docker #4
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: docker | |
| on: | |
| workflow_call: | |
| inputs: | |
| version: | |
| description: Version tag for the image (uses git commit SHA if not provided) | |
| required: false | |
| type: string | |
| push-image: | |
| description: "Set to true to push the image, false to only build it" | |
| required: true | |
| type: boolean | |
| secrets: | |
| GH_PAT: | |
| description: "A GitHub PAT with permissions to read the private repository." | |
| required: true | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: Version tag for the image (uses git commit SHA if not provided) | |
| required: false | |
| type: string | |
| push-image: | |
| description: "Set to true to push the image, false to only build it" | |
| required: true | |
| type: boolean | |
| default: false | |
| jobs: | |
| build: | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| contents: write | |
| packages: write | |
| id-token: write # needed for provenance attestation | |
| attestations: write # needed for provenance attestation | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Login to Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Export build information | |
| run: | | |
| echo "SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV | |
| echo "EXTRA_LABELS<<EOF | |
| org.opencontainers.image.created={{commit_date 'YYYY-MM-DDTHH:mm:ssZZ'}} | |
| org.opencontainers.image.title=UI Operator | |
| org.opencontainers.image.vendor=${{ github.repository_owner }} | |
| EOF" >> $GITHUB_ENV | |
| - name: Docker metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ghcr.io/${{ github.repository }} | |
| # Use version input if available, otherwise use the git SHA | |
| tags: | | |
| type=raw,value=${{ inputs.version || github.sha }} | |
| type=raw,value=latest,enable=${{ inputs.version && '{{is_default_branch}}' || 'false' }} | |
| labels: ${{ env.EXTRA_LABELS }} | |
| annotations: ${{ env.EXTRA_LABELS }} | |
| - name: Build and push | |
| id: build | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| push: ${{ inputs.push-image }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| annotations: ${{ steps.meta.outputs.annotations }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| # outputs: type=image,name=ghcr.io/${{ github.repository }},push-by-digest=true,name-canonical=true,push=${{ inputs.push-image }} | |
| build-args: | | |
| GHI_TOKEN=${{ secrets.GH_PAT }} | |
| PRIVATE_REPO_HOST=github.com/scality | |
| BUILD_DATE=${{ fromJson(steps.meta.outputs.json)['org.opencontainers.image.created'] }} | |
| GIT_COMMIT=${{ github.sha }} | |
| SOURCE_DATE_EPOCH=${{ env.SOURCE_DATE_EPOCH }} | |
| VERSION=${{ inputs.version || github.sha }} | |
| - name: Generate GitHub SLSA provenance | |
| uses: actions/attest-build-provenance@v1 | |
| if: ${{ inputs.push-image }} | |
| with: | |
| subject-digest: ${{ steps.build.outputs.digest }} | |
| subject-name: ghcr.io/${{ github.repository }} | |
| push-to-registry: true |