From cf1d13d5bac78377dad905ae51cf31426e3aa87d Mon Sep 17 00:00:00 2001 From: Lachie Underhill Date: Fri, 23 Aug 2024 17:55:33 +1000 Subject: [PATCH] ci: combine publish and docker build into one workflow --- .github/workflows/build-publish-docker.yml | 51 ----------------- .../workflows/create-release-or-publish.yml | 55 +++++++++++++++++-- 2 files changed, 51 insertions(+), 55 deletions(-) delete mode 100644 .github/workflows/build-publish-docker.yml diff --git a/.github/workflows/build-publish-docker.yml b/.github/workflows/build-publish-docker.yml deleted file mode 100644 index 8b43e236..00000000 --- a/.github/workflows/build-publish-docker.yml +++ /dev/null @@ -1,51 +0,0 @@ -name: Build and Publish Docker Image - -on: - release: - types: - - published - -env: - REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }} - -jobs: - build-image: - runs-on: ubuntu-latest - - permissions: - contents: read - packages: write - attestations: write - id-token: write - - steps: - - uses: actions/checkout@v4 - - - name: Log in to the Container registry - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - - - name: Build and push Docker image - id: push - uses: docker/build-push-action@v6 - with: - context: . - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - - - name: Generate artifact attestation - uses: actions/attest-build-provenance@v1 - with: - subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} - subject-digest: ${{ steps.push.outputs.digest }} - push-to-registry: true diff --git a/.github/workflows/create-release-or-publish.yml b/.github/workflows/create-release-or-publish.yml index d58531aa..832c9d66 100644 --- a/.github/workflows/create-release-or-publish.yml +++ b/.github/workflows/create-release-or-publish.yml @@ -7,13 +7,17 @@ on: concurrency: ${{ github.workflow }}-${{ github.ref }} -permissions: - contents: write - pull-requests: write - jobs: create-release-or-publish: runs-on: ubuntu-latest + + outputs: + published: ${{ steps.changesets.outputs.published }} + + permissions: + contents: write + pull-requests: write + steps: - uses: actions/checkout@v4 - uses: pnpm/action-setup@v4 @@ -32,3 +36,46 @@ jobs: publish: pnpm changeset tag env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + build-publish-docker: + runs-on: ubuntu-latest + + needs: release + if: needs.release.outputs.published == 'true' + + permissions: + contents: read + packages: write + attestations: write + id-token: write + + steps: + - uses: actions/checkout@v4 + + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + - name: Build and push Docker image + id: push + uses: docker/build-push-action@v6 + with: + context: . + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v1 + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true