fix: add required permissions for package publishing #25
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker Build and Publish | |
| on: | |
| push: | |
| tags: [ 'v*.*.*' ] | |
| # Allow manual trigger from GitHub UI | |
| workflow_dispatch: | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| actions: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| # Set up image names (converting to lowercase) | |
| - name: Set image names | |
| run: | | |
| echo "GPU_IMAGE_NAME=${{ env.REGISTRY }}/$(echo ${{ env.IMAGE_NAME }} | tr '[:upper:]' '[:lower:]')-gpu" >> $GITHUB_ENV | |
| echo "CPU_IMAGE_NAME=${{ env.REGISTRY }}/$(echo ${{ env.IMAGE_NAME }} | tr '[:upper:]' '[:lower:]')-cpu" >> $GITHUB_ENV | |
| echo "UI_IMAGE_NAME=${{ env.REGISTRY }}/$(echo ${{ env.IMAGE_NAME }} | tr '[:upper:]' '[:lower:]')-ui" >> $GITHUB_ENV | |
| echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV | |
| # Extract version tag if it exists | |
| - name: Set version tag | |
| if: startsWith(github.ref, 'refs/tags/') | |
| run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV | |
| # Build and push GPU version | |
| - name: Build and push GPU Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./docker/gpu/Dockerfile | |
| push: true | |
| tags: | | |
| ${{ env.GPU_IMAGE_NAME }}:latest | |
| ${{ env.GPU_IMAGE_NAME }}:${{ env.VERSION }} | |
| build-args: | | |
| DOCKER_BUILDKIT=1 | |
| platforms: linux/amd64 | |
| # Build and push CPU version | |
| - name: Build and push CPU Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./docker/cpu/Dockerfile | |
| push: true | |
| tags: | | |
| ${{ env.CPU_IMAGE_NAME }}:latest | |
| ${{ env.CPU_IMAGE_NAME }}:${{ env.VERSION }} | |
| build-args: | | |
| DOCKER_BUILDKIT=1 | |
| platforms: linux/amd64 | |
| # Build and push UI version | |
| - name: Build and push UI Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: ./ui | |
| file: ./ui/Dockerfile | |
| push: true | |
| tags: | | |
| ${{ env.UI_IMAGE_NAME }}:latest | |
| ${{ env.UI_IMAGE_NAME }}:${{ env.VERSION }} | |
| build-args: | | |
| DOCKER_BUILDKIT=1 | |
| platforms: linux/amd64 | |
| create-release: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| # Only run this job if we're pushing a tag | |
| if: startsWith(github.ref, 'refs/tags/') | |
| permissions: | |
| contents: write | |
| packages: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Create Release | |
| uses: softprops/action-gh-release@v1 | |
| env: | |
| IS_PRERELEASE: ${{ contains(github.ref, '-pre') }} | |
| with: | |
| generate_release_notes: true | |
| draft: false | |
| prerelease: ${{ contains(github.ref, '-pre') }} |