Add support for Quay.io and GHCR.io as registries

- Added support for Quay.io - Added support for GHCR.io To enable support for these container image registries the following needs to be added. As `Actions secrets and variables` - `Secrets` - `DOCKERHUB_TOKEN` and `DOCKERHUB_USERNAME` - `QUAY_TOKEN` and `QUAY_USERNAME` As `Actions secrets and variables` - `Variables` - `Repository Variables` - `DOCKERHUB_REPO` - `GHCR_REPO` - `QUAY_REPO` The `DOCKERHUB_REPO` currently configured in `Secrets` can be removed if wanted, probably best after this PR has been merged. If one of the vars/secrets are not configured it will skip that specific registry!
2 years ago · 467ecfdc99
parent 5800aceb2d
commit 467ecfdc99
25 changed files with 175 additions and 55 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -43,7 +43,7 @@ jobs:
    steps:
      # Checkout the repo
      - name: "Checkout"
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
      # End Checkout the repo


@ -71,7 +71,7 @@ jobs:

      # Only install the clippy and rustfmt components on the default rust-toolchain
      - name: "Install rust-toolchain version"
-        uses: dtolnay/rust-toolchain@e12eda571dc9a5ee5d58eecf4738ec291c66f295 # master @ 2023-02-19 - 02:23 GMT+1
+        uses: dtolnay/rust-toolchain@fc3253060d0c959bea12a59f10f8391454a0b02d # master @ 2023-03-21 - 06:36 GMT+1
        if: ${{ matrix.channel == 'rust-toolchain' }}
        with:
          toolchain: "${{steps.toolchain.outputs.RUST_TOOLCHAIN}}"
@ -81,7 +81,7 @@ jobs:

      # Install the any other channel to be used for which we do not execute clippy and rustfmt
      - name: "Install MSRV version"
-        uses: dtolnay/rust-toolchain@e12eda571dc9a5ee5d58eecf4738ec291c66f295 # master @ 2023-02-19 - 02:23 GMT+1
+        uses: dtolnay/rust-toolchain@fc3253060d0c959bea12a59f10f8391454a0b02d # master @ 2023-03-21 - 06:36 GMT+1
        if: ${{ matrix.channel != 'rust-toolchain' }}
        with:
          toolchain: "${{steps.toolchain.outputs.RUST_TOOLCHAIN}}"
--- a/.github/workflows/hadolint.yml
+++ b/.github/workflows/hadolint.yml
@ -13,7 +13,7 @@ jobs:
    steps:
      # Checkout the repo
      - name: Checkout
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
      # End Checkout the repo


--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -52,10 +52,19 @@ jobs:
      # build performance and the ability to copy extended file attributes
      # (e.g., for executable capabilities) across build phases.
      DOCKER_BUILDKIT: 1
-      # DOCKER_REPO/secrets.DOCKERHUB_REPO needs to be 'index.docker.io/<user>/<repo>'
-      DOCKER_REPO: ${{ secrets.DOCKERHUB_REPO }}
      SOURCE_COMMIT: ${{ github.sha }}
      SOURCE_REPOSITORY_URL: "https://github.com/${{ github.repository }}"
+      # The *_REPO variables need to be configured as repository variables
+      # Append `/settings/variables/actions` to your repo url
+      # DOCKERHUB_REPO needs to be 'index.docker.io/<user>/<repo>'
+      # Check for Docker hub credentials in secrets
+      HAVE_DOCKERHUB_LOGIN: ${{ vars.DOCKERHUB_REPO != '' && secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }}
+      # GHCR_REPO needs to be 'ghcr.io/<user>/<repo>'
+      # Check for Github credentials in secrets
+      HAVE_GHCR_LOGIN: ${{ vars.GHCR_REPO != '' && github.repository_owner != '' && secrets.GITHUB_TOKEN != '' }}
+      # QUAY_REPO needs to be 'quay.io/<user>/<repo>'
+      # Check for Quay.io credentials in secrets
+      HAVE_QUAY_LOGIN: ${{ vars.QUAY_REPO != '' && secrets.QUAY_USERNAME != '' && secrets.QUAY_TOKEN != '' }}
    if: ${{ needs.skip_check.outputs.should_skip != 'true' && github.repository == 'dani-garcia/vaultwarden' }}
    strategy:
      matrix:
@ -64,17 +73,10 @@ jobs:
    steps:
      # Checkout the repo
      - name: Checkout
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
        with:
          fetch-depth: 0

