diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 521b46f..1090ee2 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -14,6 +14,7 @@ on: env: # Hostname of your registry REGISTRY: docker.io + GH_REGISTRY: ghcr.io # Image repository, without hostname and tag IMAGE_NAME: alpine/used-for-docker-scout-score-check-only SHA: ${{ github.event.pull_request.head.sha || github.event.after }} @@ -25,23 +26,28 @@ jobs: pull-requests: write steps: - - name: Setup Docker buildx + # Checkout the repository + - name: Checkout code + uses: actions/checkout@v3 + + # Set up Docker Buildx (optional if you want to use Buildx features like multi-platform builds) + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - # Authenticate to the container registry - - name: Authenticate to registry ${{ env.REGISTRY }} + # Log in to GitHub Container Registry + - name: Log in to GitHub Container Registry ${{ env.GH_REGISTRY}} uses: docker/login-action@v3 with: - registry: ${{ env.REGISTRY }} - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} + registry: ${{ env.GH_REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} # Extract metadata (tags, labels) for Docker - name: Extract Docker metadata id: meta uses: docker/metadata-action@v5 with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + images: ${{ env.GH_REGISTRY }}/${{ env.IMAGE_NAME }} labels: | org.opencontainers.image.revision=${{ env.SHA }} tags: | @@ -49,21 +55,19 @@ jobs: type=semver,pattern=v{{version}} type=sha,prefix=,suffix=,format=short - # Build and push Docker image with Buildx - # (don't push on PR, load instead) - - name: Build and push Docker image + - name: Build and push GHCR image id: build-and-push uses: docker/build-push-action@v6 with: - platforms: linux/amd64,linux/arm/v7,linux/arm64/v8,linux/arm/v6,linux/ppc64le,linux/s390x,linux/386 - sbom: ${{ github.event_name != 'pull_request' }} - provenance: ${{ github.event_name != 'pull_request' }} - push: ${{ github.event_name != 'pull_request' }} - load: ${{ github.event_name == 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=gha - cache-to: type=gha,mode=max + platforms: linux/amd64,linux/arm64 + sbom: ${{ github.event_name != 'pull_request' }} + provenance: ${{ github.event_name != 'pull_request' }} + push: ${{ github.event_name != 'pull_request' }} + load: ${{ github.event_name == 'pull_request' }} + tags: ${{ env.GH_REGISTRY }}/${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max # - name: Checkout code # uses: actions/checkout@v2 @@ -83,7 +87,7 @@ jobs: export VERSION=($(docker run -i --rm ${{ steps.meta.outputs.tags }} version|awk '{print $NF}')) echo $VERSION ./crane auth login -u ${{ secrets.DOCKERHUB_USERNAME }} -p ${{ secrets.DOCKERHUB_TOKEN }} index.docker.io - ./crane copy ${{ steps.meta.outputs.tags }} ${{ env.IMAGE_NAME }}:latest - ./crane copy ${{ steps.meta.outputs.tags }} ${{ env.IMAGE_NAME }}:${VERSION} - ./crane copy ${{ steps.meta.outputs.tags }} ${{ env.IMAGE_NAME }}:v${VERSION} + ./crane copy ${{ env.GH_REGISTRY }}/${{ steps.meta.outputs.tags }} ${{ env.IMAGE_NAME }}:latest + ./crane copy ${{ env.GH_REGISTRY }}/${{ steps.meta.outputs.tags }} ${{ env.IMAGE_NAME }}:${VERSION} + ./crane copy ${{ env.GH_REGISTRY }}/${{ steps.meta.outputs.tags }} ${{ env.IMAGE_NAME }}:v${VERSION} rm -rf /home/runner/.docker/config.json diff --git a/.github/workflows/gh_build.yaml b/.github/workflows/gh_build.yaml.bak similarity index 100% rename from .github/workflows/gh_build.yaml rename to .github/workflows/gh_build.yaml.bak