Add release workflows and create docker image (#13) #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Pre-release | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| env: | |
| REGISTRY: ghcr.io | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| jobs: | |
| create-pre-release: | |
| runs-on: ubuntu-latest | |
| name: Build and push Docker image and create a new GitHub pre-release | |
| permissions: | |
| id-token: write | |
| contents: write | |
| attestations: write | |
| packages: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: 21 | |
| distribution: temurin | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Set environment variables | |
| run: | | |
| echo VERSION=$(cat VERSION).$GITHUB_RUN_NUMBER >> $GITHUB_ENV | |
| echo IMAGE_NAME=$REGISTRY/$(echo ${GITHUB_REPOSITORY,,}) >> $GITHUB_ENV | |
| echo COMMITED_AT=$(git show -s --format=%cI `git rev-parse HEAD`) >> $GITHUB_ENV | |
| - name: Build zip distribution with gradle | |
| run: ./gradlew -Pversion='${{ env.VERSION }}' distZip | |
| - name: Collect Docker image metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.IMAGE_NAME }} | |
| labels: | | |
| org.opencontainers.image.created=${{ env.COMMITED_AT }} | |
| org.opencontainers.image.version=v${{ env.VERSION }} | |
| org.opencontainers.image.maintainer=GeoWerkstatt GmbH <[email protected]> | |
| flavor: | | |
| latest=false | |
| tags: | | |
| type=edge | |
| type=semver,pattern=v{{version}},value=${{ env.VERSION }} | |
| - name: Log in to the GitHub container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push Docker image | |
| id: push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| push: true | |
| build-args: | | |
| VERSION=${{ env.VERSION }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| sbom: true | |
| provenance: mode=max | |
| - name: Generate docker image attestation | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| subject-digest: ${{ steps.push.outputs.digest }} | |
| push-to-registry: true | |
| - name: Generate SBOM file | |
| uses: anchore/sbom-action@v0 | |
| with: | |
| image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:edge | |
| format: 'cyclonedx-json' | |
| output-file: 'sbom.cyclonedx.json' | |
| - name: Generate SBOM attestation | |
| uses: actions/attest-sbom@v1 | |
| with: | |
| subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| subject-digest: ${{ steps.push.outputs.digest }} | |
| sbom-path: 'sbom.cyclonedx.json' | |
| push-to-registry: true | |
| - name: Create GitHub pre-release | |
| run: gh release create "v${{ env.VERSION }}" --title "v${{ env.VERSION }}" --prerelease --target ${{ github.ref }} ./build/distributions/*.zip | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |