|
1 | | -name: Docker |
2 | | - |
| 1 | +--- |
| 2 | +name: GHCR Publish |
3 | 3 | # This workflow uses actions that are not certified by GitHub. |
4 | 4 | # They are provided by a third-party and are governed by |
5 | 5 | # separate terms of service, privacy policy, and support |
6 | 6 | # documentation. |
7 | | - |
8 | 7 | on: |
9 | 8 | push: |
10 | | - branches: [ "main" ] |
11 | | - # Publish semver tags as releases. |
12 | | - tags: [ '*.*.*' ] |
| 9 | + branches: [main] |
| 10 | + tags: [*.*.*] |
| 11 | + release: |
| 12 | + types: [published] |
| 13 | + workflow_dispatch: |
13 | 14 |
|
14 | 15 | env: |
15 | 16 | # Use docker.io for Docker Hub if empty |
16 | 17 | REGISTRY: ghcr.io |
17 | 18 | # github.repository as <account>/<repo> |
18 | 19 | IMAGE_NAME: ${{ github.repository }} |
19 | | - |
20 | | - |
21 | 20 | jobs: |
22 | 21 | build: |
23 | | - |
24 | 22 | runs-on: ubuntu-latest |
25 | 23 | permissions: |
26 | 24 | contents: read |
27 | 25 | packages: write |
28 | 26 | # This is used to complete the identity challenge |
29 | 27 | # with sigstore/fulcio when running outside of PRs. |
30 | 28 | id-token: write |
31 | | - |
32 | 29 | steps: |
33 | 30 | - name: Checkout repository |
34 | | - uses: actions/checkout@v3 |
| 31 | + uses: actions/checkout@v4 |
35 | 32 |
|
36 | 33 | # Install the cosign tool except on PR |
37 | 34 | # https://github.com/sigstore/cosign-installer |
38 | 35 | - name: Install cosign |
39 | 36 | if: github.event_name != 'pull_request' |
40 | 37 | |
41 | 38 | with: |
42 | | - cosign-release: 'v2.1.1' |
| 39 | + cosign-release: v2.1.1 |
43 | 40 |
|
| 41 | + # Using QEME for multiple platforms |
| 42 | + # https://github.com/docker/build-push-action?tab=readme-ov-file#usage |
| 43 | + - name: Set up QEMU |
| 44 | + uses: docker/setup-qemu-action@v3 |
44 | 45 |
|
45 | 46 | # Workaround: https://github.com/docker/build-push-action/issues/461 |
46 | 47 | - name: Setup Docker buildx |
47 | | - uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf |
| 48 | + uses: docker/setup-buildx-action@v3 |
48 | 49 |
|
49 | 50 | # Login against a Docker registry except on PR |
50 | 51 | # https://github.com/docker/login-action |
51 | 52 | - name: Log into registry ${{ env.REGISTRY }} |
52 | 53 | if: github.event_name != 'pull_request' |
53 | | - uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c |
| 54 | + uses: docker/login-action@v3 |
54 | 55 | with: |
55 | 56 | registry: ${{ env.REGISTRY }} |
56 | 57 | username: ${{ github.actor }} |
|
63 | 64 | uses: docker/metadata-action@v5 |
64 | 65 | with: |
65 | 66 | images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} |
66 | | - tags: | |
67 | | - type=ref,event=branch |
68 | | - type=semver,pattern={{version}} |
69 | | - type=raw,value=latest,enable={{is_default_branch}} |
70 | 67 |
|
71 | 68 | # Build and push Docker image with Buildx (don't push on PR) |
72 | 69 | # https://github.com/docker/build-push-action |
|
75 | 72 | uses: docker/build-push-action@v5 |
76 | 73 | with: |
77 | 74 | context: . |
78 | | - push: ${{ github.event_name != 'pull_request' }} |
| 75 | + push: true |
79 | 76 | tags: ${{ steps.meta.outputs.tags }} |
80 | 77 | labels: ${{ steps.meta.outputs.labels }} |
| 78 | + platforms: linux/amd64, linux/arm64 |
81 | 79 | cache-from: type=gha |
82 | 80 | cache-to: type=gha,mode=max |
0 commit comments