Skip to content
Publish on Github container registry

ci: use github as trusted publisher on PyPI (#124) #162

Sign in to view logs

ci: use github as trusted publisher on PyPI (#124)

ci: use github as trusted publisher on PyPI (#124) #162

Workflow file for this run

.github/workflows/docker-publish.yml at a14b63e
name: Publish on Github container registry
on:
release:
type: [published]
push:
branches: [main]
pull_request:
paths:
- 'pyproject.toml'
- './docker/**'
- '.github/workflows/**'
env:
REGISTRY: ghcr.io
jobs:
build-image:
runs-on: ubuntu-latest
if: github.ref != 'refs/heads/main'
permissions:
contents: read
packages: write
steps:
# https://github.com/actions/checkout
- name: checkout repository
uses: actions/checkout@v4
- name: lowercase image name
run: |
echo "IMAGE_NAME=${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV}
# https://github.com/docker/setup-qemu-action
- name: Set up QEMU
uses: docker/setup-qemu-action@v3.0.0
# https://github.com/docker/setup-buildx-action
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3.0.0
- name: Get current release version
id: release-version
run: |
version=$(grep -E '^version += +' pyproject.toml | sed -E 's/.*= +//' | sed "s/['\"]//g")
echo "version=${version}" >> $GITHUB_OUTPUT
echo "version_build=${version}_"$(git rev-parse --short "$GITHUB_SHA") >> $GITHUB_OUTPUT
# https://github.com/docker/build-push-action
- name: Build Docker image
uses: docker/build-push-action@v5.0.0
with:
context: .
platforms: linux/amd64,linux/arm64
file: .docker/Dockerfile
push: false
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.release-version.outputs.version_build }}
build-args: VERSION_BUILD=${{ steps.release-version.outputs.version_build }}
outputs: type=image,annotation-index.org.opencontainers.image.description=Extract linked metadata from repositories.
push-image:
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
permissions:
contents: read
packages: write
steps:
# https://github.com/actions/checkout
- name: checkout repository
uses: actions/checkout@v4
- name: lowercase image name
run: |
echo "IMAGE_NAME=${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV}
# https://github.com/docker/setup-qemu-action
- name: Set up QEMU
uses: docker/setup-qemu-action@v3.0.0
# https://github.com/docker/setup-buildx-action
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3.0.0
- name: Get current release version
id: release-version
run: |
version=$(grep -E '^version += +' pyproject.toml | sed -E 's/.*= +//' | sed "s/['\"]//g")
echo "version=${version}" >> $GITHUB_OUTPUT
echo "version_build=${version}_"$(git rev-parse --short "$GITHUB_SHA") >> $GITHUB_OUTPUT
# https://github.com/docker/login-action
- name: Log in to the Container registry
uses: docker/login-action@v3.0.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# https://github.com/docker/metadata-action
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5.0.0
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=raw,value=latest,enable=${{ github.event_name == 'push' }}
type=raw,value=${{ needs.build-image.outputs.version_build }},enable=${{ github.event_name == 'push' }}
type=raw,value=${{ needs.build-image.outputs.version }},enable=${{ github.event_name == 'release' }}
# https://github.com/docker/build-push-action
- name: Push Docker image
uses: docker/build-push-action@v5.0.0
with:
context: .
platforms: linux/amd64,linux/arm64
file: .docker/Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: VERSION_BUILD=${{ needs.build-image.outputs.version_build }}
outputs: type=image,annotation-index.org.opencontainers.image.description=Extract linked metadata from repositories.