3.23.0 #13
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Docker Release | |
| on: | |
| release: | |
| types: [published] | |
| permissions: {} | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| jobs: | |
| docker-release: | |
| if: startsWith(github.ref, 'refs/tags/') | |
| permissions: | |
| # Required to checkout the code | |
| contents: read | |
| # Required to sign the Docker image | |
| id-token: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Set IMAGE | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| IFS=$'\n\t' | |
| echo "IMAGE=${GITHUB_REPOSITORY#*/docker-}" >> "${GITHUB_ENV}" | |
| - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 | |
| with: | |
| fetch-depth: 1 | |
| persist-credentials: false | |
| - name: Set SOURCE_DATE_EPOCH | |
| run: | | |
| set -euo pipefail | |
| IFS=$'\n\t' | |
| echo "SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)" >> "${GITHUB_ENV}" | |
| - uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 | |
| - uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 | |
| - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 | |
| - uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 | |
| id: meta | |
| with: | |
| images: ${{ github.repository_owner }}/${{ env.IMAGE }} | |
| tags: | | |
| type=schedule | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| type=sha | |
| - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 | |
| id: build | |
| with: | |
| # zizmor: ignore[template-injection] no user input | |
| context: ${{ env.IMAGE }} | |
| platforms: linux/amd64,linux/arm64 | |
| pull: true | |
| push: true | |
| sbom: true | |
| provenance: mode=max | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Sign the Docker image | |
| working-directory: ${{ env.IMAGE }} | |
| env: | |
| DIGEST: ${{ steps.build.outputs.digest }} | |
| TAGS: ${{ steps.meta.outputs.tags }} | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| IFS=$'\n\t' | |
| images=() | |
| for tag in ${TAGS}; do | |
| images+=("${tag}@${DIGEST}") | |
| done | |
| cosign sign --recursive --yes "${images[@]}" | |
| - name: Manually generate release note | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| IFS=$'\n\t' | |
| echo "This failure is expected. It is a reminder to update the release notes for this newly created release." | |
| echo "To do so, go to ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/releases/latest and click on the edit button." | |
| echo "Then click on the 'Generate release notes' button and finally the 'Update release' button. Cheers!" | |
| exit 1 |