Tags :latest and the commit SHA, authenticated with the built-in GITHUB_TOKEN via the packages:write permission. Making the package public is a one-time manual step in the package settings after the first push.
33 lines
970 B
YAML
33 lines
970 B
YAML
# Builds the Dockerfile and pushes the result to GHCR on every merge to
|
|
# main, tagged :latest (what the server pulls) and :<sha> (rollback to
|
|
# any exact commit without a release process). The GITHUB_TOKEN is
|
|
# enough to push packages; no extra secret needed, only the
|
|
# packages: write permission below.
|
|
name: Image
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
|
|
jobs:
|
|
image:
|
|
name: Build and push to ghcr.io
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: docker/setup-buildx-action@v3
|
|
- uses: docker/login-action@v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
- uses: docker/build-push-action@v6
|
|
with:
|
|
context: .
|
|
push: true
|
|
tags: |
|
|
ghcr.io/justinzeus/spreadlab:latest
|
|
ghcr.io/justinzeus/spreadlab:${{ github.sha }}
|