name: 'Publish the DMS Container Image' on: workflow_call: inputs: cache-key: required: true type: string permissions: contents: read packages: write jobs: publish-images: name: 'Publish' runs-on: ubuntu-22.04 steps: - name: 'Checkout' uses: actions/checkout@v4 with: submodules: recursive - name: 'Prepare tags' id: prep uses: docker/metadata-action@v5.5.1 with: images: | ${{ secrets.DOCKER_REPOSITORY }} ${{ secrets.GHCR_REPOSITORY }} tags: | type=edge,branch=master type=semver,pattern={{major}} type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{major}}.{{minor}}.{{patch}} - name: 'Set up QEMU' uses: docker/setup-qemu-action@v3.0.0 with: platforms: arm64 - name: 'Set up Docker Buildx' uses: docker/setup-buildx-action@v3.1.0 # Try get the cached build layers from a prior `generic_build.yml` job. # NOTE: Until adopting `type=gha` scoped cache exporter (in `docker/build-push-action`), # only AMD64 image is expected to be cached, ARM images will build from scratch. - name: 'Retrieve image build from build cache' uses: actions/cache@v4 with: path: /tmp/.buildx-cache key: cache-buildx-${{ inputs.cache-key }} restore-keys: | cache-buildx- - name: 'Login to DockerHub' uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: 'Login to GitHub Container Registry' uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: 'Build and publish images' uses: docker/build-push-action@v5.2.0 with: context: . build-args: | DMS_RELEASE=${{ github.ref_type == 'tag' && github.ref_name || 'edge' }} VCS_REVISION=${{ github.sha }} platforms: linux/amd64,linux/arm64 push: true tags: ${{ steps.prep.outputs.tags }} cache-from: type=local,src=/tmp/.buildx-cache # Disable provenance attestation: https://docs.docker.com/build/attestations/slsa-provenance/ provenance: false