Create and publish a Docker image #2020
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Create and publish a Docker image | |
| on: | |
| push: | |
| tags: | |
| - '*' | |
| branches: [ continuous-release-exo ] | |
| env: | |
| BRANCH_BUILD_TAGS: "nightly-exo" | |
| jobs: | |
| parse-docker-build-env: | |
| name: 'Parse Docker Build Environment' | |
| runs-on: ubuntu-latest | |
| outputs: | |
| buildTags: ${{ steps.detect-push-event.outputs.buildTags }} | |
| steps: | |
| - name: Check if push is a tag or branch | |
| id: detect-push-event | |
| run: | | |
| if [[ $GITHUB_REF == refs/tags/* ]]; then | |
| echo "This is a tag push (${GITHUB_REF#refs/tags/})" | |
| echo "Building docker tag: ${GITHUB_REF#refs/tags/}" | |
| echo "buildTags=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT | |
| elif [[ $GITHUB_REF == refs/heads/* ]]; then | |
| echo "This is a branch push (${GITHUB_REF#refs/heads/})" | |
| echo "Building docker tags: ${{ env.BRANCH_BUILD_TAGS }}" | |
| echo "buildTags=${{ env.BRANCH_BUILD_TAGS }}" >> $GITHUB_OUTPUT | |
| else | |
| echo "Unknown push type" | |
| exit 1 | |
| fi | |
| build-dockerhub-image: | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| attestations: write | |
| name: "Build Docker Images to DockerHub Registry" | |
| uses: exoplatform/swf-scripts/.github/workflows/buildDockerImage.yml@master | |
| needs: parse-docker-build-env | |
| with: | |
| dockerImage: "meedsio/meeds" | |
| dockerImageTag: ${{ needs.parse-docker-build-env.outputs.buildTags }} | |
| signImage: true | |
| cosignImage: true | |
| attestImage: true | |
| secrets: | |
| DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
| DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
| DOCKER_PRIVATE_KEY_ID: ${{ secrets.DOCKER_PRIVATE_KEY_ID }} | |
| DOCKER_PRIVATE_KEY: ${{ secrets.DOCKER_PRIVATE_KEY }} | |
| DOCKER_PRIVATE_KEY_PASSPHRASE: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }} | |
| COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | |
| COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} | |
| build-ghcr-image: | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| attestations: write | |
| name: "Build Docker Images to Github Container Registry" | |
| uses: exoplatform/swf-scripts/.github/workflows/buildDockerImage.yml@master | |
| needs: parse-docker-build-env | |
| with: | |
| dockerRegistry: "ghcr.io" | |
| dockerImage: "meeds-io/meeds/meeds-io" | |
| dockerImageTag: ${{ needs.parse-docker-build-env.outputs.buildTags }} | |
| cosignImage: true | |
| cosignOidcImage: true | |
| attestImage: true | |
| attestImageRegistry: "ghcr.io" | |
| secrets: | |
| DOCKER_USERNAME: ${{ secrets.SWF_ACTOR }} | |
| DOCKER_PASSWORD: ${{ secrets.SWF_TOKEN }} | |
| COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | |
| COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} |