1- name : Docker
2-
3- # This workflow uses actions that are not certified by GitHub.
4- # They are provided by a third-party and are governed by
5- # separate terms of service, privacy policy, and support
6- # documentation.
1+ name : Docker Build
72
83on :
9- schedule :
10- - cron : ' 25 16 * * *'
114 push :
12- branches : [ "master" ]
13- # Publish semver tags as releases.
14- tags : [ 'v*.*.*' ]
5+ branches :
6+ - main
7+ - master
8+ - develop
9+ - " feature/**"
10+ - " hotfix/**"
11+ tags :
12+ - " v*.*.*"
1513 pull_request :
16- branches : [ "master" ]
17-
18- env :
19- # Use docker.io for Docker Hub if empty
20- REGISTRY : ghcr.io
21- # github.repository as <account>/<repo>
22- IMAGE_NAME : ${{ github.repository }}
23-
14+ branches :
15+ - main
16+ - develop
17+ - master
2418
2519jobs :
26- build :
27-
20+ docker :
2821 runs-on : ubuntu-latest
29- permissions :
30- contents : read
31- packages : write
32- # This is used to complete the identity challenge
33- # with sigstore/fulcio when running outside of PRs.
34- id-token : write
35-
3622 steps :
37- - name : Checkout repository
38- uses : actions/checkout@v3
39-
40- # Install the cosign tool except on PR
41- # https://github.com/sigstore/cosign-installer
42- - name : Install cosign
43- if : github.event_name != 'pull_request'
44- uses : sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 # v3.1.1
45- with :
46- cosign-release : ' v2.1.1'
47-
48- # Set up BuildKit Docker container builder to be able to build
49- # multi-platform images and export cache
50- # https://github.com/docker/setup-buildx-action
51- - name : Set up Docker Buildx
52- uses : docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
53-
54- # Login against a Docker registry except on PR
55- # https://github.com/docker/login-action
56- - name : Log into registry ${{ env.REGISTRY }}
57- if : github.event_name != 'pull_request'
58- uses : docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
59- with :
60- registry : ${{ env.REGISTRY }}
61- username : ${{ github.actor }}
62- password : ${{ secrets.GITHUB_TOKEN }}
63-
64- # Extract metadata (tags, labels) for Docker
65- # https://github.com/docker/metadata-action
66- - name : Extract Docker metadata
67- id : meta
68- uses : docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
69- with :
70- images : ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
71-
72- # Build and push Docker image with Buildx (don't push on PR)
73- # https://github.com/docker/build-push-action
74- - name : Build and push Docker image
75- id : build-and-push
76- uses : docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
23+ - uses : pnstack/actions/docker-publish@main
7724 with :
78- context : .
7925 platforms : linux/amd64,linux/arm64
80- push : ${{ github.event_name != 'pull_request' }}
81- tags : ${{ steps.meta.outputs.tags }}
82- labels : ${{ steps.meta.outputs.labels }}
83- cache-from : type=gha
84- cache-to : type=gha,mode=max
85-
86- # Sign the resulting Docker image digest except on PRs.
87- # This will only write to the public Rekor transparency log when the Docker
88- # repository is public to avoid leaking data. If you would like to publish
89- # transparency data even for private images, pass --force to cosign below.
90- # https://github.com/sigstore/cosign
91- - name : Sign the published Docker image
92- if : ${{ github.event_name != 'pull_request' }}
93- env :
94- # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
95- TAGS : ${{ steps.meta.outputs.tags }}
96- DIGEST : ${{ steps.build-and-push.outputs.digest }}
97- # This step uses the identity token to provision an ephemeral certificate
98- # against the sigstore community Fulcio instance.
99- run : echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
26+ dockerfile : Dockerfile
27+ context : .
28+ push_enabled : true
29+ registry : ghcr.io
0 commit comments