name: build on: workflow_dispatch: push: branches: - master - version-* # Run tests for any PRs pull_request: schedule: # Build the image regularly (each Friday) - cron: '23 04 * * 5' env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository_owner }}/nextcloud jobs: build: name: Build, push & sign runs-on: "ubuntu-latest" permissions: contents: read packages: write id-token: write steps: - name: Checkout code uses: actions/checkout@v2 - name: Extract version for tags run: | BRANCH="${GITHUB_REF#refs/heads/}" VERSION=$(grep -oP '(?<=NEXTCLOUD_VERSION=).*' Dockerfile) [ "$BRANCH" = "master" ] && echo "BRANCH_VERSION=latest" >> $GITHUB_ENV echo "FULL_VERSION=${VERSION:0:7}" >> $GITHUB_ENV echo "MAJOR_VERSION=${VERSION:0:2}" >> $GITHUB_ENV - name: Install cosign if: github.event_name != 'pull_request' uses: sigstore/cosign-installer@main with: cosign-release: 'v2.2.2' - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 - name: Login to registry if: github.event_name != 'pull_request' uses: docker/login-action@v1 with: registry: ${{ env.REGISTRY }} username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Set Docker metadata id: meta uses: docker/metadata-action@v3 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | ${{ env.BRANCH_VERSION }} ${{ env.FULL_VERSION }} ${{ env.MAJOR_VERSION }} - name: Build and push Docker image id: build-and-push uses: docker/build-push-action@v2 with: context: . push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - name: Sign the published Docker image if: ${{ github.event_name != 'pull_request' }} env: COSIGN_EXPERIMENTAL: "true" run: cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}