From 812c219d0ecea88958d0bd32958f1a3041e85ab4 Mon Sep 17 00:00:00 2001 From: Terence Tuhinanshu Date: Fri, 12 Jul 2024 12:14:24 -0400 Subject: [PATCH 1/4] Switch publishing to GHCR --- .github/workflows/release.yml | 71 ++++++++++++++++++++++------------- 1 file changed, 44 insertions(+), 27 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 300ade1..b3b29ac 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,35 +1,52 @@ name: release on: - push: - tags: "*" + push: + branches: [ tt/5/switch-to-ghcr ] -jobs: - release: - runs-on: ubuntu-latest - steps: - - name: Checkout repo - uses: actions/checkout@v4 +env: + REGISTRY: ghcr.io + IMAGE_NAME: taudem - - name: Set SHA_TAG - run: | - echo "SHA_TAG=`git rev-parse --short HEAD`" >> $GITHUB_ENV +jobs: + release: + runs-on: ubuntu-latest + + permissions: + contents: read + packages: write + attestations: write + id-token: write + + steps: + - name: Checkout repo + uses: actions/checkout@v4 - - name: Setup Docker Buildx - uses: docker/setup-buildx-action@v3 + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - - name: Login to Quay - uses: docker/login-action@v3 - with: - registry: quay.io - username: ${{ secrets.QUAY_USERNAME }} - password: ${{ secrets.QUAY_PASSWORD }} + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - - name: Build and push - uses: docker/build-push-action@v6 - with: - push: true - tags: | - quay.io/wikiwatershed/taudem:${SHA_TAG} - quay.io/wikiwatershed/taudem:${{ github.ref_name }} - quay.io/wikiwatershed/taudem:latest + - name: Build and push + id: push + uses: docker/build-push-action@v6 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v1 + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true From 8ed1703966783677b553a2e0099edc20d84d34d0 Mon Sep 17 00:00:00 2001 From: Terence Tuhinanshu Date: Fri, 12 Jul 2024 12:40:11 -0400 Subject: [PATCH 2/4] Fix image name --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b3b29ac..9bc95cd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -6,7 +6,7 @@ on: env: REGISTRY: ghcr.io - IMAGE_NAME: taudem + IMAGE_NAME: WikiWatershed/taudem jobs: release: From 13dae4bd4ca7bac6e04f3c8bf12182eca6377714 Mon Sep 17 00:00:00 2001 From: Terence Tuhinanshu Date: Fri, 12 Jul 2024 13:13:00 -0400 Subject: [PATCH 3/4] Add LABEL to make images public According to https://dev.to/willvelida/pushing-container-images-to-github-container-registry-with-github-actions-1m6b --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 9b1abfb..85684ab 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,5 @@ FROM ubuntu:16.04 +LABEL org.opencontainers.image.source="https://github.com/WikiWatershed/docker-taudem" MAINTAINER Azavea From d7137c0b2f6e5da0636260fd291931b214a65502 Mon Sep 17 00:00:00 2001 From: Terence Tuhinanshu Date: Fri, 12 Jul 2024 13:42:45 -0400 Subject: [PATCH 4/4] Switch to publishing only on tags --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9bc95cd..7164f3b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -2,7 +2,7 @@ name: release on: push: - branches: [ tt/5/switch-to-ghcr ] + tags: "*" env: REGISTRY: ghcr.io