| name: Docker Build & Publish
|
|
|
| on:
|
| push:
|
| tags:
|
| - 'v*'
|
| workflow_dispatch:
|
| inputs:
|
| push_to_registry:
|
| description: 'Push to registry'
|
| required: true
|
| default: 'true'
|
| type: boolean
|
|
|
| env:
|
| REGISTRY_DOCKERHUB: docker.io
|
| REGISTRY_GHCR: ghcr.io
|
| IMAGE_NAME: ${{ github.repository }}
|
|
|
| jobs:
|
|
|
|
|
|
|
| build-dockerhub:
|
| name: Build & Push (Docker Hub)
|
| runs-on: ubuntu-latest
|
| permissions:
|
| contents: read
|
|
|
| steps:
|
| - name: Checkout repository
|
| uses: actions/checkout@v4
|
|
|
| - name: Set up QEMU
|
| uses: docker/setup-qemu-action@v3
|
|
|
| - name: Set up Docker Buildx
|
| uses: docker/setup-buildx-action@v3
|
|
|
| - name: Log in to Docker Hub
|
| if: github.event_name != 'workflow_dispatch' || github.event.inputs.push_to_registry == 'true'
|
| uses: docker/login-action@v3
|
| with:
|
| registry: ${{ env.REGISTRY_DOCKERHUB }}
|
| username: ${{ secrets.DOCKERHUB_USERNAME }}
|
| password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
|
| - name: Extract metadata (tags, labels)
|
| id: meta
|
| uses: docker/metadata-action@v5
|
| with:
|
| images: ${{ env.REGISTRY_DOCKERHUB }}/${{ secrets.DOCKERHUB_USERNAME }}/mnemocore
|
| tags: |
|
| type=ref,event=branch
|
| type=ref,event=pr
|
| type=semver,pattern={{version}}
|
| type=semver,pattern={{major}}.{{minor}}
|
| type=semver,pattern={{major}}
|
| type=sha
|
|
|
| - name: Build and push Docker image
|
| uses: docker/build-push-action@v5
|
| with:
|
| context: .
|
| platforms: linux/amd64,linux/arm64
|
| push: ${{ github.event_name != 'workflow_dispatch' || github.event.inputs.push_to_registry == 'true' }}
|
| tags: ${{ steps.meta.outputs.tags }}
|
| labels: ${{ steps.meta.outputs.labels }}
|
| cache-from: type=gha
|
| cache-to: type=gha,mode=max
|
|
|
|
|
|
|
|
|
| build-ghcr:
|
| name: Build & Push (GHCR)
|
| runs-on: ubuntu-latest
|
| permissions:
|
| contents: read
|
| packages: write
|
|
|
| steps:
|
| - name: Checkout repository
|
| uses: actions/checkout@v4
|
|
|
| - name: Set up QEMU
|
| uses: docker/setup-qemu-action@v3
|
|
|
| - name: Set up Docker Buildx
|
| uses: docker/setup-buildx-action@v3
|
|
|
| - name: Log in to GitHub Container Registry
|
| if: github.event_name != 'workflow_dispatch' || github.event.inputs.push_to_registry == 'true'
|
| uses: docker/login-action@v3
|
| with:
|
| registry: ${{ env.REGISTRY_GHCR }}
|
| username: ${{ github.actor }}
|
| password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
| - name: Extract metadata (tags, labels)
|
| id: meta
|
| uses: docker/metadata-action@v5
|
| with:
|
| images: ${{ env.REGISTRY_GHCR }}/${{ env.IMAGE_NAME }}
|
| tags: |
|
| type=ref,event=branch
|
| type=ref,event=pr
|
| type=semver,pattern={{version}}
|
| type=semver,pattern={{major}}.{{minor}}
|
| type=semver,pattern={{major}}
|
| type=sha
|
|
|
| - name: Build and push Docker image
|
| uses: docker/build-push-action@v5
|
| with:
|
| context: .
|
| platforms: linux/amd64,linux/arm64
|
| push: ${{ github.event_name != 'workflow_dispatch' || github.event.inputs.push_to_registry == 'true' }}
|
| tags: ${{ steps.meta.outputs.tags }}
|
| labels: ${{ steps.meta.outputs.labels }}
|
| cache-from: type=gha
|
| cache-to: type=gha,mode=max
|
|
|
| - name: Generate artifact attestation
|
| if: github.event_name != 'workflow_dispatch' || github.event.inputs.push_to_registry == 'true'
|
| uses: actions/attest-build-provenance@v1
|
| with:
|
| subject-name: ${{ env.REGISTRY_GHCR }}/${{ env.IMAGE_NAME }}
|
| subject-digest: ${{ steps.push.outputs.digest }}
|
| push-to-registry: true
|
|
|
