1+ name : Build and Publish Docker Image
2+
3+ on :
4+ push :
5+ branches :
6+ - main
7+ - develop
8+ tags :
9+ - ' v*'
10+ pull_request :
11+ branches :
12+ - main
13+ - develop
14+
15+ env :
16+ REGISTRY : ghcr.io
17+ IMAGE_NAME : ${{ github.repository }}
18+
19+ jobs :
20+ build-and-push :
21+ runs-on : ubuntu-latest
22+ permissions :
23+ contents : read
24+ packages : write
25+ id-token : write
26+ attestations : write
27+
28+ steps :
29+ - name : Checkout repository
30+ uses : actions/checkout@v4.2.2
31+
32+ - name : Set up Docker Buildx
33+ uses : docker/setup-buildx-action@v3.11.1
34+
35+ - name : Log in to Container Registry
36+ uses : docker/login-action@v3.5.0
37+ with :
38+ registry : ${{ env.REGISTRY }}
39+ username : ${{ github.actor }}
40+ password : ${{ secrets.GITHUB_TOKEN }}
41+
42+ - name : Extract metadata
43+ id : meta
44+ uses : docker/metadata-action@v5.8.0
45+ with :
46+ images : ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
47+ tags : |
48+ type=ref,event=branch
49+ type=ref,event=pr
50+ type=semver,pattern={{version}}
51+ type=semver,pattern={{major}}.{{minor}}
52+ type=semver,pattern={{major}}
53+ type=sha,prefix={{branch}}-
54+ type=raw,value=latest,enable={{is_default_branch}}
55+
56+ name : Build and push Docker image
57+ id : build
58+ uses : docker/build-push-action@v6.18.0
59+ with :
60+ context : .
61+ platforms : linux/amd64,linux/arm64
62+ push : true
63+ tags : ${{ steps.meta.outputs.tags }}
64+ labels : ${{ steps.meta.outputs.labels }}
65+ build-args : |
66+ VERSION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}
67+ cache-from : type=gha
68+ cache-to : type=gha,mode=max
69+
70+ - name : Generate artifact attestation
71+ uses : actions/attest-build-provenance@v2.4.0
72+ with :
73+ subject-name : ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
74+ subject-digest : ${{ steps.build.outputs.digest }}
75+ push-to-registry : true
0 commit comments