Update and pin GitHub Actions deps #33
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # GitHub actions workflow which builds and publishes the docker images. | ||
| name: Build and push docker images | ||
| on: | ||
| push: | ||
| tags: ["v*"] | ||
| branches: [ main ] | ||
| workflow_dispatch: | ||
| # Run on pull requests to test docker build. | ||
| # We explicitly do not push on pull requests (the job below is ended early). | ||
| # | ||
| # note: secrets will not be populated on pull requests from external authors. | ||
| pull_request: | ||
| permissions: | ||
| contents: read | ||
| packages: write | ||
| jobs: | ||
| build: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 | ||
| - name: Calculate docker image tag | ||
| id: set-tag | ||
| uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0 | ||
| with: | ||
| images: | | ||
| ghcr.io/${{ github.repository }} | ||
| docker.io/${{ secrets.DOCKER_HUB_USERNAME }}/${{ github.event.repository.name }} | ||
| flavor: | | ||
| latest=false | ||
| tags: | | ||
| type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }} | ||
| type=sha,prefix=,format=long | ||
| type=semver,pattern=v{{version}} | ||
| type=semver,pattern=v{{major}}.{{minor}} | ||
| - name: Don't push to registry if this is a PR | ||
| if: "${{ github.event_name }}" = "pull_request" | ||
| run: | | ||
| echo "Not pushing the image to any container registry as this workflow is running on a pull request" | ||
| exit 0 | ||
| - name: Log in to DockerHub | ||
| uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 | ||
| with: | ||
| username: ${{ secrets.DOCKER_HUB_USERNAME }} | ||
| password: ${{ secrets.DOCKER_HUB_TOKEN }} | ||
| - name: Log in to GHCR | ||
| uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 | ||
| with: | ||
| registry: ghcr.io | ||
| username: ${{ github.repository_owner }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: Build and push all platforms | ||
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 | ||
| with: | ||
| push: true | ||
| labels: "gitsha1=${{ github.sha }}" | ||
| tags: "${{ steps.set-tag.outputs.tags }}" | ||
| platforms: linux/amd64,linux/arm64 | ||
| cache-from: type=registry,ref=ghcr.io/${{ github.repository }}:buildcache | ||
| cache-to: type=registry,ref=ghcr.io/${{ github.repository }}:buildcache,mode=max | ||
