Bump the compound group with 2 updates (#255) #260
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-FileCopyrightText: Copyright 2025 New Vector Ltd. | |
| # SPDX-FileCopyrightText: Copyright 2025, 2026 Element Creations Ltd. | |
| # | |
| # SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial | |
| name: Build artifacts | |
| on: | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - v* | |
| env: | |
| IMAGE: oci-push.vpn.infra.element.io/element-admin | |
| jobs: | |
| build: | |
| name: Build and push Docker image | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: Tailscale | |
| uses: tailscale/github-action@v4 | |
| with: | |
| oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }} | |
| audience: ${{ secrets.TS_AUDIENCE }} | |
| tags: tag:github-actions | |
| - name: Compute vault jwt role name | |
| id: vault-jwt-role | |
| run: | | |
| echo "role_name=github_service_management_$( echo "${{ github.repository }}" | sed -r 's|[/-]|_|g')" | tee -a "$GITHUB_OUTPUT" | |
| - name: Get team backend registry token | |
| id: import-secrets | |
| uses: hashicorp/vault-action@v3 | |
| with: | |
| url: https://vault.infra.ci.i.element.dev | |
| role: ${{ steps.vault-jwt-role.outputs.role_name }} | |
| path: service-management/github-actions | |
| jwtGithubAudience: https://vault.infra.ci.i.element.dev | |
| method: jwt | |
| secrets: | | |
| services/backend-repositories/secret/data/oci.element.io username | OCI_USERNAME ; | |
| services/backend-repositories/secret/data/oci.element.io password | OCI_PASSWORD ; | |
| - name: Login to Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: oci-push.vpn.infra.element.io | |
| username: ${{ steps.import-secrets.outputs.OCI_USERNAME }} | |
| password: ${{ steps.import-secrets.outputs.OCI_PASSWORD }} | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/[email protected] | |
| with: | |
| images: "${{ env.IMAGE }}" | |
| bake-target: docker-metadata-action | |
| flavor: | | |
| latest=auto | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| type=sha | |
| - name: Set up Docker Buildx | |
| uses: docker/[email protected] | |
| with: | |
| buildkitd-config-inline: | | |
| [registry."docker.io"] | |
| mirrors = ["mirror.gcr.io"] | |
| - name: Build and push | |
| id: bake | |
| uses: docker/[email protected] | |
| with: | |
| files: | | |
| ./docker/docker-bake.hcl | |
| cwd://${{ steps.meta.outputs.bake-file }} | |
| set: | | |
| base.output=type=image,push=true |