chore: add extra information in the error logging that may be insecure #27
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Master CI | |
# This workflow uses actions that are not certified by GitHub. | |
# They are provided by a third-party and are governed by | |
# separate terms of service, privacy policy, and support | |
# documentation. | |
on: | |
push: | |
branches: [master] | |
tags: | |
- v* | |
workflow_dispatch: | |
env: | |
# Use docker.io for Docker Hub if empty | |
REGISTRY: ghcr.io | |
# github.repository as <account>/<repo> | |
IMAGE_NAME: ${{ github.repository }} | |
TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }} | |
TURBO_TEAM: ${{ secrets.TURBO_TEAM }} | |
jobs: | |
# Push image to GitHub Packages. | |
# See also https://docs.docker.com/docker-hub/builds/ | |
yarn_install_and_build: | |
runs-on: ubuntu-latest | |
permissions: | |
packages: write | |
contents: read | |
steps: | |
- name: Setup | |
uses: actions/setup-node@v3 | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Get yarn cache directory path | |
id: yarn-cache-dir-path | |
run: echo "::set-output name=dir::$(yarn config get cacheFolder)" | |
- uses: actions/cache@v3 | |
id: yarn-cache | |
with: | |
path: ${{ steps.yarn-cache-dir-path.outputs.dir }} | |
key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }} | |
restore-keys: | | |
${{ runner.os }}-yarn- | |
- name: Restore NextJS cache | |
uses: actions/cache@v3 | |
with: | |
# See here for caching with `yarn` https://github.com/actions/cache/blob/main/examples.md#node---yarn or you can leverage caching with actions/setup-node https://github.com/actions/setup-node | |
path: | | |
${{ github.workspace }}/.next/cache | |
# Generate a new cache whenever packages or source files change. | |
key: ${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}-${{ hashFiles('**.[jt]s', '**.[jt]sx') }} | |
# If source files changed but packages didn't, rebuild from a prior cache. | |
restore-keys: | | |
${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}- | |
- run: yarn install | |
- run: yarn turbo build | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@v4 | |
with: | |
# list of Docker images to use as base name for tags | |
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
# generate Docker tags based on the following events/attributes | |
tags: | | |
type=raw,value=latest | |
type=pep440,pattern={{version}} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Login to GHCR | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and push | |
uses: docker/build-push-action@v4 | |
with: | |
platforms: linux/amd64,linux/arm64,linux/arm/v7 | |
context: . | |
push: true | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
network: host |