name: build-publish on: push: branches: ["main"] tags: ["*"] pull_request: # Envrionment required: REG # Secrets required: REGISTRY_USER, REGISTRY_PASSWORD jobs: docker: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Load .env run: | set -a source .env set +a echo "REG=$REG" >> $GITHUB_ENV echo "NS=$NS" >> $GITHUB_ENV echo "IMG=$IMG" >> $GITHUB_ENV - name: Compute repo and tag id: meta shell: bash run: | REPO="${REG}/${NS}/${IMG}" if [[ "${{ github.ref_type }}" == "tag" ]]; then TAG="${{ github.ref_name }}" else BR="${{ github.ref_name }}" SHA="$(git rev-parse --short HEAD)" TAG="${BR}-${SHA}" fi echo "repo=${REPO}" >> "$GITHUB_OUTPUT" echo "tag=${TAG}" >> "$GITHUB_OUTPUT" echo "build_date=$(date -u +%Y-%m-%dT%H:%M:%SZ)" >> "$GITHUB_OUTPUT" # Explicitly tell BuildKit the registry is HTTP/insecure - name: Write BuildKit config run: | cat > buildkitd.toml <> "$GITHUB_ENV" # qemu is only required for multi-arch builds #- uses: docker/setup-qemu-action@v3 - uses: docker/setup-buildx-action@v3 with: driver-opts: | image=moby/buildkit:latest network=host config: ${{ env.BUILDKIT_CONFIG }} - name: Log in uses: docker/login-action@v3 with: registry: ${{ env.REG }} username: ${{ secrets.REGISTRY_USER }} password: ${{ secrets.REGISTRY_PASSWORD }} - name: Build & Push uses: docker/build-push-action@v6 with: context: . push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.repo }}:${{ steps.meta.outputs.tag }} labels: | org.opencontainers.image.revision=${{ github.sha }} org.opencontainers.image.created=${{ steps.meta.outputs.build_date }} build-args: | VERSION=${{ steps.meta.outputs.tag }} VCS_REF=${{ github.sha }} BUILD_DATE=${{ steps.meta.outputs.build_date }} cache-from: type=gha cache-to: type=gha,mode=max - name: Also tag :latest (main only) if: ${{ github.ref_name == 'main' && github.event_name != 'pull_request' }} run: | docker build -t "${{ steps.meta.outputs.repo }}:latest" . docker push "${{ steps.meta.outputs.repo }}:latest"