-
Notifications
You must be signed in to change notification settings - Fork 0
67 lines (63 loc) · 2.35 KB
/
publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
name: Create and publish a Docker image
on:
push:
branches:
- main
- dev
workflow_dispatch:
env:
REGISTRY: ghcr.io
REPO_NAME: ${{ github.repository }}
jobs:
build-and-push-image:
runs-on: ubuntu-latest
# Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
permissions:
contents: read
packages: write
attestations: write
id-token: write
#
strategy:
matrix:
image:
- tofutf
- rig-ubuntu
- rig-rocky8
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
env:
IMAGE: ${{ matrix.image }}.Dockerfile
id: meta
run: |
echo "tag=$(grep FROM $IMAGE | cut -d: -f2)" >> "$GITHUB_OUTPUT"
# setup buildx is needed to use cache
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push Docker image
id: push
uses: docker/build-push-action@v6
with:
context: .
file: ${{ matrix.image }}.Dockerfile
push: ${{ github.ref == 'refs/heads/main' }}
tags: |
${{ env.REGISTRY }}/${{ env.REPO_NAME }}/${{ matrix.image }}:${{ steps.meta.outputs.tag }}
${{ env.REGISTRY }}/${{ env.REPO_NAME }}/${{ matrix.image }}:latest
cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.REPO_NAME }}/${{ matrix.image }}:latest
cache-to: type=inline
# # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see "[AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)."
# - name: Generate artifact attestation
# uses: actions/attest-build-provenance@v1
# with:
# subject-name: ${{ env.REGISTRY }}/${{ env.REPO_NAME }}/${{ matrix.image }}
# subject-digest: ${{ steps.push.outputs.digest }}
# push-to-registry: true