Build and deploy Docker image #3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and deploy Docker image | |
| on: | |
| workflow_run: | |
| workflows: ["Build and deploy PyPI package"] | |
| types: [completed] | |
| workflow_dispatch: # This allows manual triggering | |
| jobs: | |
| push_to_registry: | |
| name: Push Docker image to Docker Hub | |
| runs-on: ubuntu-latest | |
| permissions: | |
| packages: write | |
| contents: read | |
| attestations: write | |
| id-token: write | |
| steps: | |
| - name: Check out the repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Fetch full history including all tags | |
| fetch-tags: true | |
| - name: Get latest tag | |
| id: tag | |
| run: | | |
| if ! LATEST_TAG=$(git describe --tags --abbrev=0); then | |
| echo "::error::Latest tag not found in repository" | |
| exit 1 | |
| fi | |
| echo "LATEST_TAG=$LATEST_TAG" >> $GITHUB_ENV | |
| - name: Log in to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Set up Docker metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: marcelzwiers/bidscoin | |
| tags: | | |
| type=raw,value=${{ env.LATEST_TAG }} | |
| type=raw,value=latest | |
| - name: Build and push Docker image | |
| id: push | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| - name: Generate artifact attestation | |
| uses: actions/attest-build-provenance@v2 | |
| with: | |
| subject-name: index.docker.io/marcelzwiers/bidscoin | |
| subject-digest: ${{ steps.push.outputs.digest }} | |
| push-to-registry: true |