forked from NewPipe-eV/website
Build Docker image with Kaniko
This eliminates the dependency on the host Docker daemon, thus allowing us to no longer mount it to the runner's workloads and thus securing everything.
This commit is contained in:
parent
d94d9cfc1f
commit
efefc01be6
|
@ -1,4 +1,5 @@
|
||||||
name: Build and publish Docker image
|
name: Build and publish Docker image
|
||||||
|
|
||||||
on:
|
on:
|
||||||
push:
|
push:
|
||||||
pull_request:
|
pull_request:
|
||||||
|
@ -19,28 +20,30 @@ jobs:
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
|
|
||||||
- name: Log in to registry
|
- name: Generate suitable tag for kaniko
|
||||||
uses: docker/login-action@v3
|
|
||||||
with:
|
|
||||||
registry: ${{ env.REGISTRY }}
|
|
||||||
username: ${{ secrets.DOCKER_USERNAME }}
|
|
||||||
password: ${{ secrets.DOCKER_PASSWORD }}
|
|
||||||
|
|
||||||
- name: Extract metadata (tags, labels) for Docker
|
|
||||||
id: meta
|
id: meta
|
||||||
uses: docker/metadata-action@v5
|
uses: docker/metadata-action@v5
|
||||||
with:
|
with:
|
||||||
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
|
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
|
||||||
|
|
||||||
- name: Build and push Docker image
|
- name: Extract tag for kaniko action
|
||||||
uses: docker/build-push-action@v5
|
id: tag
|
||||||
|
env:
|
||||||
|
TAG: ${{ steps.meta.outputs.tags[0] }}
|
||||||
|
run: |
|
||||||
|
echo "::set-output name=tag::${TAG##*:}"
|
||||||
|
|
||||||
|
|
||||||
|
- name: Build Docker image with kaniko
|
||||||
|
uses: https://code.thetadev.de/ThetaDev/action-kaniko@dbb8da86cf2d498dde8ec1b3be967ceda17a21ff
|
||||||
with:
|
with:
|
||||||
context: .
|
image: ${{ env.IMAGE_NAME }}
|
||||||
push: true
|
registry: ${{ env.REGISTRY }}
|
||||||
tags: ${{ steps.meta.outputs.tags }}
|
username: ${{ secrets.DOCKER_USERNAME }}
|
||||||
labels: ${{ steps.meta.outputs.labels }}
|
password: ${{ secrets.DOCKER_PASSWORD }}
|
||||||
platforms: |
|
tag: ${{ steps.tag.outputs.tag }}
|
||||||
linux/amd64
|
platforms: linux/amd64
|
||||||
|
tag_with_latest: ${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
|
||||||
|
|
||||||
- name: Trigger redeployment
|
- name: Trigger redeployment
|
||||||
if: gitea.ref == 'refs/heads/main'
|
if: gitea.ref == 'refs/heads/main'
|
||||||
|
|
Loading…
Reference in New Issue