fix: explicit permission in github workflow #113
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Publish | |
| on: | |
| # run it on push to the default repository branch | |
| push: | |
| branches: [master, develop] | |
| # run it during pull request | |
| pull_request: | |
| # Allows you to run this workflow manually from the Actions tab | |
| workflow_dispatch: | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| docker: | |
| name: Build Docker image and push to repositories | |
| # run only when code is compiling and tests are passing | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| # steps to perform in job | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v2 | |
| # setup Docker buld action | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v1 | |
| - name: Login to Github Packages | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v2 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| - name: Build image and push to GitHub Container Registry | |
| uses: docker/build-push-action@v2 | |
| with: | |
| # Note: tags has to be all lower-case | |
| tags: ${{ steps.meta.outputs.tags }} | |
| # build on feature branches, push only on master | |
| push: true | |
| - name: Image digest | |
| run: echo ${{ steps.docker_build.outputs.digest }} |