check usage of global docker image action #15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Create and publish a Docker image v1 | |
| on: | |
| push: | |
| tags: | |
| - '*' | |
| branches: ['master'] | |
| env: | |
| BRANCH_BUILD_TAGS: "latest" | |
| jobs: | |
| parse-docker-build-env: | |
| name: 'Parse Docker Build Environment' | |
| runs-on: ubuntu-latest | |
| outputs: | |
| buildTags: ${{ steps.detect-push-event.outputs.buildTags }} | |
| steps: | |
| - name: Check if push is a tag or branch | |
| id: detect-push-event | |
| run: | | |
| if [[ $GITHUB_REF == refs/tags/* ]]; then | |
| echo "This is a tag push (${GITHUB_REF#refs/tags/})" | |
| echo "Building docker tag: ${GITHUB_REF#refs/tags/}" | |
| echo "buildTags=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT | |
| elif [[ $GITHUB_REF == refs/heads/* ]]; then | |
| echo "This is a branch push (${GITHUB_REF#refs/heads/})" | |
| echo "Building docker tags: ${{ env.BRANCH_BUILD_TAGS }}" | |
| echo "buildTags=${{ env.BRANCH_BUILD_TAGS }}" >> $GITHUB_OUTPUT | |
| else | |
| echo "Unknown push type" | |
| exit 1 | |
| fi | |
| build-and-sign-dockerhub-image: | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| attestations: write | |
| runs-on: ubuntu-latest | |
| needs: parse-docker-build-env | |
| steps: | |
| - name: "Build and sign Docker images" | |
| uses: exo-actions/buildDockerImage-action@DEFINE_GLOBAL_ACTION | |
| with: | |
| dockerImage: "exoplatform/exo-community" | |
| dockerImageTag: ${{ needs.parse-docker-build-env.outputs.buildTags }} | |
| signImage: true | |
| cosignImage: true | |
| attestImage: true | |
| DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
| DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
| DOCKER_PRIVATE_KEY_ID: ${{ secrets.DOCKER_PRIVATE_KEY_ID }} | |
| DOCKER_PRIVATE_KEY: ${{ secrets.DOCKER_PRIVATE_KEY }} | |
| DOCKER_PRIVATE_KEY_PASSPHRASE: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }} | |
| COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | |
| COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} | |