Version Packages (#602) #6
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This pipeline runs for every new tag. It will pull the docker container for | |
| # the commit hash of the tag, and will publish it as `:<tag-name>` and `latest`. | |
| name: Release Package | |
| on: | |
| push: | |
| tags: | |
| - '*' | |
| jobs: | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| env: | |
| DOCKER_IMAGE: ghcr.io/nordeck/matrix-poll-widget | |
| steps: | |
| - name: Generate Docker metadata of the existing image | |
| id: meta-existing-tag | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.DOCKER_IMAGE }} | |
| tags: | | |
| type=sha,prefix= | |
| - name: Generate Docker metadata of the new image | |
| id: meta-new-tags | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.DOCKER_IMAGE }} | |
| labels: | | |
| org.opencontainers.image.title=Matrix Poll Widget | |
| org.opencontainers.image.description=A poll widget for Matrix | |
| org.opencontainers.image.vendor=Nordeck IT + Consulting GmbH | |
| tags: | | |
| type=semver,pattern={{version}} | |
| - name: Generate Dockerfile | |
| env: | |
| SOURCE_IMAGE: ${{ fromJSON(steps.meta-existing-tag.outputs.json).tags[0] }} | |
| run: | | |
| echo "FROM $SOURCE_IMAGE" > Dockerfile | |
| - name: Login to ghcr.io | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Install Cosign | |
| uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # @v3.7.0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build and push | |
| id: build_and_push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| push: true | |
| context: . | |
| tags: ${{ steps.meta-new-tags.outputs.tags }} | |
| labels: ${{ steps.meta-new-tags.outputs.labels }} | |
| platforms: linux/amd64,linux/arm64,linux/s390x | |
| - name: Sign the images with GitHub OIDC Token | |
| env: | |
| DIGEST: ${{ steps.build_and_push.outputs.digest }} | |
| run: cosign sign --yes "${DOCKER_IMAGE}@${DIGEST}" |