-
Notifications
You must be signed in to change notification settings - Fork 6
76 lines (75 loc) · 2.72 KB
/
publish.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
name: Create and publish a Docker image
on:
push:
tags:
- '*'
branches: [ continuous-release-exo ]
env:
BRANCH_BUILD_TAGS: "nightly-exo"
jobs:
parse-docker-build-env:
name: 'Parse Docker Build Environment'
runs-on: ubuntu-latest
outputs:
buildTags: ${{ steps.detect-push-event.outputs.buildTags }}
steps:
- name: Check if push is a tag or branch
id: detect-push-event
run: |
if [[ $GITHUB_REF == refs/tags/* ]]; then
echo "This is a tag push (${GITHUB_REF#refs/tags/})"
echo "Building docker tag: ${GITHUB_REF#refs/tags/}"
echo "buildTags=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
elif [[ $GITHUB_REF == refs/heads/* ]]; then
echo "This is a branch push (${GITHUB_REF#refs/heads/})"
echo "Building docker tags: ${{ env.BRANCH_BUILD_TAGS }}"
echo "buildTags=${{ env.BRANCH_BUILD_TAGS }}" >> $GITHUB_OUTPUT
else
echo "Unknown push type"
exit 1
fi
build-dockerhub-image:
permissions:
contents: read
packages: write
id-token: write
attestations: write
name: "Build Docker Images to DockerHub Registry"
uses: exoplatform/swf-scripts/.github/workflows/buildDockerImage.yml@master
needs: parse-docker-build-env
with:
dockerImage: "meedsio/meeds"
dockerImageTag: ${{ needs.parse-docker-build-env.outputs.buildTags }}
signImage: true
cosignImage: true
attestImage: true
secrets:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
DOCKER_PRIVATE_KEY_ID: ${{ secrets.DOCKER_PRIVATE_KEY_ID }}
DOCKER_PRIVATE_KEY: ${{ secrets.DOCKER_PRIVATE_KEY }}
DOCKER_PRIVATE_KEY_PASSPHRASE: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
build-ghcr-image:
permissions:
contents: read
packages: write
id-token: write
attestations: write
name: "Build Docker Images to Github Container Registry"
uses: exoplatform/swf-scripts/.github/workflows/buildDockerImage.yml@master
needs: parse-docker-build-env
with:
dockerRegistry: "ghcr.io"
dockerImage: "meeds-io/meeds/meeds-io"
dockerImageTag: ${{ needs.parse-docker-build-env.outputs.buildTags }}
cosignImage: true
cosignOidcImage: true
attestImage: true
attestImageRegistry: "ghcr.io"
secrets:
DOCKER_USERNAME: ${{ secrets.SWF_ACTOR }}
DOCKER_PASSWORD: ${{ secrets.SWF_TOKEN }}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}