ci: use env variable instead of secret #4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json | |
| name: Build & Publish Containers | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| release: | |
| types: | |
| - created | |
| env: | |
| USER: gecut | |
| jobs: | |
| build: | |
| name: Build & Publish Containers | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: true | |
| max-parallel: 1 | |
| matrix: | |
| include: | |
| - path: nginx/base | |
| - path: nginx/core | |
| - path: nginx/cdn | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| steps: | |
| - name: ⤵️ Checkout repository | |
| uses: actions/checkout@v4.2.2 | |
| - name: ❔ Check Container files changed | |
| id: file_change | |
| if: ${{ github.event_name != 'release' && github.event_name != 'workflow_dispatch' }} | |
| uses: dorny/paths-filter@v3.0.2 | |
| with: | |
| filters: | | |
| container_folder: | |
| ./${{ matrix.path }}/** | |
| - name: 🏗 Install cosign | |
| if: ${{ github.event_name != 'pull_request' && steps.file_change.outputs.container_folder != 'false' }} | |
| uses: sigstore/cosign-installer@v3.8.1 | |
| - name: 🏗 Setup Docker Buildx | |
| if: ${{ steps.file_change.outputs.container_folder != 'false' }} | |
| uses: docker/setup-buildx-action@v3.9.0 | |
| - name: 🏗 Cache Docker Layers | |
| if: ${{ steps.file_change.outputs.container_folder != 'false' }} | |
| uses: actions/cache@v4.2.1 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: container/${{ matrix.path }} | |
| - name: 🏗 Log into ghcr.io registry | |
| if: ${{ github.event_name != 'pull_request' && steps.file_change.outputs.container_folder != 'false' }} | |
| uses: docker/login-action@v3.3.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{env.USER}} | |
| password: ${{secrets.GITHUB_TOKEN}} | |
| - name: Login to Hamdocker.ir | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: registry.hamdocker.ir | |
| username: ${{env.USER}} | |
| password: ${{ secrets.HAMDOCKER_PASSWORD }} | |
| - name: 🏗 Extract metadata | |
| if: ${{ steps.file_change.outputs.container_folder != 'false' }} | |
| id: meta | |
| uses: docker/metadata-action@v5.6.1 | |
| with: | |
| github-token: ${{secrets.GITHUB_TOKEN}} | |
| images: | | |
| name=ghcr.io/${{env.USER}}/${{matrix.path}},enable=true | |
| name=registry.hamdocker.ir/${{env.USER}}/${{matrix.path}},enable=true | |
| tags: | | |
| type=semver,enable=true,pattern={{major}} | |
| type=semver,enable=true,pattern={{major}}.{{minor}} | |
| type=semver,enable=true,pattern={{version}} | |
| type=ref,enable=true,event=branch | |
| type=sha,enable=true,priority=100,prefix=sha-,suffix=,format=short | |
| type=raw,enable={{is_default_branch}},value=latest | |
| - name: 🚀 Build and export to docker | |
| if: ${{ steps.file_change.outputs.container_folder != 'false' }} | |
| uses: docker/build-push-action@v6.14.0 | |
| with: | |
| context: ./${{matrix.path}} | |
| push: false | |
| load: true | |
| tags: ${{env.USER}}/${{matrix.path}}:test | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache | |
| build-args: | | |
| BUILD_DATE=${{github.event.repository.updated_at}} | |
| BUILD_REV=${{github.sha}} | |
| - name: 🚀 Build and publish container image | |
| if: ${{ steps.file_change.outputs.container_folder != 'false' }} | |
| uses: docker/build-push-action@v6.14.0 | |
| with: | |
| context: ./${{matrix.path}} | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{steps.meta.outputs.tags}} | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache | |
| build-args: | | |
| BUILD_DATE=${{github.event.repository.updated_at}} | |
| BUILD_REV=${{github.sha}} |