name: Build Docker Image on: workflow_dispatch: repository_dispatch: types: [tag-created] pull_request: types: [opened, reopened, synchronize] push: tags: - 'v*' branches: - '*' # Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds. env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} # There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu. jobs: build-and-push-image: runs-on: - ubuntu-latest # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job. permissions: contents: read packages: write attestations: write id-token: write # steps: - name: Set TAG_REF and TAG_NAME id: tags run: | # Standardmäßig Werte aus dem Event nehmen TAG_REF="${GITHUB_REF}" TAG_NAME="" # repository_dispatch: Tag kommt aus Payload if [ "${{ github.event_name }}" = "repository_dispatch" ] && [ -n "${{ github.event.client_payload.tag }}" ]; then TAG_NAME="${{ github.event.client_payload.tag }}" TAG_REF="refs/tags/${TAG_NAME}" elif [[ "${GITHUB_REF}" == refs/tags/* ]]; then TAG_NAME="${GITHUB_REF#refs/tags/}" fi echo "TAG_REF=$TAG_REF" >> $GITHUB_ENV echo "TAG_NAME=$TAG_NAME" >> $GITHUB_ENV - name: Checkout repository uses: actions/checkout@v5 with: # Checke explizit den Tag aus, falls vorhanden, sonst Standardverhalten ref: ${{ env.TAG_NAME != '' && env.TAG_NAME || '' }} # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here. - name: Log in to the Container registry uses: docker/login-action@28fdb31ff34708d19615a74d67103ddc2ea9725c with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels. - name: Extract metadata (tags, labels) for Docker id: meta uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} context: git tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}}.{{patch}} type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{major}} # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages. # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository. # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step. - name: Build and push Docker image id: push uses: docker/build-push-action@9e436ba9f2d7bcd1d038c8e55d039d37896ddc5d with: context: . push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see "[AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)." # - name: Generate artifact attestation # uses: actions/attest-build-provenance@v2 # with: # subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} # subject-digest: ${{ steps.push.outputs.digest }} # push-to-registry: true