mirror of
https://github.com/johannesjo/super-productivity.git
synced 2026-07-19 01:17:31 +00:00
Bumps the github-actions-minor group with 3 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action) and [github/codeql-action](https://github.com/github/codeql-action). Updates `step-security/harden-runner` from 2.19.0 to 2.19.1 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](8d3c67de8e...a5ad31d6a1) Updates `anthropics/claude-code-action` from 1.0.107 to 1.0.111 - [Release notes](https://github.com/anthropics/claude-code-action/releases) - [Commits](567fe954a4...fefa07e9c6) Updates `github/codeql-action` from 4.35.2 to 4.35.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](95e58e9a2c...e46ed2cbd0) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.19.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-minor - dependency-name: anthropics/claude-code-action dependency-version: 1.0.111 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-minor - dependency-name: github/codeql-action dependency-version: 4.35.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
75 lines
2.3 KiB
YAML
75 lines
2.3 KiB
YAML
name: Build and Push SuperSync Docker Image
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
no_cache:
|
|
description: 'Build without cache'
|
|
required: false
|
|
type: boolean
|
|
default: true
|
|
|
|
jobs:
|
|
build-and-push:
|
|
name: Build and Push to GHCR
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
|
|
steps:
|
|
- name: Harden Runner
|
|
uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
|
|
with:
|
|
egress-policy: audit
|
|
allowed-endpoints: >
|
|
api.github.com:443
|
|
github.com:443
|
|
ghcr.io:443
|
|
registry.npmjs.org:443
|
|
objects.githubusercontent.com:443
|
|
|
|
- name: Check out the repo
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Reconfigure git to use HTTP authentication
|
|
run: >
|
|
git config --global url."https://github.com/".insteadOf
|
|
ssh://git@github.com/
|
|
|
|
- name: Log in to GitHub Container Registry
|
|
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v2
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Extract metadata (tags, labels)
|
|
id: meta
|
|
uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf
|
|
with:
|
|
images: ghcr.io/super-productivity/supersync
|
|
tags: |
|
|
type=raw,value=latest
|
|
type=sha,prefix={{branch}}-
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
|
|
|
|
- name: Build and push Docker image
|
|
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
|
|
with:
|
|
context: .
|
|
file: ./packages/super-sync-server/Dockerfile
|
|
push: true
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
labels: ${{ steps.meta.outputs.labels }}
|
|
no-cache: ${{ github.event_name == 'workflow_dispatch' && inputs.no_cache || false }}
|
|
platforms: linux/amd64
|
|
cache-from: type=gha
|
|
cache-to: type=gha,mode=max
|
|
|
|
- name: Image digest
|
|
run: echo "Image pushed with digest ${{ steps.meta.outputs.tags }}"
|