.github/workflows/docker-publish.yml #104
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| push: | |
| branches: | |
| - main | |
| - develop | |
| - feature/* | |
| pull_request: | |
| branches: [ "main" ] | |
| schedule: | |
| - cron: '34 20 * * *' | |
| env: | |
| REGISTRY: ghcr.io | |
| jobs: | |
| lint-and-test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Step 1: Checkout repository | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| # Step 2: Set execute permissions for mvnw | |
| - name: Set execute permissions for mvnw | |
| run: chmod +x ./mvnw | |
| # Step 3: Set up JDK for linting and testing | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| # Step 4: Cache Maven dependencies | |
| - name: Cache Maven dependencies | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-maven | |
| # Step 5: Lint the code | |
| - name: Lint code with Checkstyle | |
| run: ./mvnw checkstyle:check | |
| # Step 6: Run unit tests | |
| - name: Run unit tests | |
| run: ./mvnw test | |
| build: | |
| needs: lint-and-test | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| steps: | |
| # Step 1: Checkout repository | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| # Step 2: Set execute permissions for mvnw | |
| - name: Set execute permissions for mvnw | |
| run: chmod +x ./mvnw | |
| # Step 3: Compute lowercase repository name | |
| - name: Compute lowercase repository name | |
| id: lowercase | |
| run: echo "IMAGE_NAME=$(echo '${{ github.repository }}' | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV | |
| # Step 4: Install cosign for signing images | |
| - name: Install cosign | |
| if: github.event_name != 'pull_request' | |
| uses: sigstore/[email protected] | |
| with: | |
| cosign-release: 'v2.2.4' | |
| # Step 5: Set up Docker Buildx | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| # Step 6: Log into Docker registry | |
| - name: Log into registry ${{ env.REGISTRY }} | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| # Step 7: Extract Docker metadata | |
| - name: Extract Docker metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| # Step 8: Build and push Docker image | |
| - name: Build and push Docker image | |
| id: build-and-push | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| platforms: linux/amd64,linux/arm64 | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: | | |
| ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest | |
| ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| # Step 9: Run tests on the Docker image | |
| - name: Run tests on the Docker image | |
| run: | | |
| docker run --rm ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest /bin/sh -c "echo 'Running tests...'" | |
| # Step 10: Sign the published Docker image | |
| - name: Sign the published Docker image | |
| if: ${{ github.event_name != 'pull_request' }} | |
| env: | |
| TAGS: ${{ steps.meta.outputs.tags }} | |
| DIGEST: ${{ steps.build-and-push.outputs.digest }} | |
| run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} |