feat: Initial commit #20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish Action and Container | |
on: | |
push: | |
branches: | |
- main | |
env: | |
REGISTRY: ghcr.io | |
IMAGE_NAME: ${{ github.repository }} | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
permissions: | |
# Write required to create a release | |
contents: write | |
# Write required to publish container to GHCR | |
packages: write | |
# Create attestations for published container | |
attestations: write | |
id-token: write | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v2 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
# Extract the @guardian/cdk version from the package.json to create a release | |
# matching the version. | |
- run: echo "CDK_VERSION=$(jq -rc .dependencies.\"@guardian/cdk\" < ./container/package.json)" >> $GITHUB_ENV | |
# Abort if release exists already | |
- name: Check if release exists | |
env: | |
GH_TOKEN: ${{ github.token }} | |
run: | | |
if gh release view v${{ env.CDK_VERSION }}; then | |
echo "Release v${{ env.CDK_VERSION }} already exists" | |
exit 1 | |
fi | |
- name: Create draft release | |
env: | |
GH_TOKEN: ${{ github.token }} | |
run: gh release create v${{ env.CDK_VERSION }} --draft --generate-notes | |
- name: Extract metadata (tags, labels) for Docker | |
id: meta | |
uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 | |
with: | |
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
tags: | | |
type=semver,pattern=v{{version}},value=${{ env.CDK_VERSION}} | |
type=semver,pattern=v{{major}}.{{minor}},value=${{ env.CDK_VERSION}} | |
type=semver,pattern=v{{major}},value=${{ env.CDK_VERSION}} | |
- name: Log in to the Container registry | |
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and push Docker image | |
id: push | |
uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 | |
with: | |
context: ./container | |
push: true | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
- name: Generate artifact attestation | |
uses: actions/attest-build-provenance@v1 | |
with: | |
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} | |
subject-digest: ${{ steps.push.outputs.digest }} | |
push-to-registry: true | |
- name: Publish draft release | |
env: | |
GH_TOKEN: ${{ github.token }} | |
run: gh release edit v${{ env.CDK_VERSION }} --draft=false |