cli-sandbox/.github/workflows/push.yaml at main · libops/cli-sandbox · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
name: build
on:
  push:
jobs:
  lint:
    permissions:
      contents: read
    runs-on: ubuntu-24.04
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
      - run: shellcheck *.sh
      - uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
        with:
          dockerfile: Dockerfile
          verbose: true
  push:
    needs: [lint]
    uses: libops/.github/.github/workflows/build-push.yaml@f39fff4fbd5096221d705143e88e5942f5d9a604 # main
    permissions:
      contents: read
      packages: write
    secrets: inherit
  push-cli:
    needs: [lint]
    if: github.ref == 'refs/heads/main'
    runs-on: ubuntu-24.04
    permissions:
      contents: read
      packages: write
    strategy:
      matrix:
        cli: [claude, codex, gemini, opencode]
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

      - uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4

      - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4

      - name: login
        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u "${{ github.actor }}" --password-stdin

      - uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7
        with:
          platforms: linux/amd64,linux/arm64
          build-args: CLI=${{ matrix.cli }}
          tags: ghcr.io/libops/cli-sandbox:${{ matrix.cli }}
          push: true
          cache-from: type=registry,ref=ghcr.io/libops/cli-sandbox:cache-${{ matrix.cli }}
          cache-to: type=registry,ref=ghcr.io/libops/cli-sandbox:cache-${{ matrix.cli }},mode=max