forked from mirrors/kingfisher
89 lines
2.9 KiB
YAML
89 lines
2.9 KiB
YAML
# .github/workflows/release-docker.yml
|
|
name: Publish Docker image
|
|
|
|
###############################################################################
|
|
# Triggers
|
|
###############################################################################
|
|
on:
|
|
# Called automatically by the release workflow after a successful build
|
|
workflow_call:
|
|
inputs:
|
|
tag:
|
|
description: "Tag to push (e.g. v1.2.3)"
|
|
required: true
|
|
type: string
|
|
|
|
# Manual: "Run workflow" button or `gh workflow run`
|
|
workflow_dispatch:
|
|
inputs:
|
|
tag:
|
|
description: "Tag to push (leave blank → latest release)"
|
|
required: false
|
|
type: string
|
|
|
|
###############################################################################
|
|
permissions:
|
|
contents: read # needed for checkout
|
|
|
|
###############################################################################
|
|
jobs:
|
|
build-and-push:
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
packages: write # push to ghcr.io
|
|
|
|
steps:
|
|
# -----------------------------------------------------------------------
|
|
# Decide which tag we're going to publish
|
|
# -----------------------------------------------------------------------
|
|
- name: Determine tag
|
|
id: tag
|
|
shell: bash
|
|
env:
|
|
# workflow_call passes tag here; workflow_dispatch may or may not
|
|
CALL_TAG: ${{ inputs.tag }}
|
|
GH_TOKEN: ${{ github.token }}
|
|
run: |
|
|
set -euo pipefail
|
|
if [[ -n "${CALL_TAG}" ]]; then
|
|
RAW_TAG="${CALL_TAG}"
|
|
else
|
|
# workflow_dispatch without a tag → query latest release
|
|
RAW_TAG=$(gh release view --repo "${{ github.repository }}" --json tagName --jq .tagName)
|
|
fi
|
|
|
|
if [[ ! "${RAW_TAG}" =~ ^v[0-9A-Za-z._+-]+$ ]]; then
|
|
echo "Invalid tag format: ${RAW_TAG}" >&2
|
|
exit 1
|
|
fi
|
|
|
|
# Strip a leading "v" so v1.2.3 → 1.2.3
|
|
TAG=${RAW_TAG#v}
|
|
echo "Selected tag: ${TAG}"
|
|
echo "tag=${TAG}" >> "${GITHUB_OUTPUT}"
|
|
|
|
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
|
|
with:
|
|
ref: v${{ steps.tag.outputs.tag }}
|
|
|
|
# -----------------------------------------------------------------------
|
|
# Build & push
|
|
# -----------------------------------------------------------------------
|
|
- uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
|
|
|
|
- uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0
|
|
with:
|
|
context: .
|
|
file: docker/Dockerfile
|
|
platforms: linux/amd64,linux/arm64
|
|
push: true
|
|
tags: |
|
|
ghcr.io/mongodb/kingfisher:latest
|
|
ghcr.io/mongodb/kingfisher:${{ steps.tag.outputs.tag }}
|