docker-mailserver/.github/workflows/generic_publish.yml

name: 'Publish the DMS Container Image'

on:
  workflow_call:
    inputs:
      cache-key:
        required: true
        type: string

permissions:
  contents: read
  packages: write

jobs:
  publish-images:
    name: 'Publish'
    runs-on: ubuntu-22.04
    steps:
      - name: 'Checkout'
        uses: actions/checkout@v4
        with:
          submodules: recursive

      - name: 'Prepare tags'
        id: prep
        uses: docker/metadata-action@v5.5.1
        with:
          images: |
            ${{ secrets.DOCKER_REPOSITORY }}
            ${{ secrets.GHCR_REPOSITORY }}            
          tags: |
            type=edge,branch=master
            type=semver,pattern={{major}}
            type=semver,pattern={{major}}.{{minor}}
            type=semver,pattern={{major}}.{{minor}}.{{patch}}            

      - name: 'Set up QEMU'
        uses: docker/setup-qemu-action@v3.0.0
        with:
          platforms: arm64

      - name: 'Set up Docker Buildx'
        uses: docker/setup-buildx-action@v3.2.0

      # Try get the cached build layers from a prior `generic_build.yml` job.
      # NOTE: Until adopting `type=gha` scoped cache exporter (in `docker/build-push-action`),
      # only AMD64 image is expected to be cached, ARM images will build from scratch.
      - name: 'Retrieve image build from build cache'
        uses: actions/cache@v4
        with:
          path: /tmp/.buildx-cache
          key: cache-buildx-${{ inputs.cache-key }}
          restore-keys: |
            cache-buildx-            

      - name: 'Login to DockerHub'
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

      - name: 'Login to GitHub Container Registry'
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: 'Build and publish images'
        uses: docker/build-push-action@v5.3.0
        with:
          context: .
          build-args: |
            DMS_RELEASE=${{ github.ref_type == 'tag' && github.ref_name || 'edge' }}
            VCS_REVISION=${{ github.sha }}            
          platforms: linux/amd64,linux/arm64
          push: true
          tags: ${{ steps.prep.outputs.tags }}
          cache-from: type=local,src=/tmp/.buildx-cache
          # Disable provenance attestation: https://docs.docker.com/build/attestations/slsa-provenance/
          provenance: false