Skip to content

Merge pull request #72 from atlassian-labs/allow-secrets-from-file #70

Merge pull request #72 from atlassian-labs/allow-secrets-from-file

Merge pull request #72 from atlassian-labs/allow-secrets-from-file #70

name: Docker
on:
push:
# Publish `master` as Docker `it's short sha commit id` image.
branches:
- master
# Publish `v1.2.3` tags as releases.
tags:
- v*
env:
IMAGE_NAME: cyclops
jobs:
push:
runs-on: ubuntu-latest
if: github.event_name == 'push'
steps:
- uses: actions/checkout@v3
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v2
- name: Set short sha variable
id: vars
run: echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
# Log in to GitHub Container registry
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
# a PAT with `read:packages` and `write:packages` scopes is an Actions secret `CR_PAT`.
# Doesn't support Org or Repo level PATs and no bot accounts
username: ${{ secrets.CR_PAT_USER }}
password: ${{ secrets.CR_PAT }}
- name: Push image to GitHub Container Registry
run: |
IMAGE_ID=ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME
# Change all uppercase to lowercase
IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')
# Strip git ref prefix from version
VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
# Use Docker `short_sha` tag convention
[ "$VERSION" == "master" ] && VERSION="${{ steps.vars.outputs.sha_short }}"
echo IMAGE_ID=$IMAGE_ID
echo VERSION=$VERSION
for ARCH in amd64 arm64; do
# Disable provenance, as this causes issues when creating the manifest
# See https://github.com/atlassian-labs/cyclops/issues/56
docker buildx build --provenance=false -t $IMAGE_ID:$VERSION-$ARCH --platform=linux/${ARCH} --push .
done
docker manifest create $IMAGE_ID:$VERSION \
$(for ARCH in amd64 arm64; do echo $IMAGE_ID:$VERSION-$ARCH; done)
docker manifest push $IMAGE_ID:$VERSION