@@ -3,12 +3,12 @@ name: Docker
33on :
44 push :
55 # push events will publish a new image, so only trigger on main branch or semver tags.
6- branches : [ ' main' ]
7- tags : [ 'v*' ]
6+ branches : [" main" ]
7+ tags : ["v*" ]
88 pull_request :
99 # Run the workflow on pull_request events to ensure we can still build the image.
1010 # We only publish the image on push events (see if statements in steps below).
11- branches : [ ' main' ]
11+ branches : [" main" ]
1212
1313env :
1414 REGISTRY : ghcr.io
@@ -27,44 +27,44 @@ jobs:
2727 id-token : write
2828
2929 steps :
30- - uses : actions/checkout@v3
30+ - uses : actions/checkout@v3
3131
32- - name : Setup Docker buildx
33- uses : docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.2.1
34- with :
35- # use buildx v0.9.1 (https://community.fly.io/t/10171/19)
36- version : v0.9.1
32+ - name : Setup Docker buildx
33+ uses : docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.2.1
34+ with :
35+ # use buildx v0.9.1 (https://community.fly.io/t/10171/19)
36+ version : v0.9.1
3737
38- - name : Log into registry ${{ env.REGISTRY }}
39- uses : docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
40- if : github.event_name == 'push'
41- with :
42- registry : ${{ env.REGISTRY }}
43- username : ${{ github.actor }}
44- password : ${{ secrets.GITHUB_TOKEN }}
38+ - name : Log into registry ${{ env.REGISTRY }}
39+ uses : docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
40+ if : github.event_name == 'push'
41+ with :
42+ registry : ${{ env.REGISTRY }}
43+ username : ${{ github.actor }}
44+ password : ${{ secrets.GITHUB_TOKEN }}
4545
46- - name : Extract Docker metadata
47- id : meta
48- uses : docker/metadata-action@57396166ad8aefe6098280995947635806a0e6ea # v4.1.1
49- with :
50- images : ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
46+ - name : Extract Docker metadata
47+ id : meta
48+ uses : docker/metadata-action@57396166ad8aefe6098280995947635806a0e6ea # v4.1.1
49+ with :
50+ images : ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
5151
52- - name : Build and push Docker image
53- id : build-and-push
54- uses : docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 # v3.2.0
55- with :
56- context : .
57- push : ${{ github.event_name == 'push' }}
58- tags : ${{ steps.meta.outputs.tags }}
59- labels : ${{ steps.meta.outputs.labels }}
60- platforms : linux/amd64,linux/arm64,linux/arm/v7
52+ - name : Build and push Docker image
53+ id : build-and-push
54+ uses : docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 # v3.2.0
55+ with :
56+ context : .
57+ push : ${{ github.event_name == 'push' }}
58+ tags : ${{ steps.meta.outputs.tags }}
59+ labels : ${{ steps.meta.outputs.labels }}
60+ platforms : linux/amd64,linux/arm64,linux/arm/v7
6161
62- # Sign the Docker image
63- - name : Install cosign
64- if : github.event_name == 'push'
65- uses : sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # v2.8.1
66- - name : Sign the published Docker image
67- if : github.event_name == 'push'
68- env :
69- COSIGN_EXPERIMENTAL : " true"
70- run : cosign sign ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}
62+ # Sign the Docker image
63+ - name : Install cosign
64+ if : github.event_name == 'push'
65+ uses : sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # v2.8.1
66+ - name : Sign the published Docker image
67+ if : github.event_name == 'push'
68+ env :
69+ COSIGN_EXPERIMENTAL : " true"
70+ run : cosign sign ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}
0 commit comments