astro-open-source-quebec/.gitea/workflows/publish-container.yaml

name: Build, Secure, and Push Docker Image on Release

on:
  release:
    types: [published, prereleased]

permissions:
  id-token: write
  contents: read
  packages: write

jobs:
  build-and-push:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2

      - name: Log in to DockerHub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}

      - name: Determine Tag Type
        id: tag_type
        run: |
          if [[ "${{ github.event.release.prerelease }}" == "true" ]]; then
            echo "tag=dev" >> $GITHUB_ENV
          else
            echo "tag=latest" >> $GITHUB_ENV
          fi          

      - name: Build, push, and generate SBOM and provenance
        run: |
          docker buildx build \
            --provenance=true \
            --sbom=true \
            --push \
            -t docker.io/singatias/osq-website:${{ github.event.release.tag_name }} \
            -t docker.io/singatias/osq-website:${{ env.tag }} \
            .
added publish-container workflow 2024-12-27 02:10:22 -05:00			`name: Build, Secure, and Push Docker Image on Release`

			`on:`
			`release:`
			`types: [published, prereleased]`

			`permissions:`
			`id-token: write`
			`contents: read`
			`packages: write`

			`jobs:`
			`build-and-push:`
			`runs-on: ubuntu-latest`

			`steps:`
			`- name: Checkout code`
			`uses: actions/checkout@v3`

			`- name: Set up Docker Buildx`
			`uses: docker/setup-buildx-action@v2`

			`- name: Log in to DockerHub`
			`uses: docker/login-action@v2`
			`with:`
			`username: ${{ secrets.DOCKERHUB_USERNAME }}`
			`password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}`

			`- name: Determine Tag Type`
			`id: tag_type`
			`run: \|`
			`if [[ "${{ github.event.release.prerelease }}" == "true" ]]; then`
			`echo "tag=dev" >> $GITHUB_ENV`
			`else`
			`echo "tag=latest" >> $GITHUB_ENV`
			`fi`

			`- name: Build, push, and generate SBOM and provenance`
			`run: \|`
			`docker buildx build \`
			`--provenance=true \`
			`--sbom=true \`
			`--push \`
			`-t docker.io/singatias/osq-website:${{ github.event.release.tag_name }} \`
			`-t docker.io/singatias/osq-website:${{ env.tag }} \`
			`.`