Image Release to GitHub Container Registry #48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Image Release to GitHub Container Registry | |
| on: | |
| # Run the workflow every two sundays at 8:00 UTC | |
| schedule: | |
| - cron: "0 8 */14 * 0" | |
| # Allows you to run this workflow manually from the Actions tab | |
| workflow_dispatch: | |
| # Trigger the workflow on new releases | |
| release: | |
| types: [published] | |
| # Trigger the workflow on push or pull request when the | |
| # Dockerfile is updated or the dependencies are updated | |
| pull_request: | |
| branches: [main] | |
| paths: | |
| - Dockerfile | |
| - requirements.lock | |
| - pyproject.toml | |
| - src/dns_synchub/dns_synchub/__about__.py | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| build-and-push-image: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| attestations: write | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up QEMU to build multi-platform images | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Compute Environment Variables | |
| run: | | |
| echo "VERSION=$(grep -Po '(?<=^__version__ = ")[^"]*' src/dns_synchub/__about__.py)" >> "$GITHUB_ENV" | |
| echo "PYTHON_VERSION=$(cat .python-version)" >> "$GITHUB_ENV" | |
| shell: bash | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=semver,pattern={{major}},value=v${{ env.VERSION }},enable=${{ !startsWith(env.VERSION, '0') }} | |
| type=semver,pattern={{major}}.{{minor}},value=v${{ env.VERSION }} | |
| type=semver,pattern={{version}},value=v${{ env.VERSION }} | |
| - name: Build and Push image | |
| id: push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| platforms: linux/amd64,linux/arm64 | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| annotations: ${{ steps.meta.outputs.annotations }} | |
| push: ${{ !env.ACT && github.event_name != 'pull_request' }} | |
| build-args: | | |
| PYTHON_VERSION=${{ env.PYTHON_VERSION }} | |
| # Skip step because unsupported env variable: ACTIONS_ID_TOKEN_REQUEST_URL | |
| # See https://github.com/nektos/act/issues/329 | |
| - name: Generate artifact attestation | |
| uses: actions/attest-build-provenance@v1 | |
| if: ${{ !env.ACT && github.event_name != 'pull_request' }} | |
| with: | |
| subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| subject-digest: ${{ steps.push.outputs.digest }} | |
| push-to-registry: true |