forked from NewPipe-eV/website
Build Docker image with Kaniko
This eliminates the dependency on the host Docker daemon, thus allowing us to no longer mount it to the runner's workloads and thus securing everything.
This commit is contained in:
parent
d94d9cfc1f
commit
efefc01be6
1 changed files with 19 additions and 16 deletions
|
@ -1,4 +1,5 @@
|
|||
name: Build and publish Docker image
|
||||
|
||||
on:
|
||||
push:
|
||||
pull_request:
|
||||
|
@ -19,28 +20,30 @@ jobs:
|
|||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
|
||||
- name: Log in to registry
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: ${{ env.REGISTRY }}
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_PASSWORD }}
|
||||
|
||||
- name: Extract metadata (tags, labels) for Docker
|
||||
- name: Generate suitable tag for kaniko
|
||||
id: meta
|
||||
uses: docker/metadata-action@v5
|
||||
with:
|
||||
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
|
||||
|
||||
- name: Build and push Docker image
|
||||
uses: docker/build-push-action@v5
|
||||
- name: Extract tag for kaniko action
|
||||
id: tag
|
||||
env:
|
||||
TAG: ${{ steps.meta.outputs.tags[0] }}
|
||||
run: |
|
||||
echo "::set-output name=tag::${TAG##*:}"
|
||||
|
||||
|
||||
- name: Build Docker image with kaniko
|
||||
uses: https://code.thetadev.de/ThetaDev/action-kaniko@dbb8da86cf2d498dde8ec1b3be967ceda17a21ff
|
||||
with:
|
||||
context: .
|
||||
push: true
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
platforms: |
|
||||
linux/amd64
|
||||
image: ${{ env.IMAGE_NAME }}
|
||||
registry: ${{ env.REGISTRY }}
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_PASSWORD }}
|
||||
tag: ${{ steps.tag.outputs.tag }}
|
||||
platforms: linux/amd64
|
||||
tag_with_latest: ${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
|
||||
|
||||
- name: Trigger redeployment
|
||||
if: gitea.ref == 'refs/heads/main'
|
||||
|
|
Loading…
Reference in a new issue