Skip to content

build-push

build-push #10483

Workflow file for this run

name: build-push
on:
push:
branches-ignore:
- gh-readonly-queue/**
merge_group:
concurrency:
group: ${{ github.workflow }}-${{ github.event_name == 'push' && github.ref_name || github.run_number }}
cancel-in-progress: ${{ github.ref_name != 'main' && github.event_name == 'push' }}
permissions:
contents: read
env:
DRY_RUN: ${{ github.ref_name != github.event.repository.default_branch && !startsWith(github.ref_name, 'maint/') }}
OWNER: ${{ github.repository_owner }}
FILE: base
BUILDKIT_PROGRESS: plain
BUILDX_NO_DEFAULT_LOAD: 1
CONTAINERBASE_VERSION: ${{ github.sha }}
APT_HTTP_PROXY: http://172.17.0.1:8000
jobs:
build:
uses: ./.github/workflows/build.yml
permissions:
contents: read
checks: write
secrets:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
release:
needs: [build]
runs-on: ubuntu-latest
timeout-minutes: 15
permissions:
contents: write
packages: write
id-token: write
steps:
- name: docker-config
uses: containerbase/internal-tools@24c6f15bd531c658751f021e3093c2ec4a569a5d # v3.4.34
with:
command: docker-config
# full checkout for semantic-release
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
show-progress: false
filter: blob:none # we don't need all blobs
- uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
- name: init
run: |
echo "OWNER=${OWNER,,}" >> ${GITHUB_ENV}
echo "CACHE_WEEK=$(date +%U)" >> $GITHUB_ENV
- name: 📥 Setup Node.js
uses: ./.github/actions/setup-node
- name: Docker registry login
if: github.ref_name == github.event.repository.default_branch || startsWith(github.ref_name, 'maint/')
run: |
echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin
- name: prepare apt proxy
uses: ./.github/actions/prepare-proxy
- name: semantic-release
if: github.event_name == 'push'
run: pnpm semantic-release --dry-run ${{env.DRY_RUN}} --ci ${{env.DRY_RUN != 'true'}}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}