From 518f41f9ff968e7a026e8a026e93d507f89cd4c2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miroslav=20=C5=A0ediv=C3=BD?= <sedivy.miro@gmail.com>
Date: Sun, 30 Mar 2025 20:36:15 +0200
Subject: [PATCH] update dockerhub workflow.

---
 .github/workflows/dockerhub.yml | 115 +++++++++++++++++++++-----------
 1 file changed, 77 insertions(+), 38 deletions(-)

diff --git a/.github/workflows/dockerhub.yml b/.github/workflows/dockerhub.yml
index 71f859a7..88b6284a 100644
--- a/.github/workflows/dockerhub.yml
+++ b/.github/workflows/dockerhub.yml
@@ -1,8 +1,9 @@
-name: "build and push amd64 images to Docker Hub"
+name: Build and Push to Docker Hub
 
 on:
   push:
-    branches: [ master ]
+    branches:
+      - master
   #
   # Run this action periodically to keep browsers up-to-date
   # even if there is no activity in this repo.
@@ -15,29 +16,47 @@ env:
 
 jobs:
   build-base:
+    name: Base Image
     runs-on: ubuntu-latest
     #
     # do not run on forks
     #
     if: github.repository_owner == 'm1k1o'
     steps:
-      - name: Check Out Repo
-        uses: actions/checkout@v2
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Extract metadata (tags, labels) for Docker
+        uses: docker/metadata-action@v5
+        id: meta
+        with:
+          images: ${{ env.DOCKER_IMAGE }}
+          tags: |
+            type=raw,value=base
 
       - name: Login to Docker Hub
-        run: |
-          docker login --username "${DOCKER_USERNAME}" --password-stdin "${DOCKER_REGISTRY}" <<< "${DOCKER_TOKEN}"
-        env:
-          DOCKER_REGISTRY: ${{ secrets.DOCKER_REGISTRY }}
-          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
-          DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_TOKEN }}
 
-      - name: Build base
-        run: |
-          ./build -b ${DOCKER_IMAGE}:base
-          docker push ${DOCKER_IMAGE}:base
+      - name: Generate base Dockerfile
+        run: go run docker/main.go -i Dockerfile.tmpl -o Dockerfile
 
-  build:
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: ./
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+  build-app:
+    name: App Image
     runs-on: ubuntu-latest
     #
     # do not run on forks
@@ -48,30 +67,50 @@ jobs:
       # Will build all images even if some fail.
       fail-fast: false
       matrix:
-        tags: [ firefox, waterfox, chromium, google-chrome, ungoogled-chromium, microsoft-edge, brave, vivaldi, opera, tor-browser, remmina, vlc, xfce, kde ]
-    env:
-      DOCKER_TAG: ${{ matrix.tags }}
+        tag: 
+          - firefox
+          - waterfox
+          - chromium
+          - google-chrome
+          - ungoogled-chromium
+          - microsoft-edge
+          - brave
+          - vivaldi
+          - opera
+          - tor-browser
+          - remmina
+          - vlc
+          - xfce
+          - kde
     steps:
-      - name: Check Out Repo
-        uses: actions/checkout@v2
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Extract metadata (tags, labels) for Docker
+        uses: docker/metadata-action@v5
+        id: meta
+        with:
+          images: ${{ env.DOCKER_IMAGE }}
+          tags: |
+            type=raw,value=latest,enable=${{ matrix.tag == 'firefox' }}
+            type=raw,value=${{ matrix.tag }}
 
       - name: Login to Docker Hub
-        run: |
-          docker login --username "${DOCKER_USERNAME}" --password-stdin "${DOCKER_REGISTRY}" <<< "${DOCKER_TOKEN}"
-        env:
-          DOCKER_REGISTRY: ${{ secrets.DOCKER_REGISTRY }}
-          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
-          DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_TOKEN }}
 
-      - name: Build container
-        run: |
-          ./build -b ${DOCKER_IMAGE}:base -i ${DOCKER_IMAGE}
-          docker tag ${DOCKER_IMAGE}/${DOCKER_TAG} ${DOCKER_IMAGE}:${DOCKER_TAG}
-          docker push ${DOCKER_IMAGE}:${DOCKER_TAG}
-
-      - name: Push latest tag
-        if: ${{ matrix.tags == 'firefox' }}
-        run: |
-          docker pull ${DOCKER_IMAGE}:${DOCKER_TAG}
-          docker tag ${DOCKER_IMAGE}:${DOCKER_TAG} ${DOCKER_IMAGE}:latest
-          docker push ${DOCKER_IMAGE}:latest
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: apps/${{ matrix.tag }}
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            BASE_IMAGE=${{ env.DOCKER_IMAGE }}:base
+          cache-from: type=gha
+          cache-to: type=gha,mode=max