1- name : Build and Push Image to GHCR.IO
2-
3- # This workflow uses actions that are not certified by GitHub.
4- # They are provided by a third-party and are governed by
5- # separate terms of service, privacy policy, and support
6- # documentation.
7-
8-
1+ name : Build, Push to GHCR.IO, and Deploy to Azure
92
103on :
114 workflow_dispatch :
125
13-
146env :
15- # Use docker.io for Docker Hub if empty
167 REGISTRY : ghcr.io
17- # github.repository as <account>/<repo>
188 IMAGE_NAME : sayedimac/docker-app
199
20-
2110jobs :
2211 build :
23-
24- # runs-on: ubuntu-latest
2512 runs-on : ubuntu-latest
2613 permissions :
2714 contents : read
2815 packages : write
29- # This is used to complete the identity challenge
30- # with sigstore/fulcio when running outside of PRs.
3116 id-token : write
3217
3318 steps :
3419 - name : Checkout repository
3520 uses : actions/checkout@v3
3621
37- # Install the cosign tool except on PR
38- # https://github.com/sigstore/cosign-installer
39- # - name: Install cosign
40- # if: github.event_name != 'pull_request'
41- # uses: sigstore/cosign-installer@cb49023b9227b1097e5eddd8824f48bdea11b1aa #v2.6.0
42- # with:
43- # cosign-release: 'v3.1.1'
44-
45-
46- # Workaround: https://github.com/docker/build-push-action/issues/461
4722 - name : Setup Docker buildx
48- uses : docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
23+ uses : docker/setup-buildx-action@v3
4924
50- # Login against a Docker registry except on PR
51- # https://github.com/docker/login-action
5225 - name : Log into registry ${{ env.REGISTRY }}
5326 if : github.event_name != 'pull_request'
54- uses : docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
27+ uses : docker/login-action@v3
5528 with :
5629 registry : ${{ env.REGISTRY }}
5730 username : ${{ github.actor }}
5831 password : ${{ secrets.GITHUB_TOKEN }}
5932
60- # Extract metadata (tags, labels) for Docker
61- # https://github.com/docker/metadata-action
6233 - name : Extract Docker metadata
6334 id : meta
64- uses : docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
35+ uses : docker/metadata-action@v5
6536 with :
6637 images : ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
6738 tags : |
7041 type=semver,pattern={{version}}
7142 type=semver,pattern={{major}}.{{minor}}
7243
73- # Build and push Docker image with Buildx (don't push on PR)
74- # https://github.com/docker/build-push-action
7544name : Build and push Docker image
7645 id : build-and-push
77- uses : docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a
46+ uses : docker/build-push-action@v5
7847 with :
7948 context : .
8049 push : ${{ github.event_name != 'pull_request' }}
@@ -83,16 +52,17 @@ jobs:
8352 cache-from : type=gha
8453 cache-to : type=gha,mode=max
8554
55+ deploy :
56+ needs : build
57+ runs-on : ubuntu-latest
58+
59+ steps :
60+ - name : Checkout code
61+ uses : actions/checkout@v3
8662
87- # Sign the resulting Docker image digest except on PRs.
88- # This will only write to the public Rekor transparency log when the Docker
89- # repository is public to avoid leaking data. If you would like to publish
90- # transparency data even for private images, pass --force to cosign below.
91- # https://github.com/sigstore/cosign
92- # - name: Sign the published Docker image
93- # if: ${{ github.event_name != 'pull_request' }}
94- # env:
95- # COSIGN_EXPERIMENTAL: "true"
96- # # This step uses the identity token to provision an ephemeral certificate
97- # # against the sigstore community Fulcio instance.
98- # run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }}
63+ - name : Deploy to Azure Web App
64+ uses : azure/webapps-deploy@v2
65+ with :
66+ app-name : your-app-name
67+ publish-profile : ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
68+ images : ghcr.io/sayedimac/docker-app
0 commit comments