webhook-debugger-logger/.github/workflows/release-docker.yml at main · ar27111994/webhook-debugger-logger · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
name: Publish Docker Image

"on":
  release:
    types: [published]
  pull_request:
    branches: [main]

permissions:
  contents: read
  id-token: write
  packages: write

concurrency:
  group: release-docker-${{ github.event.release.tag_name || github.event.pull_request.number || github.ref }}
  cancel-in-progress: false

jobs:
  publish:
    runs-on: ubuntu-latest
    timeout-minutes: 30

    steps:
      - name: Checkout Code
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - name: Set Up QEMU
        uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0

      - name: Set Up Docker Buildx
        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0

      - name: Resolve Image Tags
        id: image_tags
        shell: bash
        env:
          RELEASE_TAG: ${{ github.event.release.tag_name }}
          RELEASE_PRERELEASE: ${{ github.event.release.prerelease }}
        run: |
          owner="${GITHUB_REPOSITORY_OWNER,,}"
          release_tag="${RELEASE_TAG:-pr-${{ github.event.pull_request.number || github.run_number }}}"
          image_name="webhook-debugger-logger"

          {
            echo "tags<<EOF"
            echo "ghcr.io/${owner}/${image_name}:${release_tag}"
            if [[ "${GITHUB_EVENT_NAME}" == 'release' ]]; then
              version="${release_tag#v}"
              minor="$(echo "${version}" | cut -d. -f1,2)"
              echo "ghcr.io/${owner}/${image_name}:${version}"
              echo "ghcr.io/${owner}/${image_name}:${minor}"
            fi
            if [[ "${GITHUB_EVENT_NAME}" == 'release' && "${RELEASE_PRERELEASE}" != 'true' ]]; then
              echo "ghcr.io/${owner}/${image_name}:latest"
            fi
            echo "EOF"
          } >> "$GITHUB_OUTPUT"

      - name: Log In to GitHub Container Registry
        if: github.event_name == 'release'
        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and Publish Standalone Image
        if: github.event_name == 'release'
        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
        with:
          context: .
          file: Dockerfile
          target: runtime-standalone
          platforms: linux/amd64,linux/arm64
          push: true
          tags: ${{ steps.image_tags.outputs.tags }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
          provenance: true
          sbom: true

      - name: Verify Docker release workflow wiring on pull requests
        if: github.event_name != 'release'
        run: echo "PR validation complete; Docker publishing only runs for published releases."