Skip to content
Docker

chore: add github action #4

Sign in to view logs

chore: add github action

chore: add github action #4

Workflow file for this run

.github/workflows/docker-publish.yml at 8848bdc
name: Docker
on:
push:
branches:
- main # 当 `main` 分支有 push 时触发
tags:
- 'v*.*.*' # 当有新的 tag 时触发
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
# This is used to complete the identity challenge
# with sigstore/fulcio when running outside of PRs.
id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
# 设置 Buildx 以支持多架构构建
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
# 登录 GitHub Container Registry
- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# 提取 Docker 镜像的元数据(标签、名称等)
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository_owner }}/${{ github.repository }}
tags: |
type=ref,event=branch # 对 `main` 分支,使用 `latest` 标签
type=sha # 对 `main` 分支,基于 commit 的 SHA 生成标签
type=ref,event=tag # 对于推送的 tag,使用 tag 作为镜像标签
# 构建并推送多架构 Docker 镜像
- name: Build and push Docker image
uses: docker/build-push-action@v6.9.0
with:
context: .
push: true # 在非 PR 的情况下推送镜像
platforms: linux/amd64,linux/arm64 # 指定多架构平台
tags: ${{ steps.meta.outputs.tags }} # 使用提取的标签
labels: ${{ steps.meta.outputs.labels }}
# 使用 cosign 签名发布的 Docker 镜像(非 PR 环境)
- name: Sign the published Docker image
if: ${{ github.event_name != 'pull_request' }}
env:
TAGS: ${{ steps.meta.outputs.tags }}
DIGEST: ${{ steps.build-and-push.outputs.digest }}
run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}