-      # Login to Docker Hub
-      - name: Login to Docker Hub
-        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
      # Determine Docker Tag
      - name: Init Variables
        id: vars
@ -88,34 +90,146 @@ jobs:
          fi
      # End Determine Docker Tag

-      - name: Build Debian based images
+      # Login to Docker Hub
+      - name: Login to Docker Hub
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+        if: ${{ env.HAVE_DOCKERHUB_LOGIN == 'true' }}
+
+      # Login to GitHub Container Registry
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+        if: ${{ env.HAVE_GHCR_LOGIN == 'true' }}
+
+      # Login to Quay.io
+      - name: Login to Quay.io
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
+        with:
+          registry: quay.io
+          username: ${{ secrets.QUAY_USERNAME }}
+          password: ${{ secrets.QUAY_TOKEN }}
+        if: ${{ env.HAVE_QUAY_LOGIN == 'true' }}
+
+      # Debian
+
+      # Docker Hub
+      - name: Build Debian based images (docker.io)
+        shell: bash
+        env:
+          DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}"
+          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
+        run: |
+          ./hooks/build
+        if: ${{ matrix.base_image == 'debian' && env.HAVE_DOCKERHUB_LOGIN == 'true' }}
+
+      - name: Push Debian based images (docker.io)
+        shell: bash
+        env:
+          DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}"
+          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
+        run: |
+          ./hooks/push
+        if: ${{ matrix.base_image == 'debian' && env.HAVE_DOCKERHUB_LOGIN == 'true' }}
+
+      # GitHub Container Registry
+      - name: Build Debian based images (ghcr.io)
+        shell: bash
+        env:
+          DOCKER_REPO: "${{ vars.GHCR_REPO }}"
+          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
+        run: |
+          ./hooks/build
+        if: ${{ matrix.base_image == 'debian' && env.HAVE_GHCR_LOGIN == 'true' }}
+
+      - name: Push Debian based images (ghcr.io)
+        shell: bash
+        env:
+          DOCKER_REPO: "${{ vars.GHCR_REPO }}"
+          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
+        run: |
+          ./hooks/push
+        if: ${{ matrix.base_image == 'debian' && env.HAVE_GHCR_LOGIN == 'true' }}
+
+      # Quay.io
+      - name: Build Debian based images (quay.io)
        shell: bash
        env:
+          DOCKER_REPO: "${{ vars.QUAY_REPO }}"
          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
        run: |
          ./hooks/build
-        if: ${{ matrix.base_image == 'debian' }}
+        if: ${{ matrix.base_image == 'debian' && env.HAVE_QUAY_LOGIN == 'true' }}

-      - name: Push Debian based images
+      - name: Push Debian based images (quay.io)
        shell: bash
        env:
+          DOCKER_REPO: "${{ vars.QUAY_REPO }}"
          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
        run: |
          ./hooks/push
-        if: ${{ matrix.base_image == 'debian' }}
+        if: ${{ matrix.base_image == 'debian' && env.HAVE_QUAY_LOGIN == 'true' }}
+
+      # Alpine
+
+      # Docker Hub
+      - name: Build Alpine based images (docker.io)
+        shell: bash
+        env:
+          DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}"
+          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
+        run: |
+          ./hooks/build
+        if: ${{ matrix.base_image == 'alpine' && env.HAVE_DOCKERHUB_LOGIN == 'true' }}
+
+      - name: Push Alpine based images (docker.io)
+        shell: bash
+        env:
+          DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}"
+          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
+        run: |
+          ./hooks/push
+        if: ${{ matrix.base_image == 'alpine' && env.HAVE_DOCKERHUB_LOGIN == 'true' }}
+
+      # GitHub Container Registry
+      - name: Build Alpine based images (ghcr.io)
+        shell: bash
+        env:
+          DOCKER_REPO: "${{ vars.GHCR_REPO }}"
+          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
+        run: |
+          ./hooks/build
+        if: ${{ matrix.base_image == 'alpine' && env.HAVE_GHCR_LOGIN == 'true' }}
+
+      - name: Push Alpine based images (ghcr.io)
+        shell: bash
+        env:
+          DOCKER_REPO: "${{ vars.GHCR_REPO }}"
+          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
+        run: |
+          ./hooks/push
+        if: ${{ matrix.base_image == 'alpine' && env.HAVE_GHCR_LOGIN == 'true' }}

