name: Docker on: push: pull_request: branches: [ master ] jobs: build: name: Build and push Docker image runs-on: ubuntu-latest env: IMAGE: ghcr.io/${{ github.repository }} permissions: packages: write contents: read steps: - name: Checkout the code uses: actions/checkout@v2 - name: Docker meta id: meta uses: docker/metadata-action@v3 with: images: "${{ env.IMAGE }}" bake-target: docker-metadata-action tags: | type=ref,event=branch type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{major}} type=sha - name: Docker meta (debug variant) id: meta-debug uses: docker/metadata-action@v3 with: images: "${{ env.IMAGE }}" bake-target: docker-metadata-action-debug tags: | type=ref,event=branch,suffix=-debug type=semver,pattern={{version}},suffix=-debug type=semver,pattern={{major}}.{{minor}},suffix=-debug type=semver,pattern={{major}},suffix=-debug type=sha,suffix=-debug - name: Merge buildx bake files run: | jq -s '.[0] * .[1]' ${{ steps.meta.outputs.bake-file }} ${{ steps.meta-debug.outputs.bake-file }} > docker-bake.override.json - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 with: config-inline: | [registry."docker.io"] mirrors = ["mirror.gcr.io"] - name: Login to GitHub Container Registry if: github.event_name != 'pull_request' uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} # For pull-requests, only read from the cache, do not try to push to the # cache or the image itself - name: Build uses: docker/bake-action@v1 if: github.event_name == 'pull_request' with: set: | base.cache-from=type=registry,ref=${{ env.IMAGE }}:buildcache - name: Build and push uses: docker/bake-action@v1 if: github.event_name != 'pull_request' with: set: | base.output=type=image,push=true base.cache-from=type=registry,ref=${{ env.IMAGE }}:buildcache base.cache-to=type=registry,ref=${{ env.IMAGE }}:buildcache,mode=max