diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index bd11ca82..849a3fd2 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -1,15 +1,21 @@ -name: Docker Build +name: Docker Build and Publish permissions: contents: read + packages: write on: push: - branches: [ master ] + branches: [master] + tags: ['v*'] pull_request: +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + jobs: docker-build: - name: Docker Build + name: Build and Publish Docker image runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) @@ -18,5 +24,37 @@ jobs: egress-policy: audit - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - - run: cp .env.example .env.docker - - run: docker compose -f docker-compose.tips.yml build \ No newline at end of file + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 + + - name: Log in to GitHub Container Registry + if: github.event_name != 'pull_request' + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) + id: meta + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=sha + + - name: Build and push Docker image + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + with: + context: . + platforms: linux/amd64 + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max