-      - name: Build Alpine based images
+      # Quay.io
+      - name: Build Alpine based images (quay.io)
        shell: bash
        env:
+          DOCKER_REPO: "${{ vars.QUAY_REPO }}"
          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
        run: |
          ./hooks/build
-        if: ${{ matrix.base_image == 'alpine' }}
+        if: ${{ matrix.base_image == 'alpine' && env.HAVE_QUAY_LOGIN == 'true' }}

-      - name: Push Alpine based images
+      - name: Push Alpine based images (quay.io)
        shell: bash
        env:
+          DOCKER_REPO: "${{ vars.QUAY_REPO }}"
          DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
        run: |
          ./hooks/push
-        if: ${{ matrix.base_image == 'alpine' }}
+        if: ${{ matrix.base_image == 'alpine' && env.HAVE_QUAY_LOGIN == 'true' }}
--- a/docker/Dockerfile.j2
+++ b/docker/Dockerfile.j2
@ -3,22 +3,22 @@
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.

-{% set build_stage_base_image = "rust:1.67.1-bullseye" %}
+{% set build_stage_base_image = "rust:1.68.1-bullseye" %}
 {% if "alpine" in target_file %}
 {%   if "amd64" in target_file %}
-{%     set build_stage_base_image = "blackdex/rust-musl:x86_64-musl-stable-1.67.1" %}
+{%     set build_stage_base_image = "blackdex/rust-musl:x86_64-musl-stable-1.68.1" %}
 {%     set runtime_stage_base_image = "alpine:3.17" %}
 {%     set package_arch_target = "x86_64-unknown-linux-musl" %}
 {%   elif "armv7" in target_file %}
-{%     set build_stage_base_image = "blackdex/rust-musl:armv7-musleabihf-stable-1.67.1" %}
+{%     set build_stage_base_image = "blackdex/rust-musl:armv7-musleabihf-stable-1.68.1" %}
 {%     set runtime_stage_base_image = "balenalib/armv7hf-alpine:3.17" %}
 {%     set package_arch_target = "armv7-unknown-linux-musleabihf" %}
 {%   elif "armv6" in target_file %}
-{%     set build_stage_base_image = "blackdex/rust-musl:arm-musleabi-stable-1.67.1" %}
+{%     set build_stage_base_image = "blackdex/rust-musl:arm-musleabi-stable-1.68.1" %}
 {%     set runtime_stage_base_image = "balenalib/rpi-alpine:3.17" %}
 {%     set package_arch_target = "arm-unknown-linux-musleabi" %}
 {%   elif "arm64" in target_file %}
-{%     set build_stage_base_image = "blackdex/rust-musl:aarch64-musl-stable-1.67.1" %}
+{%     set build_stage_base_image = "blackdex/rust-musl:aarch64-musl-stable-1.68.1" %}
 {%     set runtime_stage_base_image = "balenalib/aarch64-alpine:3.17" %}
 {%     set package_arch_target = "aarch64-unknown-linux-musl" %}
 {%   endif %}
--- a/docker/amd64/Dockerfile
+++ b/docker/amd64/Dockerfile
@ -27,7 +27,7 @@
 FROM vaultwarden/web-vault@sha256:8b658e46339dde404b6370b381422e3522a133560264266e285acdd9adf807fe as vault

