Build and Push Docker Image #163

Workflow file for this run

	name: Build and Push Docker Image

	on:
	schedule:
	- cron: "0 0 * * *"
	push:
	branches:
	- main

	env:
	REGISTRY: ghcr.io
	IMAGE_NAME: ${{ github.repository }}

	jobs:
	build-and-push:
	runs-on: ubuntu-latest

	permissions:
	contents: read
	packages: write
	id-token: write

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Login to GitHub Container Registry
	uses: docker/login-action@v3
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Build and push
	id: push-step
	uses: docker/build-push-action@v5
	with:
	context: .
	file: Dockerfile
	cache-from: type=gha
	cache-to: type=gha,mode=max
	push: ${{ github.ref == 'refs/heads/main' }}
	platforms: linux/amd64
	tags: \|
	${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest

	# Install Cosign
	- uses: sigstore/cosign-installer@main
	if: ${{ github.ref == 'refs/heads/main' }}

	# Cosign the OCI artifact
	- name: Sign the OCI artifact
	if: ${{ github.ref == 'refs/heads/main' }}
	run: cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.push-step.outputs.digest }}
	env:
	COSIGN_EXPERIMENTAL: 1

	- name: Verify the image signing
	if: ${{ github.ref == 'refs/heads/main' }}
	run: \|
	cosign verify \
	--certificate-identity "https://github.com/paolomainardi/docker-release-it/.github/workflows/docker-publish.yml@refs/heads/main" \
	--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
	${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.push-step.outputs.digest }} \| jq .

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Build and Push Docker Image #163

Workflow file

Build and Push Docker Image #163

Jobs

Run details

Workflow file for this run