gha-workflows/.github/workflows/build-push-attest-docker.yml

71 lines
1.9 KiB
YAML
Raw Normal View History

name: Publish Docker Image
on:
workflow_call:
inputs:
release:
required: true
type: string
2024-07-16 20:02:55 +02:00
outputs:
success:
description: "Did the flow succeed?"
value: ${{ jobs.publish.outputs.success }}
jobs:
publish:
name: Publish Docker image
runs-on: ubuntu-latest
permissions:
packages: write
contents: read
attestations: write
id-token: write
2024-07-16 20:02:55 +02:00
outputs:
success: ${{ steps.set_flag.outputs.success }}
steps:
- name: Check out the repo
uses: actions/checkout@v4
with:
ref: ${{ inputs.release }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/${{ github.repository }}
tags: |
type=semver,pattern=v{{version}},value=${{ inputs.release }}
- name: Build and push Docker image
id: push
uses: docker/build-push-action@v6
with:
context: .
push: true
labels: ${{ steps.meta.outputs.labels }}
tags: |
ghcr.io/${{ github.repository }}:latest
ghcr.io/${{ github.repository }}:${{ inputs.release }}
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v1
with:
subject-name: ghcr.io/${{ github.repository }}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true
2024-07-16 20:02:55 +02:00
- name: Set success flag
id: set_flag
run: echo "success=true" >> "$GITHUB_OUTPUT"