Skip to content

Build and Publish Docker Images #218

Build and Publish Docker Images

Build and Publish Docker Images #218

name: Build and Publish Docker Images
on:
workflow_dispatch:
workflow_run:
workflows: ["Release Multi-Architecture Binaries"]
types:
- completed
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
build-and-push:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write
attestations: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to GitHub Container Registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract version from tag or event
id: version
env:
REF: ${{ github.event.workflow_run.head_branch }}
run: |
# For workflow_run events triggered by release workflow
if [[ "${{ github.event_name }}" == "workflow_run" ]]; then
# Get the head branch which contains the tag name
if [[ "$REF" == v* ]]; then
VERSION="${REF#v}"
echo "version=${VERSION}" >> $GITHUB_OUTPUT
# Check if this is a pre-release (rc, beta, alpha)
if [[ "$VERSION" =~ (rc|beta|alpha) ]]; then
echo "is_prerelease=true" >> $GITHUB_OUTPUT
else
echo "is_prerelease=false" >> $GITHUB_OUTPUT
fi
else
echo "version=latest" >> $GITHUB_OUTPUT
echo "is_prerelease=false" >> $GITHUB_OUTPUT
fi
# For direct tag pushes
elif [[ "${{ github.ref }}" == refs/tags/v* ]]; then
VERSION="${GITHUB_REF#refs/tags/v}"
echo "version=${VERSION}" >> $GITHUB_OUTPUT
# Check if this is a pre-release (rc, beta, alpha)
if [[ "$VERSION" =~ (rc|beta|alpha) ]]; then
echo "is_prerelease=true" >> $GITHUB_OUTPUT
else
echo "is_prerelease=false" >> $GITHUB_OUTPUT
fi
else
echo "version=latest" >> $GITHUB_OUTPUT
echo "is_prerelease=false" >> $GITHUB_OUTPUT
fi
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}},value=${{ steps.version.outputs.version }},enable=${{ steps.version.outputs.version != 'latest' }}
type=semver,pattern={{major}}.{{minor}},value=${{ steps.version.outputs.version }},enable=${{ steps.version.outputs.is_prerelease == 'false' && steps.version.outputs.version != 'latest' }}
type=semver,pattern={{major}},value=${{ steps.version.outputs.version }},enable=${{ steps.version.outputs.is_prerelease == 'false' && steps.version.outputs.version != 'latest' }}
type=raw,value=latest,enable=${{ steps.version.outputs.is_prerelease == 'false' }}
type=raw,value=main,enable=${{ steps.version.outputs.is_prerelease == 'false' }}
type=sha
# Tags: Full version (3.1.0-beta.3), major.minor (3.1 - stable only), major (3 - stable only)
# Only add latest/main and major version tags for stable releases (not pre-releases)
- name: Build and push Docker images
id: build
uses: docker/build-push-action@v5
with:
context: .
platforms: linux/amd64,linux/arm64
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: |
VERSION=${{ steps.version.outputs.version }}
- name: Generate artifact attestation
if: github.event_name != 'pull_request'
uses: actions/attest-build-provenance@v1
with:
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
subject-digest: ${{ steps.build.outputs.digest }}
push-to-registry: true