diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index d9d2908..aecf928 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -4,8 +4,6 @@ on: push: branches: ['main'] -# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and -# a name for the Docker image that this workflow builds. env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} @@ -14,7 +12,7 @@ jobs: build-and-push-image: runs-on: ubuntu-latest - # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job. + # Permissions granted to the `GITHUB_TOKEN` for the actions within this job. permissions: contents: read packages: write @@ -25,45 +23,38 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 - # Uses the `docker/login-action` action to log in to the Container registry registry using the account and - # password that will publish the packages. Once published, the packages are scoped to the account defined here. - - name: Log in to the Container registry - uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 with: - registry: ${{ env.REGISTRY }} - username: ${{ secrets.USERNAME }} - password: ${{ secrets.TOKEN }} + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - # This step uses https://github.com/docker/metadata-action#about to extract tags and labels that will be applied - # to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. - # The `images` value provides the base name for the tags and labels. - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. - # If the build succeeds, it pushes the image to GitHub Packages. It uses the `context` parameter to define the - # build's context as the set of files located in the specified path. For more information, see - # https://github.com/docker/build-push-action#usage in the README of the `docker/build-push-action` repository. - # It uses the `tags` and `labels` parameters to tag and label the image with the output of the "meta" step. - name: Build and push Docker image id: push - uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 + uses: docker/build-push-action@v6 with: context: . + platforms: linux/amd64,linux/arm64 push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - # This step generates an artifact attestation for the image, which is an unforgeable statement about where and - # how it was built. It increases supply chain security for people who consume the image. For more information, - # see: /actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds - name: Generate artifact attestation - uses: actions/attest-build-provenance@v1 + uses: actions/attest-build-provenance@v2 with: subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} subject-digest: ${{ steps.push.outputs.digest }} push-to-registry: true -