1+ name : Build and publish docker image
2+ on :
3+ workflow_dispatch :
4+ push :
5+ branches :
6+ - main
7+ - use_head_commit
8+ tags :
9+ # any tag names starting with 'v'
10+ - ' v*'
11+ env :
12+ REGISTRY : ghcr.io
13+ IMAGE_NAME : ${{ github.repository }}
14+
15+ jobs :
16+ build :
17+ runs-on : ubuntu-latest
18+ permissions :
19+ contents : read
20+ # Gives the action the ability to mint the OIDC token necessary to request a Sigstore signing certificate
21+ id-token : write
22+ # Permission necessary to persist the attestation
23+ attestations : write
24+ steps :
25+ - name : Checkout repository
26+ uses : actions/checkout@v4
27+ - name : Set-up Docker Buildx
28+ uses : docker/setup-buildx-action@v3
29+ with :
30+ platforms : linux/amd64
31+ - name : Log in to the Github Container registry
32+ uses : docker/login-action@v3
33+ with :
34+ registry : ${{ env.REGISTRY }}
35+ username : ${{ github.actor }}
36+ password : ${{ secrets.GITHUB_TOKEN }}
37+ - name : Extract metadata (tags, labels) for Docker
38+ id : meta
39+ uses : docker/metadata-action@v5
40+ with :
41+ images : ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
42+ tags : |
43+ type=ref,event=branch
44+ type=ref,event=pr
45+ type=semver,pattern={{version}}
46+ type=semver,pattern={{major}}.{{minor}}
47+ name : Build and push Docker image
48+ id : push
49+ uses : docker/build-push-action@v6
50+ with :
51+ context : .
52+ push : true
53+ tags : ${{ steps.meta.outputs.tags }}
54+ labels : ${{ steps.meta.outputs.labels }}
55+ - name : Generate artifact attestation
56+ uses : actions/attest-build-provenance@v2
57+ with :
58+ subject-name : ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
59+ subject-digest : ${{ steps.push.outputs.digest }}
60+ push-to-registry : true
0 commit comments