From 5093f7e553838b8b817480ed5af6046ba3357cc0 Mon Sep 17 00:00:00 2001 From: tebben Date: Tue, 13 Aug 2024 15:53:33 +0200 Subject: [PATCH] update docker build/publish --- .github/workflows/docker-publish.yml | 75 ++++++++++++++++------------ 1 file changed, 43 insertions(+), 32 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 0e45c6f..ce26447 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -1,73 +1,84 @@ -name: Docker Image Publish +name: Build and Push Docker Image on: push: branches: [ "main" ] - # Publish semver tags as releases. tags: [ 'v*.*.*' ] pull_request: branches: [ "main" ] env: - # Use docker.io for Docker Hub if empty REGISTRY: ghcr.io - # github.repository as / IMAGE_NAME: ${{ github.repository }} - jobs: build: - runs-on: ubuntu-latest permissions: contents: read packages: write - # This is used to complete the identity challenge - # with sigstore/fulcio when running outside of PRs. id-token: write steps: - name: Checkout repository uses: actions/checkout@v4 - # Install the cosign tool - # https://github.com/sigstore/cosign-installer - name: Install cosign - uses: sigstore/cosign-installer@v3.3.0 + if: github.event_name != 'pull_request' + uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 #v3.5.0 with: - cosign-release: 'v2.2.2' + cosign-release: 'v2.2.4' - # Workaround: https://github.com/docker/build-push-action/issues/461 - - name: Setup Docker buildx - uses: docker/setup-buildx-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3.0.0 - # Login against a Docker registry - # https://github.com/docker/login-action - name: Log into registry ${{ env.REGISTRY }} - uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c + if: github.event_name != 'pull_request' + uses: docker/login-action@v3.0.0 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - # Extract metadata (tags, labels) for Docker - # https://github.com/docker/metadata-action - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 + - name: Extract Docker metadata for tags + id: meta-tags + if: startsWith(github.ref, 'refs/tags/') + uses: docker/metadata-action@v5.0.0 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=tag,pattern={{version}} + type=raw,value=latest + + - name: Extract Docker metadata for branches + id: meta-branches + if: github.ref == 'refs/heads/main' + uses: docker/metadata-action@v5.0.0 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=raw,value=latest + + - name: Build and push Docker image for tags + id: build-and-push-tags + if: startsWith(github.ref, 'refs/tags/') + uses: docker/build-push-action@v5.0.0 + with: + context: . + push: true + tags: ${{ steps.meta-tags.outputs.tags }} + labels: ${{ steps.meta-tags.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max - # Build and push Docker image with Buildx - # https://github.com/docker/build-push-action - - name: Build and push Docker image - id: build-and-push - uses: docker/build-push-action@v5 + - name: Build and push Docker image for branches + id: build-and-push-branches + if: github.ref == 'refs/heads/main' + uses: docker/build-push-action@v5.0.0 with: - context: "{{defaultContext}}" + context: . push: true - #tags: ${{ steps.meta.outputs.tags }} - tags: ghcr.io/${{ github.repository }}:latest - labels: ${{ steps.meta.outputs.labels }} + tags: ${{ steps.meta-branches.outputs.tags }} + labels: ${{ steps.meta-branches.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max \ No newline at end of file