Merge pull request #64 from ingenerator/mrdepp-2024-08-27-08-01-29 #383
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: [ push ] | |
env: | |
IMAGE_NAME: action-satis-builder | |
jobs: | |
build-image: | |
runs-on: ubuntu-latest | |
name: Build action image | |
permissions: | |
# This sets an explicit list of restrictive permissions for the GH_TOKEN that will be issued, it still doesn't | |
# guarantee that it's safe to use third-party actions (they'd still be able to do anything we're meant to do) | |
# but it at least restricts the privilege scope | |
contents: read | |
packages: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Install composer dependencies | |
uses: php-actions/composer@v2 | |
- name: Build image | |
run: docker build . --file Dockerfile --tag $IMAGE_NAME | |
- name: Test image | |
run: | | |
set -o errexit | |
set -o nounset | |
docker run \ | |
-v $PWD/test/workdir:/ghworkspace \ | |
-e CACHE_DIR='_my-cache' \ | |
-e GITHUB_TOKEN="${{ secrets.GITHUB_TOKEN }}" \ | |
-e GITHUB_WORKSPACE="/ghworkspace" \ | |
-w /ghworkspace \ | |
$IMAGE_NAME | |
php test/verify-built-repo.php | |
- name: Push image to GitHub Container Registry | |
run: | | |
set -o errexit | |
set -o nounset | |
# Login to Github registry | |
echo "${{ secrets.GITHUB_TOKEN }}" | docker login https://ghcr.io -u ${{ github.actor }} --password-stdin | |
IMAGE_ID=ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME | |
# Change all uppercase to lowercase | |
IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]') | |
# Strip git ref prefix from version | |
VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') | |
# Strip "v" prefix from tag name | |
[[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//') | |
echo IMAGE_ID=$IMAGE_ID | |
echo VERSION=$VERSION | |
docker tag $IMAGE_NAME $IMAGE_ID:$VERSION | |
docker push $IMAGE_ID:$VERSION |