Skip to content

Commit 7f85c96

Browse files
barelyhumanbarelyhuman
authored
ci: automate image metadata generation by events (#27)
* ci: change login secret * ci: automate tag handling
1 parent 0c7189d commit 7f85c96

File tree

1 file changed

+33
-61
lines changed

1 file changed

+33
-61
lines changed

.github/workflows/docker-pub.yml

+33-61
Original file line numberDiff line numberDiff line change
@@ -4,89 +4,61 @@ on:
44
workflow_dispatch:
55
schedule:
66
- cron: "0 0 * * *"
7+
pull_request:
8+
branches:
9+
- 'dev'
710
push:
811
tags:
912
- 'v*.*.*'
1013

14+
env:
15+
REGISTRY: ghcr.io
16+
IMAGE_NAME: ${{ github.repository }}
17+
18+
1119
jobs:
12-
build:
13-
name: Buid and push Docker image to GitHub Container registry
20+
build-and-push-image:
1421
runs-on: ubuntu-latest
1522
permissions:
1623
contents: read
1724
packages: write
1825
attestations: write
1926
id-token: write
20-
27+
2128
steps:
22-
- name: Checkout the repository
29+
- name: Checkout repository
2330
uses: actions/checkout@v4
2431

25-
- name: Get current date
26-
id: date
27-
run: echo "::set-output name=date::$(date +'%Y%m%d')"
28-
29-
- name: Set up QEMU
30-
uses: docker/setup-qemu-action@v3
31-
- name: Set up Docker Buildx
32-
uses: docker/setup-buildx-action@v3
33-
34-
- name: Login to GitHub Container Registry
35-
uses: docker/login-action@v3
32+
- name: Log in to the Container registry
33+
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
3634
with:
37-
registry: ghcr.io
38-
username: ${{ github.repository_owner }}
39-
password: ${{ secrets.GH_TOKEN }}
40-
41-
- name: Build Nightly Meta
42-
run: |
43-
echo "DEVELOPMENT_TAG=ghcr.io/barelyhuman/goblin:nightly-${{ steps.date.outputs.date }}" >> $GITHUB_ENV
44-
45-
- name: Build Release Meta
46-
run: |
47-
echo "RELEASE_TAG=ghcr.io/barelyhuman/goblin:${{ github.ref_name }}" >> $GITHUB_ENV
48-
if: github.ref_type == 'tag'
35+
registry: ${{ env.REGISTRY }}
36+
username: ${{ github.actor }}
37+
password: ${{ secrets.GITHUB_TOKEN }}
38+
39+
- name: Extract metadata (tags, labels) for Docker
40+
id: meta
41+
uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
42+
with:
43+
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
44+
tags: |
45+
type=ref,event=branch
46+
type=ref,event=pr
47+
type=semver,pattern={{version}}
48+
type=semver,pattern={{major}}.{{minor}}
4949
50-
- name: Build and push nightly
51-
uses: docker/build-push-action@v6
50+
- name: Build and push Docker image
5251
id: push
53-
env:
54-
REGISTRY: ghcr.io
55-
OWNER: ${{ github.repository_owner }}
56-
IMAGE_NAME: ${{ github.repository }}
57-
with:
58-
context: .
59-
file: Dockerfile
60-
platforms: linux/amd64,linux/arm64
61-
push: true
62-
tags: ${{ env.DEVELOPMENT_TAG }},nightly
63-
64-
- name: Build and push release tag
65-
if: github.ref_type == 'tag'
66-
uses: docker/build-push-action@v6
67-
id: pushRelease
68-
env:
69-
REGISTRY: ghcr.io
70-
OWNER: ${{ github.repository_owner }}
71-
IMAGE_NAME: ${{ github.repository }}
52+
uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
7253
with:
7354
context: .
74-
file: Dockerfile
75-
platforms: linux/amd64,linux/arm64
7655
push: true
77-
tags: ${{ env.RELEASE_TAG }}
78-
56+
tags: ${{ steps.meta.outputs.tags }}
57+
labels: ${{ steps.meta.outputs.labels }}
58+
7959
- name: Generate artifact attestation
8060
uses: actions/attest-build-provenance@v1
8161
with:
82-
subject-name: ghcr.io/barelyhuman/goblin
62+
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
8363
subject-digest: ${{ steps.push.outputs.digest }}
84-
push-to-registry: true
85-
86-
- name: Generate release artifact attestation
87-
if: github.ref_type == 'tag'
88-
uses: actions/attest-build-provenance@v1
89-
with:
90-
subject-name: ghcr.io/barelyhuman/goblin
91-
subject-digest: ${{ steps.pushRelease.outputs.digest }}
9264
push-to-registry: true

0 commit comments

Comments
 (0)