 ########################## BUILD IMAGE  ##########################
-FROM rust:1.67.1-bullseye as build
+FROM rust:1.68.1-bullseye as build

 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
--- a/docker/amd64/Dockerfile.alpine
+++ b/docker/amd64/Dockerfile.alpine
@ -27,7 +27,7 @@
 FROM vaultwarden/web-vault@sha256:8b658e46339dde404b6370b381422e3522a133560264266e285acdd9adf807fe as vault

 ########################## BUILD IMAGE  ##########################
-FROM blackdex/rust-musl:x86_64-musl-stable-1.67.1 as build
+FROM blackdex/rust-musl:x86_64-musl-stable-1.68.1 as build

 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
--- a/docker/amd64/Dockerfile.buildkit
+++ b/docker/amd64/Dockerfile.buildkit
@ -27,7 +27,7 @@
 FROM vaultwarden/web-vault@sha256:8b658e46339dde404b6370b381422e3522a133560264266e285acdd9adf807fe as vault

 ########################## BUILD IMAGE  ##########################
-FROM rust:1.67.1-bullseye as build
+FROM rust:1.68.1-bullseye as build

 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
--- a/docker/amd64/Dockerfile.buildkit.alpine
+++ b/docker/amd64/Dockerfile.buildkit.alpine
@ -27,7 +27,7 @@
 FROM vaultwarden/web-vault@sha256:8b658e46339dde404b6370b381422e3522a133560264266e285acdd9adf807fe as vault

 ########################## BUILD IMAGE  ##########################
-FROM blackdex/rust-musl:x86_64-musl-stable-1.67.1 as build
+FROM blackdex/rust-musl:x86_64-musl-stable-1.68.1 as build

 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
--- a/docker/arm64/Dockerfile
+++ b/docker/arm64/Dockerfile
@ -27,7 +27,7 @@
 FROM vaultwarden/web-vault@sha256:8b658e46339dde404b6370b381422e3522a133560264266e285acdd9adf807fe as vault

 ########################## BUILD IMAGE  ##########################
-FROM rust:1.67.1-bullseye as build
+FROM rust:1.68.1-bullseye as build

 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
--- a/docker/arm64/Dockerfile.alpine
+++ b/docker/arm64/Dockerfile.alpine
@ -27,7 +27,7 @@
 FROM vaultwarden/web-vault@sha256:8b658e46339dde404b6370b381422e3522a133560264266e285acdd9adf807fe as vault

 ########################## BUILD IMAGE  ##########################
-FROM blackdex/rust-musl:aarch64-musl-stable-1.67.1 as build
+FROM blackdex/rust-musl:aarch64-musl-stable-1.68.1 as build

 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
--- a/docker/arm64/Dockerfile.buildkit
+++ b/docker/arm64/Dockerfile.buildkit
@ -27,7 +27,7 @@
 FROM vaultwarden/web-vault@sha256:8b658e46339dde404b6370b381422e3522a133560264266e285acdd9adf807fe as vault

 ########################## BUILD IMAGE  ##########################
-FROM rust:1.67.1-bullseye as build
+FROM rust:1.68.1-bullseye as build

 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
--- a/docker/arm64/Dockerfile.buildkit.alpine
+++ b/docker/arm64/Dockerfile.buildkit.alpine
@ -27,7 +27,7 @@
 FROM vaultwarden/web-vault@sha256:8b658e46339dde404b6370b381422e3522a133560264266e285acdd9adf807fe as vault

 ########################## BUILD IMAGE  ##########################
-FROM blackdex/rust-musl:aarch64-musl-stable-1.67.1 as build
+FROM blackdex/rust-musl:aarch64-musl-stable-1.68.1 as build

 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
--- a/docker/armv6/Dockerfile
+++ b/docker/armv6/Dockerfile
@ -27,7 +27,7 @@
 FROM vaultwarden/web-vault@sha256:8b658e46339dde404b6370b381422e3522a133560264266e285acdd9adf807fe as vault

