Skip to content

Workflow file for this run

name: "[MAIN] Docker Image Build and Publish"
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
on:
push:
branches: ["main"]
env:
# Use docker.io for Docker Hub if empty
REGISTRY: ghcr.io
# github.repository as <account>/<repo>
IMAGE_NAME: ${{ github.repository }}
jobs:
ghcr:
name: Deploy to GitHub Container Registry
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
# This is used to complete the identity challenge
# with sigstore/fulcio when running outside of PRs.
id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
# Install the cosign tool except on PR
# https://github.com/sigstore/cosign-installer
- name: Install cosign
if: github.event_name != 'pull_request'
uses: sigstore/cosign-installer@f3c664df7af409cb4873aa5068053ba9d61a57b6 #v2.6.0
with:
cosign-release: "v1.13.1"
# Workaround: https://github.com/docker/build-push-action/issues/461
- name: Setup Docker buildx
uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
- name: Login to GitHub Container Registry ${{ env.REGISTRY }}
if: github.event_name != 'pull_request'
uses: docker/login-action@v1
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.GHCR_USERNAME }}
password: ${{ secrets.GHCR_TOKEN }}
- name: downcase REPO
run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV}
- name: Build and Push Docker Image
run: |
export CURRENT_BRANCH=${GITHUB_REF#refs/heads/}
export TAG=$([[ $CURRENT_BRANCH == "main" ]] && echo $CURRENT_BRANCH || echo "latest")
export GITHUB_REF_IMAGE=ghcr.io/myriadflow/webapp:$GITHUB_SHA
export GITHUB_BRANCH_IMAGE=ghcr.io/myriadflow/webapp:$TAG
docker build -t $GITHUB_REF_IMAGE -t $GITHUB_BRANCH_IMAGE .
echo "Pushing Image to GitHub Container Registry"
docker push $GITHUB_REF_IMAGE
docker push $GITHUB_BRANCH_IMAGE