mirror of
https://github.com/the-draupnir-project/Draupnir.git
synced 2026-05-20 22:35:36 +00:00
Catalan Lover
a1a8537e8a
* Perfect Attestation work and cleanup missing GHCR Attestation * Fix missing artifact-metadata: write perm ghcr
87 lines
3.0 KiB
YAML
87 lines
3.0 KiB
YAML
# SPDX-FileCopyrightText: 2024 Gnuxie <Gnuxie@protonmail.com>
|
|
# SPDX-FileCopyrightText: 2026 Catalan Lover <catalanlover@protonmail.com>
|
|
#
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
# Copied from https://github.com/matrix-org/matrix-bifrost/blob/develop/.github/workflows/docker-hub-latest.yml
|
|
|
|
name: "Docker Hub - Develop"
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
|
|
env:
|
|
DOCKER_NAMESPACE: gnuxie
|
|
PLATFORMS: linux/amd64,linux/arm64
|
|
# Only push if this is main, otherwise we just want to build
|
|
PUSH: ${{ github.ref == 'refs/heads/main' }}
|
|
IMG_SOURCE: https://github.com/${{ github.repository }}
|
|
|
|
jobs:
|
|
docker-latest:
|
|
runs-on: ubuntu-latest
|
|
if: ${{ github.repository == 'the-draupnir-project/Draupnir' }}
|
|
permissions:
|
|
id-token: write
|
|
contents: read
|
|
attestations: write
|
|
artifact-metadata: write
|
|
steps:
|
|
- name: Check out
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
|
|
with:
|
|
fetch-depth: 0
|
|
fetch-tags: true
|
|
|
|
# Needed for multi platform builds
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a
|
|
with:
|
|
platforms: ${{ env.PLATFORMS }}
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd
|
|
|
|
- name: Log in to Docker Hub
|
|
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121
|
|
with:
|
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
|
|
- name: Build image
|
|
id: push
|
|
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f
|
|
with:
|
|
context: .
|
|
file: ./Dockerfile
|
|
platforms: ${{ env.PLATFORMS }}
|
|
push: ${{ env.PUSH }}
|
|
# Shared Buildx cache scope reused by all container image workflows.
|
|
# Keep the scope name aligned across workflows to maximize cache hits.
|
|
cache-from: type=gha,scope=draupnir-container-build
|
|
cache-to: type=gha,scope=draupnir-container-build,mode=max
|
|
labels: |
|
|
org.opencontainers.image.source=${{ env.IMG_SOURCE }}
|
|
org.opencontainers.image.revision=${{ github.sha }}
|
|
org.opencontainers.image.version=${{ github.ref_name }}-${{ github.sha }}
|
|
org.opencontainers.image.ref.name=${{ github.ref_name }}
|
|
org.opencontainers.image.licenses=Apache-2.0
|
|
|
|
# prettier-ignore
|
|
outputs: type=image,name=target,annotation-index.org.opencontainers.image.description=Draupnir is a community management platform for Matrix.
|
|
sbom: true
|
|
provenance: true
|
|
tags: |
|
|
${{ env.DOCKER_NAMESPACE }}/draupnir:develop
|
|
|
|
- name: Attest pushed image
|
|
id: attest
|
|
if: ${{ env.PUSH == 'true' }}
|
|
uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26
|
|
with:
|
|
subject-name: docker.io/${{ env.DOCKER_NAMESPACE }}/draupnir
|
|
subject-digest: ${{ steps.push.outputs.digest }}
|
|
push-to-registry: true
|