From 0d34163d641fc0ece2b1794e83909e4563c7d137 Mon Sep 17 00:00:00 2001 From: Myk Taylor Date: Thu, 28 Nov 2024 20:34:33 -0800 Subject: [PATCH] follow guide at https://docs.github.com/en/actions/use-cases-and-examples/publishing-packages/publishing-docker-images --- .github/workflows/container-build.yml | 34 ++++++++++++++++++++------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/.github/workflows/container-build.yml b/.github/workflows/container-build.yml index 84401de..409857d 100644 --- a/.github/workflows/container-build.yml +++ b/.github/workflows/container-build.yml @@ -5,6 +5,10 @@ on: branches: - master +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + jobs: build-and-push: strategy: @@ -14,22 +18,34 @@ jobs: # - gcc-4.8 # - latest runs-on: ubuntu-latest + permissions: + contents: read + packages: write + attestations: write + id-token: write steps: - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - name: Login to GHCR uses: docker/login-action@v3 with: - registry: ghcr.io - username: ${{ env.GHCR_NAMESPACE }} + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - name: Build and push + id: push uses: docker/build-push-action@v6 with: context: "{{defaultContext}}:${{ matrix.IMAGE_TAG }}" push: true - tags: ${{ env.GHCR_NAMESPACE }}/${{ env.IMAGE_NAME }}:${{ matrix.IMAGE_TAG }} - -env: - GHCR_NAMESPACE: dfhack - IMAGE_NAME: build-env + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v1 + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true