1.6 KiB · text 5af55d9
name: build
on:
push:
branches: [master]
# tags: ['v*']
jobs:
build:
runs-on: self-hosted
steps:
- uses: actions/checkout@v4
- uses: docker/setup-buildx-action@v3
# Forge-managed registry auth: the per-job token (github.token) is
# accepted by /v2/token and authorized to push this repo's own
# image — no stored creds. The username is ignored by the token
# endpoint but login-action requires it to be non-empty.
- uses: docker/login-action@v3
with:
registry: ${{ vars.CI_REGISTRY }}
username: gitgud-actions
password: ${{ github.token }}
# Push to the job's OWN repo path (<registry>/<owner>/<repo>); the
# per-job token only grants push there. metadata-action reads repo +
# commit metadata from the forge's /api/v1 REST API (Api.V1.RepositoryController).
- uses: docker/metadata-action@v5
id: meta
with:
images: ${{ vars.CI_REGISTRY }}/${{ github.repository }}
tags: |
type=sha,format=long
type=ref,event=branch
type=raw,value=latest,enable={{is_default_branch}}
- uses: docker/build-push-action@v6
with:
context: .
file: ./Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=registry,ref=${{ vars.CI_REGISTRY }}/${{ github.repository }}:buildcache
cache-to: type=registry,ref=${{ vars.CI_REGISTRY }}/${{ github.repository }}:buildcache,mode=max