mirror of
https://github.com/johannesjo/super-productivity.git
synced 2026-07-18 17:05:48 +00:00
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 7. - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v5...v7) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
106 lines
3.3 KiB
YAML
106 lines
3.3 KiB
YAML
name: Build and Push SuperSync Docker Image
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- master
|
|
paths:
|
|
- '.dockerignore'
|
|
- '.github/workflows/supersync-docker.yml'
|
|
- 'package.json'
|
|
- 'package-lock.json'
|
|
- 'packages/shared-schema/**'
|
|
- 'packages/sync-core/**'
|
|
- 'packages/super-sync-server/**'
|
|
workflow_dispatch:
|
|
inputs:
|
|
no_cache:
|
|
description: 'Build without cache'
|
|
required: false
|
|
type: boolean
|
|
default: true
|
|
|
|
jobs:
|
|
build-and-push:
|
|
name: Build and Push to GHCR
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4
|
|
with:
|
|
egress-policy: audit
|
|
allowed-endpoints: >
|
|
api.github.com:443
|
|
github.com:443
|
|
ghcr.io:443
|
|
registry.npmjs.org:443
|
|
objects.githubusercontent.com:443
|
|
|
|
- name: Check out the repo
|
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6
|
|
with:
|
|
fetch-depth: 0
|
|
persist-credentials: false
|
|
|
|
- name: Reconfigure git to use HTTP authentication
|
|
run: >
|
|
git config --global url."https://github.com/".insteadOf
|
|
ssh://git@github.com/
|
|
|
|
- name: Log in to GitHub Container Registry
|
|
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v2
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Extract metadata (tags)
|
|
id: meta
|
|
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9
|
|
with:
|
|
images: ghcr.io/super-productivity/supersync
|
|
tags: |
|
|
type=raw,value=latest
|
|
type=sha,prefix={{branch}}-
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
|
|
|
|
- name: Resolve image source revision
|
|
id: source-ref
|
|
shell: bash
|
|
run: |
|
|
revision="$(git log -1 --format=%H -- \
|
|
.dockerignore \
|
|
.github/workflows/supersync-docker.yml \
|
|
package.json \
|
|
package-lock.json \
|
|
packages/shared-schema \
|
|
packages/sync-core \
|
|
packages/super-sync-server)"
|
|
if [ -z "$revision" ]; then
|
|
echo "Could not resolve SuperSync image source revision" >&2
|
|
exit 1
|
|
fi
|
|
echo "revision=$revision" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Build and push Docker image
|
|
uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
|
|
with:
|
|
context: .
|
|
file: ./packages/super-sync-server/Dockerfile
|
|
push: true
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
build-args: |
|
|
VCS_REF=${{ steps.source-ref.outputs.revision }}
|
|
no-cache: ${{ github.event_name == 'workflow_dispatch' && inputs.no_cache || false }}
|
|
platforms: linux/amd64
|
|
cache-from: type=gha
|
|
cache-to: type=gha,mode=max
|
|
|
|
- name: Image digest
|
|
run: echo "Image pushed with digest ${{ steps.meta.outputs.tags }}"
|