Build and publish Docker images #4

Workflow file for this run

	name: Build and publish Docker images

	on:
	workflow_dispatch:
	inputs:
	version:
	description: 'The version of zizmor to build against'
	required: true

	dry-run:
	description: 'Whether to perform a dry run'
	required: false
	type: boolean
	default: false

	permissions: {}

	jobs:
	docker-build:
	name: Build and publish Docker image
	runs-on: ubuntu-latest
	env:
	ZIZMOR_IMAGE: ghcr.io/woodruffw/zizmor
	environment:
	name: docker
	permissions:
	contents: read
	packages: write
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
	with:
	persist-credentials: false
	- name: Set up QEMU
	uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3
	with:
	cache-binary: false
	- name: Extract Docker metadata
	id: docker-metadata
	uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5
	with:
	images: "${{ env.ZIZMOR_IMAGE }}"
	tags: \|
	type=raw, value=${{ github.event.inputs.version }}
	- name: Login to GHRC
	uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v6
	if: github.repository_owner == 'woodruffw'
	with:
	registry: ghcr.io
	username: "${{ github.repository_owner }}"
	password: "${{ secrets.GITHUB_TOKEN }}"
	- name: Build and push Docker image
	uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6
	with:
	context: .
	push: ${{ !github.event.inputs.dry-run }}
	tags: ${{ steps.docker-metadata.outputs.tags }}
	build-args: \|
	ZIZMOR_VERSION=${{ github.event.inputs.version }}
	platforms: linux/amd64,linux/arm64
	# Build provenance attestations
	provenance: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Build and publish Docker images #4

Workflow file

Build and publish Docker images #4

Jobs

Run details

Workflow file for this run