|
1 | | -# .github/workflows/docker-publish.yml |
2 | | -name: Build and Publish Docker Image |
| 1 | +name: Create and publish Docker image |
3 | 2 |
|
4 | 3 | on: |
5 | 4 | push: |
6 | | - branches: [ main ] |
7 | | - paths: |
8 | | - - 'environment.yml' |
9 | | - - 'apt.txt' |
10 | | - - 'Dockerfile' |
11 | | - workflow_dispatch: |
| 5 | + branches: ['main'] |
| 6 | + pull_request: |
| 7 | + branches: ['main'] |
12 | 8 |
|
13 | 9 | env: |
14 | 10 | REGISTRY: ghcr.io |
15 | | - ORGANIZATION: UW-GDA |
16 | 11 | IMAGE_NAME: ${{ github.repository }} |
17 | 12 |
|
18 | 13 | jobs: |
19 | | - build-and-push: |
| 14 | + build-and-push-image: |
20 | 15 | runs-on: ubuntu-latest |
21 | | - # Ensure the job runs within the organization context |
22 | | - if: github.repository_owner == 'UW-GDA' |
23 | | - |
24 | 16 | permissions: |
25 | 17 | contents: read |
26 | 18 | packages: write |
27 | | - attestations: write |
28 | | - id-token: write |
29 | | - |
| 19 | + |
30 | 20 | steps: |
31 | 21 | - name: Checkout repository |
32 | 22 | uses: actions/checkout@v4 |
33 | | - |
34 | | - - name: Log in to GitHub Container Registry |
| 23 | + |
| 24 | + - name: Log in to the Container registry |
| 25 | + if: github.event_name != 'pull_request' |
35 | 26 | uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 |
36 | 27 | with: |
37 | 28 | registry: ${{ env.REGISTRY }} |
38 | 29 | username: ${{ github.actor }} |
39 | | - password: ${{ secrets.TOKEN_GITHUB }} |
40 | | - |
41 | | - - name: Extract Docker metadata |
| 30 | + password: ${{ secrets.GITHUB_TOKEN }} |
| 31 | + |
| 32 | + - name: Extract metadata (tags, labels) for Docker |
42 | 33 | id: meta |
43 | 34 | uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 |
44 | 35 | with: |
45 | 36 | images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} |
46 | | - tags: | |
47 | | - type=sha,format=long |
48 | | - type=ref,event=branch |
49 | | - type=raw,value=latest,enable={{is_default_branch}} |
50 | | -
|
| 37 | + |
51 | 38 | - name: Build and push Docker image |
52 | | - id: push |
53 | | - uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 |
| 39 | + uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 |
54 | 40 | with: |
55 | 41 | context: . |
56 | | - push: true |
| 42 | + push: ${{ github.event_name != 'pull_request' }} |
57 | 43 | tags: ${{ steps.meta.outputs.tags }} |
58 | 44 | labels: ${{ steps.meta.outputs.labels }} |
59 | | - |
60 | | - - name: Generate artifact attestation |
61 | | - uses: actions/attest-build-provenance@v2 |
62 | | - with: |
63 | | - subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} |
64 | | - subject-digest: ${{ steps.push.outputs.digest }} |
65 | | - push-to-registry: true |
0 commit comments