1+ name : Build and Push Docker Image
2+
3+ on :
4+ push :
5+ branches :
6+ - main
7+ - master
8+ pull_request :
9+ branches :
10+ - main
11+ - master
12+ workflow_dispatch :
13+
14+ env :
15+ REGISTRY : ghcr.io
16+ IMAGE_NAME : ${{ github.repository }}
17+
18+ jobs :
19+ build-and-push :
20+ runs-on : ubuntu-latest
21+ permissions :
22+ contents : read
23+ packages : write
24+
25+ steps :
26+ - name : Checkout repository
27+ uses : actions/checkout@v4
28+
29+ - name : Set up Docker Buildx
30+ uses : docker/setup-buildx-action@v3
31+
32+ - name : Log in to Container Registry
33+ uses : docker/login-action@v3
34+ with :
35+ registry : ${{ env.REGISTRY }}
36+ username : ${{ github.actor }}
37+ password : ${{ secrets.GITHUB_TOKEN }}
38+
39+ - name : Extract metadata
40+ id : meta
41+ uses : docker/metadata-action@v5
42+ with :
43+ images : ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
44+ tags : |
45+ type=ref,event=branch
46+ type=ref,event=pr
47+ type=sha,prefix={{branch}}-
48+ type=raw,value=latest,enable={{is_default_branch}}
49+
50+ name : Build and push Docker image
51+ uses : docker/build-push-action@v5
52+ with :
53+ context : .
54+ platforms : linux/amd64,linux/arm64
55+ push : true
56+ tags : ${{ steps.meta.outputs.tags }}
57+ labels : ${{ steps.meta.outputs.labels }}
58+ cache-from : type=gha
59+ cache-to : type=gha,mode=max
60+
61+ - name : Generate artifact attestation
62+ uses : actions/attest-build-provenance@v1
63+ with :
64+ subject-name : ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
65+ subject-digest : ${{ steps.build.outputs.digest }}
66+ push-to-registry : true
0 commit comments