 ########################## BUILD IMAGE  ##########################
-FROM rust:1.67.1-bullseye as build
+FROM rust:1.68.1-bullseye as build

 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
--- a/docker/armv6/Dockerfile.alpine
+++ b/docker/armv6/Dockerfile.alpine
@ -27,7 +27,7 @@
 FROM vaultwarden/web-vault@sha256:8b658e46339dde404b6370b381422e3522a133560264266e285acdd9adf807fe as vault

 ########################## BUILD IMAGE  ##########################
-FROM blackdex/rust-musl:arm-musleabi-stable-1.67.1 as build
+FROM blackdex/rust-musl:arm-musleabi-stable-1.68.1 as build

 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
--- a/docker/armv6/Dockerfile.buildkit
+++ b/docker/armv6/Dockerfile.buildkit
@ -27,7 +27,7 @@
 FROM vaultwarden/web-vault@sha256:8b658e46339dde404b6370b381422e3522a133560264266e285acdd9adf807fe as vault

 ########################## BUILD IMAGE  ##########################
-FROM rust:1.67.1-bullseye as build
+FROM rust:1.68.1-bullseye as build

 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
--- a/docker/armv6/Dockerfile.buildkit.alpine
+++ b/docker/armv6/Dockerfile.buildkit.alpine
@ -27,7 +27,7 @@
 FROM vaultwarden/web-vault@sha256:8b658e46339dde404b6370b381422e3522a133560264266e285acdd9adf807fe as vault

 ########################## BUILD IMAGE  ##########################
-FROM blackdex/rust-musl:arm-musleabi-stable-1.67.1 as build
+FROM blackdex/rust-musl:arm-musleabi-stable-1.68.1 as build

 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
--- a/docker/armv7/Dockerfile
+++ b/docker/armv7/Dockerfile
@ -27,7 +27,7 @@
 FROM vaultwarden/web-vault@sha256:8b658e46339dde404b6370b381422e3522a133560264266e285acdd9adf807fe as vault

 ########################## BUILD IMAGE  ##########################
-FROM rust:1.67.1-bullseye as build
+FROM rust:1.68.1-bullseye as build

 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
--- a/docker/armv7/Dockerfile.alpine
+++ b/docker/armv7/Dockerfile.alpine
@ -27,7 +27,7 @@
 FROM vaultwarden/web-vault@sha256:8b658e46339dde404b6370b381422e3522a133560264266e285acdd9adf807fe as vault

 ########################## BUILD IMAGE  ##########################
-FROM blackdex/rust-musl:armv7-musleabihf-stable-1.67.1 as build
+FROM blackdex/rust-musl:armv7-musleabihf-stable-1.68.1 as build

 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
--- a/docker/armv7/Dockerfile.buildkit
+++ b/docker/armv7/Dockerfile.buildkit
@ -27,7 +27,7 @@
 FROM vaultwarden/web-vault@sha256:8b658e46339dde404b6370b381422e3522a133560264266e285acdd9adf807fe as vault

 ########################## BUILD IMAGE  ##########################
-FROM rust:1.67.1-bullseye as build
+FROM rust:1.68.1-bullseye as build

 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
--- a/docker/armv7/Dockerfile.buildkit.alpine
+++ b/docker/armv7/Dockerfile.buildkit.alpine
@ -27,7 +27,7 @@
 FROM vaultwarden/web-vault@sha256:8b658e46339dde404b6370b381422e3522a133560264266e285acdd9adf807fe as vault

 ########################## BUILD IMAGE  ##########################
-FROM blackdex/rust-musl:armv7-musleabihf-stable-1.67.1 as build
+FROM blackdex/rust-musl:armv7-musleabihf-stable-1.68.1 as build

 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
--- a/hooks/arches.sh
+++ b/hooks/arches.sh
@ -1,3 +1,5 @@
+#!/usr/bin/env bash
+
 # The default Debian-based images support these arches for all database backends.
 arches=(
    amd64
@ -5,7 +7,9 @@ arches=(
    armv7
    arm64
 )
+export arches

 if [[ "${DOCKER_TAG}" == *alpine ]]; then
    distro_suffix=.alpine
 fi
+export distro_suffix
--- a/hooks/build
+++ b/hooks/build
@ -1,7 +1,8 @@
-#!/bin/bash
+#!/usr/bin/env bash

 echo ">>> Building images..."

