Build and publish images for container registries

release/20250920-1 #42

Workflow file for this run

.github/workflows/publish.yml at 02ed8b1

	name: Build and publish images for container registries

	on:
	release:
	types: [published]

	jobs:
	prepare:
	runs-on: ubuntu-latest
	outputs:
	targets: ${{ steps.generate.outputs.targets }}
	steps:
	- name: Checkout
	uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # actions/checkout@v5
	- name: List targets
	id: generate
	uses: docker/bake-action/subaction/list-targets@3acf805d94d93a86cce4ca44798a76464a75b88c # docker/bake-action/subaction/list-targets@v6

	build:
	name: Build ${{ matrix.target }}
	runs-on: ubuntu-latest
	needs:
	- prepare
	permissions:
	contents: read
	packages: write
	id-token: write # needed for signing the images with GitHub OIDC Token
	strategy:
	matrix:
	target: ${{ fromJson(needs.prepare.outputs.targets) }}
	steps:
	- name: Checkout
	uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # actions/checkout@v5
	with:
	fetch-depth: 1

	- name: Install Cosign
	uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # sigstore/[email protected]

	# https://github.com/docker/setup-qemu-action
	- name: Set up QEMU
	uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # docker/setup-qemu-action@v3
	with:
	image: tonistiigi/binfmt:qemu-v9.2.0

	# https://github.com/docker/setup-buildx-action
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # docker/[email protected]
	with:
	driver-opts: image=moby/buildkit:master

	- name: Login to DockerHub
	uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # docker/[email protected]
	with:
	username: ${{ secrets.dockerhub_user }}
	password: ${{ secrets.dockerhub_token }}

	- name: Login to GitHub Container Registry
	uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # docker/[email protected]
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: 'Build and push ${{ matrix.target }}'
	id: build-and-push
	uses: docker/bake-action@3acf805d94d93a86cce4ca44798a76464a75b88c # docker/[email protected]
	with:
	files: \|
	./docker-bake.hcl
	targets: ${{ matrix.target }}
	push: true
	provenance: true
	sbom: true

	- name: 'Sign the image for ${{ matrix.target }} with GitHub OIDC Token'
	env:
	METADATA: ${{ steps.build-and-push.outputs.metadata }}
	run: \|
	DIGEST=$(echo ${METADATA} \| jq -r '."${{ matrix.target }}" ."containerimage.digest"')
	TAGS=$(echo ${METADATA} \| jq -r '."${{ matrix.target }}" ."image.name" \| tostring' \| tr ',' '\n')
	images=""
	for tag in ${TAGS}; do
	images+="${tag}@${DIGEST} "
	done
	cosign sign --yes ${images}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

release/20250920-1 #42

Workflow file

release/20250920-1 #42

Uh oh!

Jobs

Run details

Workflow file for this run