name: Docker Build & Publish on: push: tags: - 'v*' workflow_dispatch: inputs: push_to_registry: description: 'Push to registry' required: true default: 'true' type: boolean env: REGISTRY_DOCKERHUB: docker.io REGISTRY_GHCR: ghcr.io IMAGE_NAME: ${{ github.repository }} jobs: # =========================================================================== # BUILD AND PUSH TO DOCKER HUB # =========================================================================== build-dockerhub: name: Build & Push (Docker Hub) runs-on: ubuntu-latest permissions: contents: read steps: - name: Checkout repository uses: actions/checkout@v4 - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Log in to Docker Hub if: github.event_name != 'workflow_dispatch' || github.event.inputs.push_to_registry == 'true' uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY_DOCKERHUB }} username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Extract metadata (tags, labels) id: meta uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY_DOCKERHUB }}/${{ secrets.DOCKERHUB_USERNAME }}/mnemocore tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{major}} type=sha - name: Build and push Docker image uses: docker/build-push-action@v5 with: context: . platforms: linux/amd64,linux/arm64 push: ${{ github.event_name != 'workflow_dispatch' || github.event.inputs.push_to_registry == 'true' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max # =========================================================================== # BUILD AND PUSH TO GITHUB CONTAINER REGISTRY # =========================================================================== build-ghcr: name: Build & Push (GHCR) runs-on: ubuntu-latest permissions: contents: read packages: write steps: - name: Checkout repository uses: actions/checkout@v4 - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Log in to GitHub Container Registry if: github.event_name != 'workflow_dispatch' || github.event.inputs.push_to_registry == 'true' uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY_GHCR }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Extract metadata (tags, labels) id: meta uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY_GHCR }}/${{ env.IMAGE_NAME }} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{major}} type=sha - name: Build and push Docker image uses: docker/build-push-action@v5 with: context: . platforms: linux/amd64,linux/arm64 push: ${{ github.event_name != 'workflow_dispatch' || github.event.inputs.push_to_registry == 'true' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max - name: Generate artifact attestation if: github.event_name != 'workflow_dispatch' || github.event.inputs.push_to_registry == 'true' uses: actions/attest-build-provenance@v1 with: subject-name: ${{ env.REGISTRY_GHCR }}/${{ env.IMAGE_NAME }} subject-digest: ${{ steps.push.outputs.digest }} push-to-registry: true