Create and publish a Docker image to ghcr #5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Create and publish a Docker image to ghcr | |
| on: | |
| workflow_run: | |
| workflows: ["Run Tests"] # This ensures this workflow runs after the test workflow | |
| types: | |
| - completed | |
| # Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds. | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| # There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu. | |
| jobs: | |
| build-and-push-image: | |
| runs-on: ubuntu-latest | |
| # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job. | |
| permissions: | |
| contents: read | |
| packages: write | |
| attestations: write | |
| id-token: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Fetch full history for versioning | |
| # Generate a version number based on commits | |
| - name: Generate version | |
| id: version | |
| run: | | |
| # Get the latest tag or use 0.0.0 if no tags exist | |
| LATEST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "0.0.0") | |
| # Count commits since the latest tag | |
| COMMIT_COUNT=$(git rev-list --count ${LATEST_TAG}..HEAD) | |
| # Split the latest tag into major, minor, patch | |
| IFS='.' read -r MAJOR MINOR PATCH <<< "${LATEST_TAG#v}" | |
| # Increment patch version | |
| PATCH=$((PATCH + 1)) | |
| # Construct new version | |
| NEW_VERSION="v${MAJOR}.${MINOR}.${PATCH}-${COMMIT_COUNT}" | |
| echo "version=${NEW_VERSION}" >> $GITHUB_OUTPUT | |
| echo "Generated version: ${NEW_VERSION}" | |
| # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| # Extract metadata for Docker image | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=raw,value=${{ steps.version.outputs.version }} | |
| type=raw,value=latest | |
| # Build and push Docker image | |
| - name: Build and push Docker image | |
| id: push | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| # Optional: Add build arguments if needed | |
| # build-args: | | |
| # VERSION=${{ steps.version.outputs.version }} | |
| # Generate artifact attestation | |
| - name: Generate artifact attestation | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} | |
| subject-digest: ${{ steps.push.outputs.digest }} | |
| push-to-registry: true | |
| # Optional: Create a tag in the repository | |
| - name: Create tag | |
| run: | | |
| git config user.name github-actions | |
| git config user.email [email protected] | |
| git tag ${{ steps.version.outputs.version }} | |
| git push origin ${{ steps.version.outputs.version }} |