ensure dry-run is respected #43

Workflow file for this run

.github/workflows/release.yml at 637b7c8

	name: Release

	on:
	push:
	branches: [main]
	tags: ['*']

	permissions: read-all

	env:
	DOCKER_PLATFORMS: linux/amd64,linux/arm64

	jobs:
	ci:
	name: CI
	permissions:
	contents: read
	uses: ./.github/workflows/ci.yml
	secrets: inherit

	release:
	name: Docker Build & Push
	runs-on: ubuntu-latest
	needs: [ci]
	permissions:
	contents: write
	packages: write
	id-token: write # cosign keyless signing
	attestations: write

	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

	- name: Set up QEMU
	uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

	- name: Log in to GHCR
	uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Log in to Docker Hub
	uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Log in to Quay.io
	uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
	with:
	registry: quay.io
	username: ${{ secrets.QUAY_USERNAME }}
	password: ${{ secrets.QUAY_PASSWORD }}

	- name: Docker metadata
	id: meta
	uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
	with:
	images: \|
	ghcr.io/${{ github.repository }}
	docker.io/codeswhat/drydock
	quay.io/codeswhat/drydock
	tags: \|
	# branch name (main)
	type=ref,event=branch
	# full semver on tags (e.g. 9.0.0)
	type=semver,pattern={{version}}
	# major.minor on tags (e.g. 9.0)
	type=semver,pattern={{major}}.{{minor}}
	# major on tags (e.g. 9)
	type=semver,pattern={{major}}
	# latest on tags
	type=raw,value=latest,enable=${{ startsWith(github.ref, 'refs/tags/') }}

	- name: Build and push
	id: build
	uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
	with:
	context: .
	push: true
	platforms: ${{ env.DOCKER_PLATFORMS }}
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	build-args: DD_VERSION=${{ steps.meta.outputs.version }}
	sbom: true
	no-cache: true

	- name: Install cosign
	uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2

	- name: Sign container images
	env:
	DIGEST: ${{ steps.build.outputs.digest }}
	TAGS: ${{ steps.meta.outputs.tags }}
	run: \|
	images=""
	for tag in ${TAGS}; do
	images+="${tag}@${DIGEST} "
	done
	cosign sign --yes ${images}

	- name: Attest build provenance
	uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0
	with:
	subject-name: ghcr.io/${{ github.repository }}
	subject-digest: ${{ steps.build.outputs.digest }}
	push-to-registry: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ensure dry-run is respected #43

Workflow file

ensure dry-run is respected #43

Uh oh!

Workflow file for this run