gui.do / barazo-api
Barazo AppView backend barazo.forum
fork atom
barazo-api / .github / workflows / docker.yml
at main 67 lines 2.0 kB view raw
dependabot[bot] chore(deps): bump actions/attest-build-provenance from 3.2.0 to 4.1.0 (#117)
a4971808
1name: Docker 2 3on: 4 push: 5 tags: 6 - 'v*' 7 workflow_dispatch: 8 9env: 10 REGISTRY: ghcr.io 11 IMAGE_NAME: ${{ github.repository }} 12 13jobs: 14 build-and-push: 15 name: Build and Push Docker Image 16 runs-on: ubuntu-latest 17 permissions: 18 contents: read 19 packages: write 20 attestations: write 21 id-token: write 22 23 steps: 24 - name: Checkout 25 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 26 27 - name: Set up Docker Buildx 28 uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3 29 30 - name: Login to Container Registry 31 uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 32 with: 33 registry: ${{ env.REGISTRY }} 34 username: ${{ github.actor }} 35 password: ${{ secrets.GITHUB_TOKEN }} 36 37 - name: Extract metadata 38 id: meta 39 uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5 40 with: 41 images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} 42 tags: | 43 type=ref,event=branch 44 type=ref,event=pr 45 type=semver,pattern={{version}} 46 type=semver,pattern={{major}}.{{minor}} 47 type=semver,pattern={{major}} 48 type=sha 49 50 - name: Build and push Docker image 51 id: build 52 uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 53 with: 54 context: . 55 push: true 56 tags: ${{ steps.meta.outputs.tags }} 57 labels: ${{ steps.meta.outputs.labels }} 58 cache-from: type=gha 59 cache-to: type=gha,mode=max 60 platforms: linux/amd64,linux/arm64 61 62 - name: Generate artifact attestation 63 uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 64 with: 65 subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} 66 subject-digest: ${{ steps.build.outputs.digest }} 67 push-to-registry: true