.github/workflows/publish-container.yaml

name: publish-container

on:
  pull_request:
    branches:
      - main
  push:
    branches:
      - main
    tags:
      - "v*.*.*"

jobs:
  docker:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
    env:
      tags: >-
        ${{ github.ref == format('refs/heads/{0}', 'main') && 'latest' || '' }}
        ${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.number) || '' }}
        ${{ github.event_name == 'push' && github.ref_name || '' }}
        sha-${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
    steps:
      - name: Checkout
        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
        with:
          ref: ${{ github.event.pull_request.head.sha }}
      - name: Setup and configure Docker
        run: |
          [[ $EUID -ne 0 ]] && exec sudo /bin/sh "$0" "$@"
          for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; \
            do apt-get remove $pkg; \
          done
          apt-get update
          apt-get install ca-certificates curl
          install -m 0755 -d /etc/apt/keyrings
          curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
          chmod a+r /etc/apt/keyrings/docker.asc
          echo \
            "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
            $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
            tee /etc/apt/sources.list.d/docker.list > /dev/null
          apt-get update
          cat << EOF >/etc/docker/daemon.json
          {
            "features": {
              "containerd-snapshotter": true
            }
          }
          EOF
          apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
          systemctl restart docker
          docker buildx create --driver docker-container --bootstrap --name build --use
      - name: Build
        run: make
      - name: Push
        run: |
          env -C out/ecr-proxy tar -cf - . | docker load
          docker tag "tkhq/ecr-proxy:latest" "ghcr.io/tkhq/ecr-proxy:latest"
          for tag in ${tags}; do
              docker tag "tkhq/ecr-proxy:latest" "ghcr.io/tkhq/ecr-proxy:${tag}"
          done
          echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u "${{ github.actor }}" --password-stdin
          docker image push --all-tags "ghcr.io/tkhq/ecr-proxy"