Skip to content

build(deps): bump docker/build-push-action in the github-actions grou… #204

build(deps): bump docker/build-push-action in the github-actions grou…

build(deps): bump docker/build-push-action in the github-actions grou… #204

Workflow file for this run

name: release
on:
push:
branches: [ "main" ]
tags: [ "v*" ]
permissions:
contents: read
env:
DOCKER_IMAGE_NAME: opbeans/opbeans-java
jobs:
release:
runs-on: ubuntu-latest
permissions:
attestations: write
contents: read
id-token: write
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to the Container registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ${{ secrets.DOCKERHUB_REGISTRY }}
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Extract metadata (tags, labels)
id: docker-meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
with:
images: ${{ env.DOCKER_IMAGE_NAME }}
tags: |
type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
# tag event
type=ref,enable=true,prefix=,suffix=,event=tag
- name: Build and push image
id: docker-push
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
with:
context: .
provenance: mode=max
push: true
sbom: true
tags: ${{ steps.docker-meta.outputs.tags }}
labels: ${{ steps.docker-meta.outputs.labels }}
- name: Attest image
uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3
with:
subject-name: index.docker.io/${{ env.DOCKER_IMAGE_NAME }}
subject-digest: ${{ steps.docker-push.outputs.digest }}
push-to-registry: true