+# shellcheck source=arches.sh
 source ./hooks/arches.sh

 if [[ -z "${SOURCE_COMMIT}" ]]; then
@ -26,7 +27,7 @@ LABELS=(
    org.opencontainers.image.licenses="AGPL-3.0-only"
    org.opencontainers.image.revision="${SOURCE_COMMIT}"
    org.opencontainers.image.source="${SOURCE_REPOSITORY_URL}"
-    org.opencontainers.image.url="https://hub.docker.com/r/${DOCKER_REPO#*/}"
+    org.opencontainers.image.url="https://github.com/dani-garcia/vaultwarden"
    org.opencontainers.image.version="${SOURCE_VERSION}"
 )
 LABEL_ARGS=()
@ -45,6 +46,6 @@ for arch in "${arches[@]}"; do
    docker build \
           "${LABEL_ARGS[@]}" \
           -t "${DOCKER_REPO}:${DOCKER_TAG}-${arch}" \
-           -f docker/${arch}/Dockerfile${buildkit_suffix}${distro_suffix} \
+           -f "docker/${arch}/Dockerfile${buildkit_suffix}${distro_suffix}" \
           .
 done
--- a/hooks/pre_build
+++ b/hooks/pre_build
@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash

 set -ex

--- a/hooks/push
+++ b/hooks/push
@ -1,5 +1,6 @@
-#!/bin/bash
+#!/usr/bin/env bash

+# shellcheck source=arches.sh
 source ./hooks/arches.sh

 export DOCKER_CLI_EXPERIMENTAL=enabled
@ -41,7 +42,7 @@ LOCAL_REPO="${LOCAL_REGISTRY}/${REPO}"

 echo ">>> Pushing images to local registry..."

-for arch in ${arches[@]}; do
+for arch in "${arches[@]}"; do
    docker_image="${DOCKER_REPO}:${DOCKER_TAG}-${arch}"
    local_image="${LOCAL_REPO}:${DOCKER_TAG}-${arch}"
    docker tag "${docker_image}" "${local_image}"
@ -71,9 +72,9 @@ tags=("${DOCKER_REPO}:${DOCKER_TAG}")
 # to make it easier for users to track the latest release.
 if [[ "${DOCKER_TAG}" =~ ^[0-9]+\.[0-9]+\.[0-9]+ ]]; then
    if [[ "${DOCKER_TAG}" == *alpine ]]; then
-        tags+=(${DOCKER_REPO}:alpine)
+        tags+=("${DOCKER_REPO}:alpine")
    else
-        tags+=(${DOCKER_REPO}:latest)
+        tags+=("${DOCKER_REPO}:latest")
    fi
 fi

@ -91,10 +92,10 @@ declare -A arch_to_platform=(
    [arm64]="linux/arm64"
 )
 platforms=()
-for arch in ${arches[@]}; do
+for arch in "${arches[@]}"; do
    platforms+=("${arch_to_platform[$arch]}")
 done
-platforms="$(join "," "${platforms[@]}")"
+platform="$(join "," "${platforms[@]}")"

 # Run the build, pushing the resulting images and multi-arch manifest list to
 # Docker Hub. The Dockerfile is read from stdin to avoid sending any build
@ -104,7 +105,7 @@ docker buildx build \
       --network host \
       --build-arg LOCAL_REPO="${LOCAL_REPO}" \
       --build-arg DOCKER_TAG="${DOCKER_TAG}" \
-       --platform "${platforms}" \
+       --platform "${platform}" \
       "${tag_args[@]}" \
       --push \
       - < ./docker/Dockerfile.buildx
--- a/2
+++ b/2
@ -1 +1 @@
-1.68.0
+1.68.1
 @ -1 +1 @@
 .68.0
 .68.1