mirror of
https://github.com/wneessen/apg-go.git
synced 2024-11-14 09:52:55 +01:00
Winni Neessen
ef8e334df0
The reuse and docker-publish workflow scripts in GitHub Actions have been updated. Now these scripts have permission to read contents. This will ensure secure access and controlled operations on repositories.
75 lines
2.1 KiB
YAML
75 lines
2.1 KiB
YAML
# SPDX-FileCopyrightText: 2021-2024 Winni Neessen <wn@neessen.dev>
|
|
#
|
|
# SPDX-License-Identifier: CC0-1.0
|
|
|
|
name: Docker
|
|
|
|
# This workflow uses actions that are not certified by GitHub.
|
|
# They are provided by a third-party and are governed by
|
|
# separate terms of service, privacy policy, and support
|
|
# documentation.
|
|
|
|
on:
|
|
schedule:
|
|
- cron: '24 12 * * *'
|
|
push:
|
|
branches: [ main ]
|
|
# Publish semver tags as releases.
|
|
tags: [ 'v*.*.*' ]
|
|
pull_request:
|
|
branches: [ main ]
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
env:
|
|
# Use docker.io for Docker Hub if empty
|
|
REGISTRY: ghcr.io
|
|
# github.repository as <account>/<repo>
|
|
IMAGE_NAME: ${{ github.repository }}
|
|
|
|
|
|
jobs:
|
|
build:
|
|
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v2
|
|
|
|
# Login against a Docker registry except on PR
|
|
# https://github.com/docker/login-action
|
|
- name: Log into registry ${{ env.REGISTRY }}
|
|
if: github.event_name != 'pull_request'
|
|
uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
|
|
with:
|
|
registry: ${{ env.REGISTRY }}
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
# Extract metadata (tags, labels) for Docker
|
|
# https://github.com/docker/metadata-action
|
|
- name: Extract Docker metadata
|
|
id: meta
|
|
uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
|
|
with:
|
|
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
|
|
|
|
- name: Checkout
|
|
uses: actions/checkout@v2
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@v2
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v2
|
|
- name: Build and push
|
|
uses: docker/build-push-action@v3
|
|
with:
|
|
context: .
|
|
push: ${{ github.event_name != 'pull_request' }}
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
labels: ${{ steps.meta.outputs.labels }}
|
|
platforms: linux/amd64,linux/arm64,linux/arm/v8,linux/arm/v7
|