publish.yml

name: Publish Docker image

permissions:
    contents: read

on:
  push:
    tags:
       - 'latest'

jobs:
  push_to_registry:
    name: Push Docker image to Docker hub
    runs-on: ubuntu-latest
    environment:
        name: Build Docker images
    steps:
        - name: Check out the repository
          uses: actions/checkout@v4
        - name: Login to DockerHub
          uses: docker/login-action@v3
          with:
            registry: docker.io
            username: ${{ secrets.DOCKER_REPOSITORY_LOGIN }}
            password: ${{ secrets.DOCKER_REPOSITORY_PASSWORD }}
        - name: Build action image
          run: make docker-build
          env:
            IMAGE_TAG: "docker.io/botsudo/action-docker-compose:latest"
            PLATFORM: linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7
            ACTION: push

        - name: Sign and push docker image
          uses: sudo-bot/action-docker-sign@latest
          with:
            image-ref: "docker.io/botsudo/action-docker-compose:latest"
            # Sign the manifest
            sign-manifest: true
            # Required to sign the manifest
            notary-auth: "${{ secrets.DOCKER_REPOSITORY_LOGIN }}:${{ secrets.DOCKER_REPOSITORY_PASSWORD }}"
            private-key-id: "${{ vars.DOCKER_PRIVATE_KEY_ID }}"
            private-key: ${{ secrets.DOCKER_PRIVATE_KEY }}
            private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }}
            private-key-name: "${{ vars.DOCKER_PRIVATE_KEY_NAME }}"