Merge pull request #119 from inCaller/ghcr_readme #61
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: CI/CD | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - master | |
| jobs: | |
| hadolint: | |
| name: Test dockerfile syntax | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out the codebase. | |
| uses: actions/checkout@main | |
| - name: Install hadolint. | |
| run: | | |
| sudo curl -L https://github.com/hadolint/hadolint/releases/download/v$HADOLINT_VERSION/hadolint-$(uname -s)-$(uname -m) -o /usr/local/bin/hadolint | |
| sudo chmod 755 /usr/local/bin/hadolint | |
| env: | |
| HADOLINT_VERSION: 2.12.0 | |
| - name: Run hadolint. | |
| run: hadolint --ignore DL3003 --ignore DL3018 Dockerfile | |
| build: | |
| name: Build and test docker | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out the codebase. | |
| uses: actions/checkout@main | |
| - name: Build docker image. | |
| run: docker build --no-cache --tag ${GITHUB_REPOSITORY,,}:${GITHUB_RUN_ID} . | |
| - name: Run a container of created image. | |
| run: | | |
| DOCKERCONTAINER=$(docker run -d ${GITHUB_REPOSITORY,,}:${GITHUB_RUN_ID}) | |
| sleep 5 | |
| echo "DOCKERCONTAINER=$DOCKERCONTAINER" >> $GITHUB_ENV | |
| - name: Check if container is still running. | |
| run: docker ps -f id=${DOCKERCONTAINER} | |
| - name: Check if the container is correctly stopped and removed. | |
| run: docker stop ${DOCKERCONTAINER} && docker rm -fv ${DOCKERCONTAINER} | |
| deploy: | |
| if: ${{ github.ref == 'refs/heads/master' }} | |
| needs: [hadolint, build] | |
| name: Push to ghcr.io | |
| runs-on: ubuntu-latest | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| permissions: | |
| contents: read | |
| packages: write | |
| attestations: write | |
| id-token: write | |
| steps: | |
| - name: Check out the codebase. | |
| uses: actions/checkout@main | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@master | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: aminvakil | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@master | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| - name: Build and push Docker image | |
| id: push | |
| uses: docker/build-push-action@master | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest | |
| labels: ${{ steps.meta.outputs.labels }} | |
| - name: Generate artifact attestation | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} | |
| subject-digest: ${{ steps.push.outputs.digest }} | |
| push-to-registry: true |