Skip to content

Update dependency next to v14.2.21 [SECURITY] #290

Update dependency next to v14.2.21 [SECURITY]

Update dependency next to v14.2.21 [SECURITY] #290

name: build and publish image
on:
push:
branches:
- "main"
- "deployment"
pull_request:
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Extract branch name
shell: bash
run: echo "branch=${GITHUB_REF#refs/heads/}" >> $GITHUB_OUTPUT
id: extract_branch
- name: Generate tag
id: generate_tag
shell: bash
run: |
if [[ "${{ github.event_name == 'push' && startsWith(steps.extract_branch.outputs.branch , 'deployment') }}" == "true" ]]; then
echo "tag=deployment-$(echo ${{ github.sha }} | cut -c1-7)-$(date +%s)" >> $GITHUB_OUTPUT
exit 0
fi
echo "tag=wip-$(echo ${{ github.sha }} | cut -c1-7)-$(date +%s)" >> $GITHUB_OUTPUT
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Cache Docker layers
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Determine whether to Publish image
id: is_publish
run: |
if [[ "${{ github.event_name == 'push' && startsWith(steps.extract_branch.outputs.branch , 'deployment') }}" == "true" ]]; then
echo "push to deployment branch"
echo "is_publish=true" >> $GITHUB_OUTPUT
exit 0
else
if `gh pr view --json files --jq '[.files.[].path]'|jq -e 'map(. == ".github/workflows/publish-images.yml" or . == "docker-bake.hcl") |any'`; then
echo "push to development branch and changed docker-bake.hcl or .github/workflows/publish-images.yml"
echo "is_publish=true" >> $GITHUB_OUTPUT
exit 0
fi
fi
echo "push to development branch and not changed docker-bake.hcl or .github/workflows/publish-images.yml"
echo "is_publish=false" >> $GITHUB_OUTPUT
exit 0
env:
GH_TOKEN: ${{ github.token }}
- name: Bake images
uses: docker/bake-action@v4
env:
TAG: ${{ steps.generate_tag.outputs.tag }}
with:
files: ./docker-bake.hcl
push: ${{ steps.is_publish.outputs.is_publish == 'true' }}
set: |
*.cache-from=type=local,src=/tmp/.buildx-cache
*.cache-to=type=local,mode=min,dest=/tmp/.buildx-cache-new
provenance: false
# https://github.com/docker/build-push-action/issues/252#issuecomment-744400434
- name: Move Cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache