name: 'Publish the DMS Container Image' on: workflow_call: inputs: cache-key: required: true type: string permissions: contents: read packages: write jobs: publish-images: name: 'Publish' runs-on: ubuntu-22.04 steps: - name: 'Checkout' uses: actions/checkout@v3 with: submodules: recursive - name: 'Prepare tags' id: prep uses: docker/metadata-action@v4.3.0 with: images: | ${{ secrets.DOCKER_REPOSITORY }} ${{ secrets.GHCR_REPOSITORY }} tags: | type=edge,branch=master type=semver,pattern={{major}} type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{major}}.{{minor}}.{{patch}} - name: 'Set up QEMU' uses: docker/setup-qemu-action@v2.1.0 with: platforms: arm64 - name: 'Set up Docker Buildx' uses: docker/setup-buildx-action@v2.4.1 # Try get the cached build layers from a prior `generic_build.yml` job. # NOTE: Until adopting `type=gha` scoped cache exporter (in `docker/build-push-action`), # only AMD64 image is expected to be cached, ARM images will build from scratch. - name: 'Retrieve image build from build cache' uses: actions/cache@v3 with: path: /tmp/.buildx-cache key: cache-buildx-${{ inputs.cache-key }} restore-keys: | cache-buildx- - name: 'Login to DockerHub' uses: docker/login-action@v2 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: 'Login to GitHub Container Registry' uses: docker/login-action@v2 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: 'Acquire the image version' id: get-version shell: bash run: echo "version=$(>"${GITHUB_OUTPUT}" - name: 'Build and publish images' uses: docker/build-push-action@v4.0.0 with: context: . build-args: | VCS_REVISION=${{ github.sha }} VCS_VERSION=${{ steps.get-version.outputs.version }} platforms: linux/amd64,linux/arm64 push: true tags: ${{ steps.prep.outputs.tags }} cache-from: type=local,src=/tmp/.buildx-cache # Disable provenance attestation: https://docs.docker.com/build/attestations/slsa-provenance/ provenance: false