Publish to container registry #5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish to container registry | |
| on: | |
| push: | |
| # Publish semver tags as releases. | |
| tags: [ 'v*.*.*' ] | |
| workflow_dispatch: | |
| env: | |
| REGISTRY: ghcr.io | |
| REGISTRY_URL: https://ghcr.io | |
| REGISTRY_USERNAME: ${{ github.actor }} | |
| REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| build: | |
| name: Build and publish | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - uses: actions/setup-java@v3 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '17' | |
| - name: Validate Gradle Wrapper | |
| uses: gradle/wrapper-validation-action@v1 | |
| # login to github packages | |
| # ref: https://docs.docker.com/build/ci/github-actions/push-multi-registries/ | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| #username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| # Extract metadata (tags, labels) from git reference and github events for Docker | |
| # https://github.com/docker/metadata-action | |
| - name: Extract Docker metadata | |
| id: meta | |
| uses: docker/[email protected] | |
| with: | |
| images: | | |
| ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=semver,pattern=v{{version}} | |
| type=edge | |
| - name: Debug | |
| run: echo ${{ steps.meta.outputs }} | |
| - name: Build and publish with Gradle Wrapper | |
| uses: gradle/[email protected] | |
| if: github.event_name != 'pull_request' | |
| env: | |
| BP_OCI_CREATED: ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }} | |
| BP_OCI_DESCRIPTION: ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.description'] }} | |
| BP_OCI_LICENSES: ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.licenses'] }} | |
| BP_OCI_REVISION: ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }} | |
| BP_OCI_SOURCE: ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.source'] }} | |
| BP_OCI_TITLE: ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.title'] }} | |
| BP_OCI_URL: ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.url'] }} | |
| BP_OCI_VERSION: ${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }} | |
| # Paketo Buildpack for Image Labels 4.5.2 | |
| BP_OCI_AUTHORS: "https://digital-strategy.ec.europa.eu/en/policies/electronic-identification" | |
| BP_OCI_REF_NAME: ${{ github.repository }} | |
| BP_OCI_VENDOR: "https://digital-strategy.ec.europa.eu/en/policies/electronic-identification" | |
| # run the JLink tool and install a minimal JRE for runtime, reducing both image size and attack surface | |
| BP_JVM_JLINK_ENABLED : "true" | |
| with: | |
| arguments: | | |
| build | |
| bootBuildImage | |
| --imageName=${{ fromJSON(steps.meta.outputs.json).tags[0] }} | |
| --publishImage | |
| --full-stacktrace |