-
Notifications
You must be signed in to change notification settings - Fork 0
142 lines (99 loc) · 4.18 KB
/
_docker-publish.yml
File metadata and controls
142 lines (99 loc) · 4.18 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
name: "Publish Docker Image"
on:
workflow_call:
# No inputs needed at this time
jobs:
docker_publish:
runs-on: ubuntu-latest
permissions:
attestations: write
contents: read
id-token: write
packages: write
env:
DOCKER_IO_REGISTRY: docker.io
DOCKER_IO_IMAGE_NAME_ALL: helmuthva/oe-python-template-example
DOCKER_IO_IMAGE_NAME_SLIM: helmuthva/oe-python-template-example-slim
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Install dev tools
shell: bash
run: .github/workflows/_install_dev_tools.bash
- name: Set up QEMU
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
- name: Log in to Docker Hub
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Log in to GitHub container registry
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: "(all target): Extract metadata (tags, labels) for Docker"
id: meta-all
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
with:
images: |
${{ env.DOCKER_IO_IMAGE_NAME_ALL }}
ghcr.io/${{ github.repository }}
tags: |
# set latest tag for releases
type=raw,value=latest
# set semver tags from git tags (v1.2.3 -> 1.2.3, 1.2, 1)
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
- name: "(slim target): Extract metadata (tags, labels) for Docker"
id: meta-slim
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
with:
images: |
${{ env.DOCKER_IO_IMAGE_NAME_SLIM }}
ghcr.io/${{ github.repository }}-slim
tags: |
# set latest tag for releases
type=raw,value=latest
# set semver tags from git tags (v1.2.3 -> 1.2.3, 1.2, 1)
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
- name: "(all target): Build and push Docker image"
id: build-and-push-all
uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
with:
context: .
file: ./Dockerfile
target: all
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.meta-all.outputs.tags }}
labels: ${{ steps.meta-all.outputs.labels }}
- name: "(slim target): Build and push Docker image"
id: build-and-push-slim
uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
with:
context: .
file: ./Dockerfile
target: slim
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.meta-slim.outputs.tags }}
labels: ${{ steps.meta-slim.outputs.labels }}
- name: "(all target): Generate artifact attestation"
uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v2.2.3
with:
subject-name: ${{ env.DOCKER_IO_REGISTRY }}/${{ env.DOCKER_IO_IMAGE_NAME_ALL }}
subject-digest: ${{ steps.build-and-push-all.outputs.digest }}
push-to-registry: true
- name: "(slim target): Generate artifact attestation"
uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v2.2.3
with:
subject-name: ${{ env.DOCKER_IO_REGISTRY }}/${{ env.DOCKER_IO_IMAGE_NAME_SLIM }}
subject-digest: ${{ steps.build-and-push-slim.outputs.digest }}
push-to-registry: true