Merge pull request #72 from atlassian-labs/allow-secrets-from-file #70
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Docker | |
on: | |
push: | |
# Publish `master` as Docker `it's short sha commit id` image. | |
branches: | |
- master | |
# Publish `v1.2.3` tags as releases. | |
tags: | |
- v* | |
env: | |
IMAGE_NAME: cyclops | |
jobs: | |
push: | |
runs-on: ubuntu-latest | |
if: github.event_name == 'push' | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Set short sha variable | |
id: vars | |
run: echo "::set-output name=sha_short::$(git rev-parse --short HEAD)" | |
# Log in to GitHub Container registry | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
# a PAT with `read:packages` and `write:packages` scopes is an Actions secret `CR_PAT`. | |
# Doesn't support Org or Repo level PATs and no bot accounts | |
username: ${{ secrets.CR_PAT_USER }} | |
password: ${{ secrets.CR_PAT }} | |
- name: Push image to GitHub Container Registry | |
run: | | |
IMAGE_ID=ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME | |
# Change all uppercase to lowercase | |
IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]') | |
# Strip git ref prefix from version | |
VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') | |
# Use Docker `short_sha` tag convention | |
[ "$VERSION" == "master" ] && VERSION="${{ steps.vars.outputs.sha_short }}" | |
echo IMAGE_ID=$IMAGE_ID | |
echo VERSION=$VERSION | |
for ARCH in amd64 arm64; do | |
# Disable provenance, as this causes issues when creating the manifest | |
# See https://github.com/atlassian-labs/cyclops/issues/56 | |
docker buildx build --provenance=false -t $IMAGE_ID:$VERSION-$ARCH --platform=linux/${ARCH} --push . | |
done | |
docker manifest create $IMAGE_ID:$VERSION \ | |
$(for ARCH in amd64 arm64; do echo $IMAGE_ID:$VERSION-$ARCH; done) | |
docker manifest push $IMAGE_ID:$VERSION |