Merge pull request #314 from nerdalert/git-local #159
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish container images | |
on: | |
push: | |
branches: | |
- main | |
- release-1.0 | |
tags: | |
- v* | |
env: | |
GHCR_REGISTRY: ghcr.io | |
GHCR_UI_IMAGE_NAME: ${{ github.repository }}/ui | |
QUAY_REGISTRY: quay.io | |
QUAY_UI_IMAGE_NAME: instructlab-ui/ui | |
GHCR_PATHSERVICE_IMAGE_NAME: ${{ github.repository }}/pathservice | |
QUAY_PATHSERVICE_IMAGE_NAME: instructlab-ui/pathservice | |
jobs: | |
build_and_publish_ui_image: | |
name: Push UI container image to GHCR and QUAY | |
runs-on: ubuntu-latest | |
environment: registry-creds | |
permissions: | |
packages: write | |
contents: read | |
attestations: write | |
id-token: write | |
steps: | |
- name: Check out the repo | |
uses: actions/checkout@v4 | |
- name: Log in to the GHCR container image registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.GHCR_REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Log in to the Quay container image registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.QUAY_REGISTRY }} | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_TOKEN }} | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Cache Docker layers | |
uses: actions/cache@v4 | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-buildx-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-buildx- | |
- name: Extract metadata (tags, labels) for UI image | |
id: ghcr_ui_meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_UI_IMAGE_NAME }} | |
- name: Extract metadata (tags, labels) for UI image | |
id: quay_ui_meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_UI_IMAGE_NAME }} | |
- name: Build and push ui image to ghcr.io | |
id: push-ui-ghcr | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
push: true | |
tags: ${{ steps.ghcr_ui_meta.outputs.tags }} | |
labels: ${{ steps.ghcr_ui_meta.outputs.labels }} | |
platforms: linux/amd64,linux/arm64 | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
file: Containerfile | |
- name: Generate artifact attestation | |
uses: actions/attest-build-provenance@v1 | |
with: | |
subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_UI_IMAGE_NAME}} | |
subject-digest: ${{ steps.push-ui-ghcr.outputs.digest }} | |
push-to-registry: true | |
- name: Build and push ui image to quay.io | |
id: push-ui-quay | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
push: true | |
tags: ${{ steps.quay_ui_meta.outputs.tags }} | |
labels: ${{ steps.quay_ui_meta.outputs.labels }} | |
platforms: linux/amd64,linux/arm64 | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
file: Containerfile | |
build_and_publish_pathservice_image: | |
name: Push pathservice container image to GHCR and QUAY | |
runs-on: ubuntu-latest | |
environment: registry-creds | |
permissions: | |
packages: write | |
contents: read | |
attestations: write | |
id-token: write | |
steps: | |
- name: Check out the repo | |
uses: actions/checkout@v4 | |
- name: Log in to the GHCR container image registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.GHCR_REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Log in to the Quay container image registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.QUAY_REGISTRY }} | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_TOKEN }} | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Cache Docker layers | |
uses: actions/cache@v4 | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-buildx-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-buildx- | |
- name: Extract metadata (tags, labels) for pathservice image | |
id: ghcr_ps_meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_PATHSERVICE_IMAGE_NAME }} | |
- name: Extract metadata (tags, labels) for pathservice image | |
id: quay_ps_meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_PATHSERVICE_IMAGE_NAME }} | |
- name: Build and push pathservice image to ghcr.io | |
id: push-ps-ghcr | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
push: true | |
tags: ${{ steps.ghcr_ps_meta.outputs.tags }} | |
labels: ${{ steps.ghcr_ps_meta.outputs.labels }} | |
platforms: linux/amd64,linux/arm64 | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
file: Containerfile.ps | |
- name: Generate artifact attestation | |
uses: actions/attest-build-provenance@v1 | |
with: | |
subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_PATHSERVICE_IMAGE_NAME}} | |
subject-digest: ${{ steps.push-ps-ghcr.outputs.digest }} | |
push-to-registry: true | |
- name: Build and push ui image to quay.io | |
id: push-ui-quay | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
push: true | |
tags: ${{ steps.quay_ps_meta.outputs.tags }} | |
labels: ${{ steps.quay_ps_meta.outputs.labels }} | |
platforms: linux/amd64,linux/arm64 | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
file: Containerfile.ps |