true + inspect: false tags: | type=sha,format=long,suffix=-single-platform,priority=1002 diff --git a/action.yml b/action.yml index ed0690e..bc081b7 100644 --- a/action.yml +++ b/action.yml @@ -98,9 +98,13 @@ inputs: required: false default: "false" inspect: - description: "Set to `true` will pull and inspect the image and output it to the step summary." + description: "Set to `true` will pull and inspect the image and output it." required: false default: "false" + summary: + description: "Set to `true` will create step summary." + required: false + default: "true" debug: description: "Enable debug mode" required: false @@ -114,7 +118,10 @@ outputs: value: ${{ steps.tag.outputs.output }} metadata: description: "Docker image metadata" - value: ${{ steps.get-metadata.outputs.metadata }} + value: ${{ toJSON(steps.docker-build-push-action.outputs.metadata) }} + inspect: + description: "Docker image inspect metadata" + value: ${{ toJSON(steps.inspect.outputs.metadata) }} runs: using: "composite" @@ -211,6 +218,8 @@ runs: # https://github.com/docker/build-push-action/issues/1167 uses: docker/build-push-action@v7 id: docker-build-push-action + env: + DOCKER_BUILD_SUMMARY: ${{ inputs.inspect == 'true' && inputs.summary == 'true' }} with: allow: ${{ inputs.allow }} network: ${{ inputs.network }} @@ -232,32 +241,113 @@ runs: secrets: ${{ inputs.secrets }} secret-files: ${{ inputs.secret-files }} - - name: Get Metadata - id: get-metadata - shell: bash - env: - METADATA: ${{ toJSON(steps.docker-build-push-action.outputs.metadata) }} - run: | - { - echo "metadata<> $GITHUB_OUTPUT - echo "## Docker Image Metadata" >> $GITHUB_STEP_SUMMARY - echo '```json' >> $GITHUB_STEP_SUMMARY - echo "$METADATA" | jq >> $GITHUB_STEP_SUMMARY - echo '```' >> $GITHUB_STEP_SUMMARY - - name: Docker Inspect id: inspect - if: ${{ inputs.inspect }} == 'true' + if: ${{ inputs.summary == 'true' }} shell: bash run: | docker pull "${{ inputs.registry }}/${{ steps.image_name.outputs.image_name }}:${{ steps.tag.outputs.output }}" docker inspect "${{ inputs.registry }}/${{ steps.image_name.outputs.image_name }}:${{ steps.tag.outputs.output }}" > inspect.json metadata=$(jq -c < inspect.json) echo "metadata=$metadata" >> $GITHUB_OUTPUT - echo "## Docker Image Inspect" >> $GITHUB_STEP_SUMMARY - echo '```json' >> $GITHUB_STEP_SUMMARY - cat inspect.json >> $GITHUB_STEP_SUMMARY - echo '```' >> $GITHUB_STEP_SUMMARY + + # ── parse fields ──────────────────────────────────────────────────────── + IMAGE_NAME=$(jq -r '.[0].RepoTags[0] | split(":")[0] | split("/")[-1]' inspect.json) + IMAGE_REPO=$(jq -r '.[0].RepoTags[0] | split(":")[0]' inspect.json) + TAG=$(jq -r '.[0].RepoTags[0] | split(":")[1]' inspect.json) + DIGEST=$(jq -r '.[0].RepoDigests[0] | split("@")[1]' inspect.json) + IMAGE_ID=$(jq -r '.[0].Id' inspect.json) + REVISION=$(jq -r '.[0].Config.Labels["org.opencontainers.image.revision"] // "n/a"' inspect.json) + SOURCE=$(jq -r '.[0].Config.Labels["org.opencontainers.image.source"] // "n/a"' inspect.json) + LICENSE=$(jq -r '.[0].Config.Labels["org.opencontainers.image.licenses"] // "n/a"' inspect.json) + DESCRIPTION=$(jq -r '.[0].Config.Labels["org.opencontainers.image.description"] // ""' inspect.json) + ARCH=$(jq -r '.[0].Architecture' inspect.json) + OS=$(jq -r '.[0].Os' inspect.json) + SIZE_BYTES=$(jq -r '.[0].Size' inspect.json) + SIZE_MB=$(echo "scale=1; $SIZE_BYTES / 1048576" | bc) + LAYER_COUNT=$(jq '.[0].RootFS.Layers | length' inspect.json) + PORTS=$(jq -r '.[0].Config.ExposedPorts // {} | keys | join(", ")' inspect.json) + ENTRYPOINT=$(jq -r '.[0].Config.Entrypoint | join(" ")' inspect.json) + CMD=$(jq -r '.[0].Config.Cmd | join(" ")' inspect.json) + STOP_SIGNAL=$(jq -r '.[0].Config.StopSignal // "n/a"' inspect.json) + DRIVER=$(jq -r '.[0].GraphDriver.Name' inspect.json) + + # ── summary ───────────────────────────────────────────────────────────── + { + echo "## 🐳 ${IMAGE_REPO}   \`${SIZE_MB} MB\`   \`${LICENSE}\`   \`${ARCH}\`   \`${OS}\`" + echo "" + if [[ -n "${DESCRIPTION}" ]]; then + echo "${DESCRIPTION}" + echo "" + fi + echo "---" + echo "" + + echo "| Field | Value |" + echo "|---|---|" + echo "| Tag | \`${TAG}\` |" + echo "| Digest | \`${DIGEST}\` |" + echo "| Image ID | \`${IMAGE_ID}\` |" + echo "| Revision | \`${REVISION}\` |" + echo "| Source | ${SOURCE} |" + echo "" + + # runtime (collapsible) + echo "
" + echo "⚙️ Runtime" + echo "" + echo "| Field | Value |" + echo "|---|---|" + echo "| Entrypoint | \`${ENTRYPOINT}\` |" + echo "| Command | \`${CMD}\` |" + echo "| Stop signal | \`${STOP_SIGNAL}\` |" + echo "| Storage driver | \`${DRIVER}\` |" + echo "| Exposed ports | \`${PORTS}\` |" + echo "" + echo "
" + echo "" + + # env vars (collapsible) + echo "
" + echo "🌱 Environment variables" + echo "" + echo "| Variable | Value |" + echo "|---|---|" + jq -r '.[0].Config.Env[] | split("=") | "| `\(.[0])` | `\(.[1:] | join("="))` |"' inspect.json + echo "" + echo "
" + echo "" + + # labels (collapsible) + echo "
" + echo "🔖 Labels" + echo "" + echo "| Label | Value |" + echo "|---|---|" + jq -r '.[0].Config.Labels // {} | to_entries[] | "| `\(.key)` | `\(.value)` |"' inspect.json + echo "" + echo "
" + echo "" + + # layers (collapsible) + echo "
" + echo "📦 Layers (${LAYER_COUNT})" + echo "" + echo "| # | Digest |" + echo "|---|---|" + jq -r '.[0].RootFS.Layers | to_entries[] | "| \(.key + 1) | `\(.value)` |"' inspect.json + echo "" + echo "
" + echo "" + + # raw json (collapsible) + echo "
" + echo "📄 Raw JSON" + echo "" + echo '```json' + jq '.' inspect.json + echo '```' + echo "" + echo "
" + + } >> $GITHUB_STEP_SUMMARY