2766314e81
The SHA-pinned versions from the security hardening commit referenced non-existent commit hashes, causing the workflow to fail with 'unable to resolve action'. Switch to standard major version tags (v4, v3, v2, v6, v5) which are the recommended approach for GitHub-maintained and well-known actions. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
58 lines
1.6 KiB
YAML
58 lines
1.6 KiB
YAML
name: Release & Docker
|
|
|
|
on:
|
|
push:
|
|
tags:
|
|
- 'v*'
|
|
|
|
jobs:
|
|
release:
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: write # required: create GitHub Release
|
|
packages: write # required: push to ghcr.io
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
# Create GitHub Release from tag with auto-generated notes
|
|
- name: Create GitHub Release
|
|
uses: softprops/action-gh-release@v2
|
|
with:
|
|
generate_release_notes: true
|
|
|
|
# Set up multi-arch build (QEMU + Buildx)
|
|
- uses: docker/setup-qemu-action@v3
|
|
- uses: docker/setup-buildx-action@v3
|
|
|
|
# Log in to GitHub Container Registry
|
|
- name: Log in to GitHub Container Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
# Extract semver tags: e.g. v0.28 -> 0.28, latest
|
|
- name: Extract metadata
|
|
id: meta
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: ghcr.io/${{ github.repository }}
|
|
tags: |
|
|
type=semver,pattern={{version}}
|
|
type=semver,pattern={{major}}.{{minor}}
|
|
type=raw,value=latest,enable={{is_default_branch}}
|
|
|
|
# Build and push multi-arch image (amd64 + arm64)
|
|
- name: Build and push Docker image
|
|
uses: docker/build-push-action@v6
|
|
with:
|
|
context: .
|
|
platforms: linux/amd64,linux/arm64
|
|
push: true
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
labels: ${{ steps.meta.outputs.labels }}
|
|
cache-from: type=gha
|
|
cache-to: type=gha,mode=max
|