From 45779a0b4c7339fda71084644070181448d82126 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rados=C5=82aw=20Sporny?= <404@rspo.dev> Date: Sat, 30 Nov 2024 19:25:21 +0100 Subject: [PATCH] add: build and publish docker image job --- .github/workflows/publish.yaml | 55 ++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 .github/workflows/publish.yaml diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml new file mode 100644 index 0000000..1a3ca34 --- /dev/null +++ b/.github/workflows/publish.yaml @@ -0,0 +1,55 @@ +name: Create and publish a Docker image + +on: + push: + branches: + - main + +env: + REGISTRY: ghcr.io + +jobs: + build-and-push-image: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + include: + - path: ./backend + image: ghcr.io/${{ github.repository }}/backend + - path: ./frontend + image: ghcr.io/${{ github.repository }}/frontend + permissions: + contents: read + packages: write + attestations: write + id-token: write + steps: + - name: Checkout repository + uses: actions/checkout@v4 + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ matrix.image }} + - name: Build and push Docker image + id: push + uses: docker/build-push-action@v6 + with: + context: ${{ matrix.path }} + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v1 + with: + subject-name: ${{ env.REGISTRY }}/${{ matrix.image }} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true +