chore(deps): update docker/metadata-action digest to 70b2cdc #63
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build_and_push | |
| on: | |
| push: | |
| branches: | |
| - main | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| # Will also push on dockerhub with DOCKERHUB_IMAGE_NAME | |
| GHCR_IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| docker_build: | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| packages: write | |
| contents: read | |
| id-token: write | |
| strategy: | |
| matrix: | |
| architecture: | |
| - linux/amd64 | |
| - linux/arm64 | |
| - linux/arm/v6 | |
| - linux/arm/v7 | |
| steps: | |
| - name: Set vars | |
| id: vars | |
| run: | | |
| echo "platform=$(echo -n ${{ matrix.architecture }} | sed 's/\//-/g')" >> $GITHUB_OUTPUT | |
| - name: Check out code | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@70b2cdc6480c1a8b86edf1777157f8f437de2166 | |
| with: | |
| images: | | |
| ghcr.io/${{ env.GHCR_IMAGE_NAME }} | |
| tags: | | |
| # type=ref,event=branch | |
| # type=ref,event=tag | |
| # type=ref,event=pr | |
| type=sha,prefix=,suffix=-${{ matrix.architecture }} | |
| labels: | | |
| org.opencontainers.image.authors=${{ github.repository_owner }} | |
| org.opencontainers.image.created=${{ github.event.head_commit.timestamp }} | |
| org.opencontainers.image.description=tg2 IRIG-B or WWV timecode generator | |
| org.opencontainers.image.licenses=MIT | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| org.opencontainers.image.source=https://github.com/${{ github.repository }} | |
| org.opencontainers.image.title=${{ env.GHCR_IMAGE_NAME }} | |
| org.opencontainers.image.url=https://github.com/${{ github.repository }} | |
| org.opencontainers.image.vendor=${{ github.repository_owner }} | |
| org.opencontainers.image.version=0.0.1 | |
| annotations: | | |
| org.opencontainers.image.authors=${{ github.repository_owner }} | |
| org.opencontainers.image.created=${{ github.event.head_commit.timestamp }} | |
| org.opencontainers.image.description=tg2 IRIG-B or WWV timecode generator | |
| org.opencontainers.image.licenses=MIT | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| org.opencontainers.image.source=https://github.com/${{ github.repository }} | |
| org.opencontainers.image.title=${{ env.GHCR_IMAGE_NAME }} | |
| org.opencontainers.image.url=https://github.com/${{ github.repository }} | |
| org.opencontainers.image.vendor=${{ github.repository_owner }} | |
| org.opencontainers.image.version=0.0.1 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3 | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push Docker images | |
| id: build | |
| uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6 | |
| with: | |
| push: true | |
| platforms: ${{ matrix.architecture }} | |
| annotations: ${{ steps.meta.outputs.annotations }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| outputs: type=registry,type=local,dest=/tmp/docker_content | |
| - name: Export artifact and digest | |
| run: | | |
| mkdir -p /tmp/artifacts /tmp/digest | |
| digest="${{ steps.build.outputs.digest }}" | |
| touch "/tmp/digest/${digest#sha256:}" | |
| find /tmp/docker_content/app | |
| cp /tmp/docker_content/app/tg2* /tmp/artifacts/tg2-${{ env.DOCKER_METADATA_OUTPUT_VERSION }} | |
| - name: Upload digest | |
| uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4 | |
| with: | |
| name: digests-${{ steps.vars.outputs.platform }} | |
| path: /tmp/digest/* | |
| if-no-files-found: error | |
| retention-days: 1 | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4 | |
| with: | |
| name: tg2-${{ steps.vars.outputs.platform }} | |
| path: /tmp/artifacts/* | |
| if-no-files-found: error | |
| retention-days: 1 | |
| - name: Inspect image | |
| run: | | |
| docker buildx imagetools inspect ${{ steps.meta.outputs.tags }} | |
| create_multi_platform_manifest_and_push: | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| packages: write | |
| contents: read | |
| attestations: write | |
| id-token: write | |
| needs: | |
| - docker_build | |
| steps: | |
| - name: Download digests | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 | |
| with: | |
| path: /tmp/digests | |
| pattern: digests-* | |
| merge-multiple: true | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@70b2cdc6480c1a8b86edf1777157f8f437de2166 | |
| with: | |
