File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ name : Publish docker image
2+
3+ on :
4+ workflow_dispatch :
5+ inputs :
6+ release_tag :
7+ description : ' Tag to release'
8+ required : true
9+ type : string
10+
11+ permissions :
12+ contents : read
13+ packages : write
14+
15+ jobs :
16+ build :
17+ runs-on : ubuntu-latest
18+ if : startsWith(github.event.inputs.release_tag, 'v')
19+ steps :
20+ - name : Harden the runner (Audit all outbound calls)
21+ uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
22+ with :
23+ egress-policy : audit
24+
25+ - name : Checkout
26+ uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
27+ - name : Validate tag format
28+ run : |
29+ TAG=${{ github.event.inputs.release_tag }}
30+ if ! echo "$TAG" | grep -Eq '^v[0-9]+\.[0-9]+\.[0-9]+$'; then
31+ echo "❌ Invalid tag format: $TAG"
32+ exit 1
33+ fi
34+ echo "✅ Valid semver tag: $TAG"
35+ name : Log in to GitHub Container Registry
36+ uses : docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
37+ with :
38+ registry : ghcr.io
39+ username : ${{ github.actor }}
40+ password : ${{ secrets.GITHUB_TOKEN }}
41+
42+ - name : Set up QEMU for ARM builds
43+ uses : docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
44+
45+ - name : Set up Docker Buildx
46+ uses : docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
47+
48+ - name : Build and push Docker image
49+ uses : docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
50+ with :
51+ context : .
52+ push : true
53+ platforms : linux/amd64,linux/arm64
54+ tags : |
55+ ghcr.io/${{ github.repository }}:${{ github.event.inputs.release_tag }}
You can’t perform that action at this time.
0 commit comments