11name : docker
22
3+ permissions : {}
4+
35on :
46 # Trigger without any parameters a proactive rebuild
57 workflow_dispatch : {}
@@ -19,16 +21,17 @@ jobs:
1921 name : build and push
2022 runs-on : Linux-22.04
2123 permissions :
24+ contents : read
2225 id-token : write
2326 packages : write
24- contents : read
2527 timeout-minutes : 120
2628 steps :
2729 - uses : actions/checkout@v5
28- - uses : dtolnay/rust-toolchain@stable
29- - uses : Swatinem/rust-cache@v2
3030 with :
31- cache-on-failure : true
31+ persist-credentials : false
32+ - uses : dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
33+ with :
34+ toolchain : stable
3235 - name : Install gcc aarch64
3336 id : aarch_64_setup
3437 run : |
3841 - name : Login into registry ${{ env.REGISTRY }}
3942 # Ensure this doesn't trigger on PR's
4043 if : github.event_name != 'pull_request'
41- uses : docker/login-action@v2
44+ uses : docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3
4245 with :
4346 registry : ${{ env.REGISTRY }}
4447 username : ${{ github.actor }}
4851 # https://github.com/docker/metadata-action
4952 - name : Extract Docker metadata
5053 id : meta
51- uses : docker/metadata-action@v4
54+ uses : docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5
5255 with :
5356 images : ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
5457
@@ -59,22 +62,22 @@ jobs:
5962 - name : Finalize Docker Metadata
6063 id : docker_tagging
6164 run : |
62- if [[ "${{ github.event_name }}" == ' schedule' ]]; then
63- echo "cron trigger, assigning nightly tag"
64- echo "docker_tags=${{ env.REGISTRY }}/ ${{ env.IMAGE_NAME }}:nightly, ${{ env.REGISTRY }}/ ${{ env.IMAGE_NAME }}:nightly-${ GITHUB_SHA} " >> $GITHUB_OUTPUT
65- elif [[ "${GITHUB_REF##*/}" == "main" ]] || [[ ${GITHUB_REF##*/} == "master" ]]; then
66- echo "manual trigger from master/main branch, assigning latest tag"
67- echo "docker_tags=${{ env.REGISTRY }}/ ${{ env.IMAGE_NAME }}: ${GITHUB_REF##*/}, ${{ env.REGISTRY }}/ ${{ env.IMAGE_NAME }}:latest " >> $GITHUB_OUTPUT
65+ if [[ "${{ github.event_name }}" == " schedule" ]]; then
66+ printf "cron trigger, assigning nightly tag\n "
67+ printf "docker_tags=%s/%s:nightly,%s/%s:nightly-%s\n" " ${{ env.REGISTRY }}" " ${{ env.IMAGE_NAME }}" " ${{ env.REGISTRY }}" " ${{ env.IMAGE_NAME }}" "$ GITHUB_SHA" >> " $GITHUB_OUTPUT"
68+ elif [[ "${GITHUB_REF##*/}" == "main" ]] || [[ " ${GITHUB_REF##*/}" == "master" ]]; then
69+ printf "manual trigger from master/main branch, assigning latest tag\n "
70+ printf "docker_tags=%s/%s:%s,%s/%s:latest\n" " ${{ env.REGISTRY }}" " ${{ env.IMAGE_NAME }}" " ${GITHUB_REF##*/}" " ${{ env.REGISTRY }}" " ${{ env.IMAGE_NAME }}" >> " $GITHUB_OUTPUT"
6871 else
69- echo "Neither scheduled nor manual release from main branch. Just tagging as branch name"
70- echo "docker_tags=${{ env.REGISTRY }}/ ${{ env.IMAGE_NAME }}: ${GITHUB_REF##*/}" >> $GITHUB_OUTPUT
72+ printf "Neither scheduled nor manual release from main branch. Just tagging as branch name\n "
73+ printf "docker_tags=%s/%s:%s\n" " ${{ env.REGISTRY }}" " ${{ env.IMAGE_NAME }}" " ${GITHUB_REF##*/}" >> " $GITHUB_OUTPUT"
7174 fi
7275
7376# Log docker metadata to explicitly know what is being pushed
7477 - name : Inspect Docker Metadata
7578 run : |
76- echo "TAGS -> ${{ steps.docker_tagging.outputs.docker_tags }}"
77- echo "LABELS -> ${{ steps.meta.outputs.labels }}"
79+ printf "TAGS -> %s\n" " ${{ steps.docker_tagging.outputs.docker_tags }}"
80+ printf "LABELS -> %s\n" " ${{ steps.meta.outputs.labels }}"
7881
7982name : Build and push foundry image
8083 run : make DOCKER_IMAGE_NAME=${{ steps.docker_tagging.outputs.docker_tags }} CARGO_TAG_NAME=${{ inputs.tag_name }} PROFILE=maxperf docker-build-push
0 commit comments