0
Fork 0
mirror of https://github.com/verdaccio/verdaccio.git synced 2024-12-16 21:56:25 -05:00
verdaccio/.github/workflows/docker-publish.yml
Alex 17984fa31b
GitHub Workflows security hardening (#3470)
* build: harden docker-publish.yml permissions

Signed-off-by: Alex <aleksandrosansan@gmail.com>

* build: harden website.yml permissions

Signed-off-by: Alex <aleksandrosansan@gmail.com>

* build: harden changesets.yml permissions

Signed-off-by: Alex <aleksandrosansan@gmail.com>

* build: harden static-data.yml permissions

Signed-off-by: Alex <aleksandrosansan@gmail.com>

Signed-off-by: Alex <aleksandrosansan@gmail.com>
2022-11-12 07:42:01 +01:00

55 lines
1.6 KiB
YAML

name: Docker publish to docker.io
on:
push:
paths:
- .github/workflows/docker-publish.yml
- .github/workflows/docker-publish.yml
- 'packages/**'
- 'docker-bin/**'
- 'package.json'
- 'pnpm-*.yaml'
- 'Dockerfile'
- '.dockerignore'
branches:
- 'master'
tags:
- 'v*'
permissions:
contents: read # to fetch code (actions/checkout)
jobs:
docker:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3
- uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # tag=v1
- uses: docker/setup-buildx-action@v1
with:
driver-opts: network=host
- uses: docker/login-action@v1
name: Login Docker Hub
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Prepare docker image tags
id: docker_meta
uses: crazy-max/ghaction-docker-meta@v1
with:
images: ${{ github.repository }}
tag-custom: nightly-master
tag-custom-only: ${{ github.ref == 'refs/heads/master' }}
tag-semver: |
{{version}}
{{major}}
{{major}}.{{minor}}
- name: Build & Push
uses: docker/build-push-action@v2
with:
context: .
file: ./Dockerfile
platforms: linux/amd64
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.docker_meta.outputs.tags }}
labels: ${{ steps.docker_meta.outputs.labels }}