| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475 |
- name: Docker image builds
- on:
- workflow_dispatch:
- push:
- branches: ["main"]
- tags: ["v*"]
- env:
- DOCKER_METADATA_SET_OUTPUT_ENV: "true"
- permissions:
- contents: read
- packages: write
- attestations: write
- id-token: write
- pull-requests: write
- jobs:
- build:
- runs-on: ubuntu-24.04
- steps:
- - name: Checkout code
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- with:
- fetch-tags: true
- fetch-depth: 0
- persist-credentials: false
- - name: build essential
- run: |
- sudo apt-get update
- sudo apt-get install -y build-essential
- - name: Set lowercase image name
- run: |
- echo "IMAGE=ghcr.io/${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV
- - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
- with:
- node-version: "24.11.0"
- - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
- with:
- go-version: "1.25.4"
- - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9
- - name: Log into registry
- uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
- with:
- registry: ghcr.io
- username: ${{ github.repository_owner }}
- password: ${{ secrets.GITHUB_TOKEN }}
- - name: Docker meta
- id: meta
- uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
- with:
- images: ${{ env.IMAGE }}
- - name: Build and push
- id: build
- run: |
- npm ci
- npm run container
- env:
- DOCKER_REPO: ${{ env.IMAGE }}
- SLOG_LEVEL: debug
- - name: Generate artifact attestation
- uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0
- with:
- subject-name: ${{ env.IMAGE }}
- subject-digest: ${{ steps.build.outputs.digest }}
- push-to-registry: true
|
