Skip to content

feat(ci): Upgrade Docker image creation #2

feat(ci): Upgrade Docker image creation

feat(ci): Upgrade Docker image creation #2

Workflow file for this run

---
name: Docker Image
on:
workflow_dispatch:
push:
tags:
- '**'
branches:
- main
paths:
- .github/workflows/tag.yml
- Dockerfile
pull_request:
branches:
- main
paths:
- .github/workflows/tag.yml
- Dockerfile
jobs:
build:
name: Build & Push to GAR
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
steps:
- name: Checkout latest commit
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # ratchet:actions/[email protected]
- name: Setup docker buildx action
uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # ratchet:docker/[email protected]
- name: Set Docker metadata
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # ratchet:docker/[email protected]
id: docker_meta
with:
images: |
europe-west2-docker.pkg.dev/inshur-prod0-repo0/inshur-docker/fy
tags: |
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
labels: |
org.opencontainers.image.description=Internal tool used for Infrastructure changes.
- name: Authenticate to GCP via Workload Identity
uses: google-github-actions/auth@62cf5bd3e4211a0a0b51f2c6d6a37129d828611d # ratchet:google-github-actions/[email protected]
id: gcp_login
with:
token_format: access_token
workload_identity_provider: projects/347460233552/locations/global/workloadIdentityPools/github/providers/github
service_account: [email protected]
- name: Login to Google Artifact Registry (GAR)
id: docker_login
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # ratchet:docker/[email protected]
with:
registry: europe-west2-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.gcp_login.outputs.access_token }}
- name: Build & push image to GAR
id: build_push
uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # ratchet:docker/[email protected]
with:
cache-from: type=registry,ref=europe-west2-docker.pkg.dev/inshur-prod0-repo0/inshur-docker/fy:cache
cache-to: type=registry,ref=europe-west2-docker.pkg.dev/inshur-prod0-repo0/inshur-docker/fy:cache,mode=max
# Do not push to registry when pushing to a PR
push: ${{ github.event_name != 'pull_request' }}
file: Dockerfile
tags: ${{ steps.docker_meta.outputs.tags }}
labels: ${{ steps.docker_meta.outputs.labels }}
platforms: linux/amd64,linux/arm64