# Builds the Dockerfile and pushes the result to GHCR on every merge to # main, tagged :latest (what the server pulls) and : (rollback to # any exact commit without a release process). The GITHUB_TOKEN is # enough to push packages; no extra secret needed, only the # packages: write permission below. name: Image on: push: branches: [main] jobs: image: name: Build and push to ghcr.io runs-on: ubuntu-latest permissions: contents: read packages: write steps: - uses: actions/checkout@v4 - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - uses: docker/build-push-action@v6 with: context: . push: true tags: | ghcr.io/justinzeus/spreadlab:latest ghcr.io/justinzeus/spreadlab:${{ github.sha }}