From 9c6e9fef46a7de1b190edea4766c141c3db1f6c0 Mon Sep 17 00:00:00 2001 From: Junlin Zhou Date: Tue, 29 Oct 2024 11:21:39 +0800 Subject: [PATCH] build: push to github packages instead of docker --- .github/workflows/publish-image.yml | 33 +++++++++++++++++------------ 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/.github/workflows/publish-image.yml b/.github/workflows/publish-image.yml index 8552c07..344ccb4 100644 --- a/.github/workflows/publish-image.yml +++ b/.github/workflows/publish-image.yml @@ -6,24 +6,32 @@ on: - v** workflow_dispatch: # Allows to trigger the workflow manually in GitHub UI +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + jobs: build-and-push-image: runs-on: ubuntu-latest permissions: contents: read + packages: write + attestations: write + id-token: write steps: - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + - name: Checkout repository + uses: actions/checkout@v4 - name: Log in to the Container registry uses: docker/login-action@v3.3.0 with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Extract metadata (tags, labels) for Docker id: meta uses: docker/metadata-action@v5.5.1 with: - images: tablegpt/ipy-kernel + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} # semver has default priority 900, sha has default priority 100 # ref has default priority 600 # see @@ -33,18 +41,15 @@ jobs: type=semver,pattern={{version}} type=sha,priority=850,prefix= - name: Build and push Docker image + id: push uses: docker/build-push-action@v6.9.0 with: push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - # dockerhub-description requires checkout - - uses: actions/checkout@v4 - - name: TableGPT Kernel Docker Hub Description - uses: peter-evans/dockerhub-description@v4 + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v1 with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - repository: tablegpt/ipy-kernel - short-description: TableGPT Ipython Kernel - readme-filepath: ./README.md + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true