name: Docker on: push: branches: [ main, sandbox ] # Publish semver tags as releases. tags: [ 'v*.*.*' ] env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} concurrency: group: ${{ github.ref }} cancel-in-progress: true jobs: docker: runs-on: ubuntu-latest permissions: contents: read packages: write id-token: write steps: - name: Checkout repository uses: actions/checkout@v2 - name: Set up depot.dev multi-arch runner uses: depot/setup-action@v1 # Login against a Docker registry except on PR # https://github.com/docker/login-action - name: Log into registry ${{ env.REGISTRY }} if: github.event_name != 'pull_request' uses: docker/login-action@v2 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} # Extract metadata (tags, labels) for Docker # https://github.com/docker/metadata-action - name: Extract Docker metadata id: meta uses: docker/metadata-action@v4 with: flavor: | latest=${{ github.event_name == 'push' && contains(github.ref, 'refs/tags/') }} tags: | type=ref,enable=true,event=branch type=ref,enable=true,event=tag images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} # Build and push Docker image with Buildx (don't push on PR) # https://github.com/docker/build-push-action - name: Build and push Docker image uses: depot/build-push-action@v1 with: project: vhwr5r7tw1 platforms: linux/amd64,linux/arm64 context: . file: Dockerfile push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} build-args: | FASTEN_ENV=${{ github.ref_name == 'sandbox' && 'sandbox' || 'prod' }}