Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
T
tun
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Locked Files
Issues
0
Issues
0
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Security & Compliance
Security & Compliance
Dependency List
License Compliance
Packages
Packages
List
Container Registry
Analytics
Analytics
CI / CD
Code Review
Insights
Issues
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Railgun
tun
Commits
b383593f
Commit
b383593f
authored
Jul 01, 2022
by
七海千秋
Committed by
GitHub
Jul 01, 2022
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Create docker-publish.yml
parent
2a56d6c4
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
93 additions
and
0 deletions
+93
-0
.github/workflows/docker-publish.yml
.github/workflows/docker-publish.yml
+93
-0
No files found.
.github/workflows/docker-publish.yml
0 → 100644
View file @
b383593f
name
:
Docker
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
on
:
schedule
:
-
cron
:
'
37
14
*
*
*'
push
:
branches
:
[
"
master"
]
# Publish semver tags as releases.
tags
:
[
'
v*.*.*'
]
pull_request
:
branches
:
[
"
master"
]
env
:
# Use docker.io for Docker Hub if empty
REGISTRY
:
ghcr.io
# github.repository as <account>/<repo>
IMAGE_NAME
:
${{ github.repository }}
jobs
:
build
:
runs-on
:
ubuntu-latest
permissions
:
contents
:
read
packages
:
write
# This is used to complete the identity challenge
# with sigstore/fulcio when running outside of PRs.
id-token
:
write
steps
:
-
name
:
Checkout repository
uses
:
actions/checkout@v3
# Install the cosign tool except on PR
# https://github.com/sigstore/cosign-installer
-
name
:
Install cosign
if
:
github.event_name != 'pull_request'
uses
:
sigstore/cosign-installer@7e0881f8fe90b25e305bbf0309761e9314607e25
with
:
cosign-release
:
'
v1.9.0'
# Workaround: https://github.com/docker/build-push-action/issues/461
-
name
:
Setup Docker buildx
uses
:
docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
# Login against a Docker registry except on PR
# https://github.com/docker/login-action
-
name
:
Log into registry ${{ env.REGISTRY }}
if
:
github.event_name != 'pull_request'
uses
:
docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
with
:
registry
:
${{ env.REGISTRY }}
username
:
${{ github.actor }}
password
:
${{ secrets.GITHUB_TOKEN }}
# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
-
name
:
Extract Docker metadata
id
:
meta
uses
:
docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
with
:
images
:
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
-
name
:
Build and push Docker image
id
:
build-and-push
uses
:
docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a
with
:
context
:
.
push
:
${{ github.event_name != 'pull_request' }}
tags
:
${{ steps.meta.outputs.tags }}
labels
:
${{ steps.meta.outputs.labels }}
# Sign the resulting Docker image digest except on PRs.
# This will only write to the public Rekor transparency log when the Docker
# repository is public to avoid leaking data. If you would like to publish
# transparency data even for private images, pass --force to cosign below.
# https://github.com/sigstore/cosign
-
name
:
Sign the published Docker image
if
:
${{ github.event_name != 'pull_request' }}
env
:
COSIGN_EXPERIMENTAL
:
"
true"
# This step uses the identity token to provision an ephemeral certificate
# against the sigstore community Fulcio instance.
run
:
cosign sign ${{ steps.meta.outputs.tags }}@${{ steps.build-and-push.outputs.digest }}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment