Skip to content

Security.md creation (#905) #1122

Security.md creation (#905)

Security.md creation (#905) #1122

name: docker-publish-release
on:
push:
tags:
- v*
branches:
- master
workflow_dispatch:
inputs:
force:
description: "Force untagged release (expert mode)"
required: false
default: false
type: boolean
env:
REGISTRY: ghcr.io
CACHE-FROM: /tmp/.buildx-cache
CACHE-TO: /tmp/.buildx-cache-new
jobs:
build-and-push:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install GitVersion
uses: gittools/actions/gitversion/[email protected]
with:
versionSpec: '5.x'
- name: Determine SemVer
uses: gittools/actions/gitversion/[email protected]
with:
useConfigFile: true
- run: |
echo "SemVer ${{ env.fullSemVer }} Forced ${{ github.event.inputs.force }}"
name: Display SemVer
- name: Setup Buildx
uses: docker/setup-buildx-action@v1
with:
install: true
driver-opts: image=moby/buildkit:master
- name: Cache docker layers
uses: actions/cache@v2
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
if: ${{ success() }}
- name: Log into registry ${{ env.REGISTRY }}
uses: docker/login-action@v2
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
if: ${{ success() }}
- name: Set release PUSH_FLAG
run: echo "PUSH_FLAG=--push" >> $GITHUB_ENV
if: startsWith(github.ref, 'refs/tags/v') || github.event.inputs.force == 'true'
- name: Build (and potentially push) docker image release
run: PUSH_FLAG=$PUSH_FLAG make docker-release-build