Skip to content

Build and Push Docker Image #178

Build and Push Docker Image

Build and Push Docker Image #178

Workflow file for this run

name: Build and Push Docker Image
on:
schedule:
- cron: "0 0 * * *"
push:
branches:
- main
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
build-and-push:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push
id: push-step
uses: docker/build-push-action@v5
with:
context: .
file: Dockerfile
cache-from: type=gha
cache-to: type=gha,mode=max
push: ${{ github.ref == 'refs/heads/main' }}
platforms: linux/amd64
tags: |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
# Install Cosign
- uses: sigstore/cosign-installer@main
if: ${{ github.ref == 'refs/heads/main' }}
# Cosign the OCI artifact
- name: Sign the OCI artifact
if: ${{ github.ref == 'refs/heads/main' }}
run: cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.push-step.outputs.digest }}
env:
COSIGN_EXPERIMENTAL: 1
- name: Verify the image signing
if: ${{ github.ref == 'refs/heads/main' }}
run: |
cosign verify \
--certificate-identity "https://github.com/paolomainardi/docker-release-it/.github/workflows/docker-publish.yml@refs/heads/main" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.push-step.outputs.digest }} | jq .