| images: | | |
| ghcr.io/${{ env.GHCR_IMAGE_NAME }} | |
| docker.io/${{ vars.DOCKERHUB_IMAGE_NAME }} | |
| tags: | | |
| type=sha | |
| labels: | | |
| org.opencontainers.image.authors=${{ github.repository_owner }} | |
| org.opencontainers.image.created=${{ github.event.head_commit.timestamp }} | |
| org.opencontainers.image.description=tg2 IRIG-B or WWV timecode generator | |
| org.opencontainers.image.documentation=https://github.com/${{ github.repository }} | |
| org.opencontainers.image.licenses=MIT | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| org.opencontainers.image.source=https://github.com/${{ github.repository }} | |
| org.opencontainers.image.title=${{ env.GHCR_IMAGE_NAME }} | |
| org.opencontainers.image.url=https://github.com/${{ github.repository }} | |
| org.opencontainers.image.vendor=${{ github.repository_owner }} | |
| org.opencontainers.image.version=0.0.1 | |
| annotations: | | |
| org.opencontainers.image.authors=${{ github.repository_owner }} | |
| org.opencontainers.image.created=${{ github.event.head_commit.timestamp }} | |
| org.opencontainers.image.description=tg2 IRIG-B or WWV timecode generator | |
| org.opencontainers.image.documentation=https://github.com/${{ github.repository }} | |
| org.opencontainers.image.licenses=MIT | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| org.opencontainers.image.source=https://github.com/${{ github.repository }} | |
| org.opencontainers.image.title=${{ env.GHCR_IMAGE_NAME }} | |
| org.opencontainers.image.url=https://github.com/${{ github.repository }} | |
| org.opencontainers.image.vendor=${{ github.repository_owner }} | |
| org.opencontainers.image.version=0.0.1 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3 | |
| - name: Log in to Docker Hub | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Create manifest list and push | |
| id: build | |
| working-directory: /tmp/digests | |
| run: | | |
| docker buildx imagetools create \ | |
| $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | |
| $(jq -cr '.annotations | map("--annotation " + gsub("manifest:"; "index:"))) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | |
| $(printf 'ghcr.io/${{ env.GHCR_IMAGE_NAME }}@sha256:%s ' *) | |
| echo "" >> $GITHUB_OUTPUT | |
| - name: Inspect image | |
| id: digest | |
| run: | | |
| docker buildx imagetools inspect ghcr.io/${{ env.GHCR_IMAGE_NAME }}:${{ steps.meta.outputs.version }} | |
| docker buildx imagetools inspect docker.io/${{ vars.DOCKERHUB_IMAGE_NAME }}:${{ steps.meta.outputs.version }} | |
| echo "digest=$(docker buildx imagetools inspect ghcr.io/${{ env.GHCR_IMAGE_NAME }}:${{ steps.meta.outputs.version }} | head -n 3 | grep Digest | awk '{ print $2 }')" >> $GITHUB_OUTPUT | |
| - name: Generate artifact attestation (ghcr) | |
| id: push-ghcr | |
| uses: actions/attest-build-provenance@6149ea5740be74af77f260b9db67e633f6b0a9a1 # v1 | |
| with: | |
| subject-name: ghcr.io/${{ env.GHCR_IMAGE_NAME }} | |
| subject-digest: ${{ steps.digest.outputs.digest }} | |
| push-to-registry: true | |
| - name: Generate artifact attestation (dockerhub) | |
| id: push-dockerhub | |
| uses: actions/attest-build-provenance@6149ea5740be74af77f260b9db67e633f6b0a9a1 # v1 | |
| with: | |
| subject-name: index.docker.io/${{ vars.DOCKERHUB_IMAGE_NAME }} | |
| subject-digest: ${{ steps.digest.outputs.digest }} | |
| push-to-registry: true | |
| create_github_multiplatform_release: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| packages: read | |
| contents: write | |
| id-token: write | |
| needs: | |
| - docker_build | |
| - create_multi_platform_manifest_and_push | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2 | |
| - name: Download artifacts | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 | |
| with: | |
| path: /tmp/artifacts | |
| pattern: tg2-* | |
| merge-multiple: true | |
| - name: Tag the repository | |
| id: tag | |
| uses: mathieudutour/github-tag-action@a22cf08638b34d5badda920f9daf6e72c477b07b # v6.2 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| tag_prefix: release- | |
| - name: Create release | |
| uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2 | |
| with: | |
| files: /tmp/artifacts/tg2* | |
| fail_on_unmatched_files: true | |
| make_latest: true | |
| generate_release_notes: true | |
| tag_name: ${{ steps.tag.outputs.new_tag }} |