generated from strg-at/template-basic
-
Notifications
You must be signed in to change notification settings - Fork 0
115 lines (104 loc) · 3.71 KB
/
docker-build-push-github.yaml
File metadata and controls
115 lines (104 loc) · 3.71 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
---
name: build and push docker image to github
on:
workflow_call:
inputs:
runner:
description: '["some-runners"]'
required: true
type: string
registry:
description: "registry url"
required: false
type: string
default: "ghcr.io"
subpath:
description: "subpath to image name, f.e. integration/app-name"
required: true
type: string
tags:
description: "tags for image - default sha"
required: false
type: string
default: ${{ github.sha }}
platforms:
description: "define multi-platform images"
required: false
type: string
file:
description: "path to Dockerfile"
required: false
type: string
free-disk-space:
description: "boolean to free disk space before build - default false"
required: false
type: boolean
default: false
context:
description: "build context - default ."
required: false
type: string
default: .
outputs:
metadata:
description: "docker metadata"
value: ${{ jobs.docker-build-push-github.outputs.metadata }}
jobs:
docker-build-push-github:
name: github
runs-on: ${{fromJSON(inputs.runner)}}
permissions:
contents: read
id-token: write
packages: write
env:
image-path: ${{ inputs.registry }}/${{ github.repository }}/${{ inputs.subpath }}
outputs:
metadata: ${{ steps.meta.outputs.json }}
steps:
# https://github.com/marketplace/actions/checkout
- name: checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
# https://github.com/marketplace/actions/cosign-installer
- name: setup cosign
uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
# https://github.com/marketplace/actions/docker-setup-buildx
- name: setup docker buildx
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
# https://github.com/marketplace/actions/docker-login
- name: log into registry
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
with:
registry: ${{ inputs.registry }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# https://github.com/marketplace/actions/docker-metadata-action
- name: extract metadata for docker
id: meta
uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
with:
images: ${{ env.image-path }}
tags: ${{ inputs.tags }}
# https://github.com/marketplace/actions/free-disk-space-ubuntu-runners
- name: free disk space
if: ${{ inputs.free-disk-space }}
uses: endersonmenezes/free-disk-space@e6ed9b02e683a3b55ed0252f1ee469ce3b39a885 # v3
with:
remove_android: true
remove_dotnet: true
remove_haskell: true
# https://github.com/marketplace/actions/build-and-push-docker-images
- name: build and push docker image
id: build-and-push
uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2
with:
push: true
platforms: ${{ inputs.platforms }}
file: ${{ inputs.file }}
context: ${{ inputs.context }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
provenance: false
# https://github.com/sigstore/cosign
- name: sign the published docker image
run: cosign sign --yes ${{ env.image-path }}@${{ steps.build-and-push.outputs.digest }}