Docker #815
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker | |
| # This workflow uses actions that are not certified by GitHub. | |
| # They are provided by a third-party and are governed by | |
| # separate terms of service, privacy policy, and support | |
| # documentation. | |
| on: | |
| schedule: | |
| - cron: '41 9 * * *' # Ejecuta todos los días a las 9:41 UTC | |
| push: | |
| branches: [ "main" ] # Rama principal | |
| tags: [ 'v*.*.*' ] # Desencadena el flujo de trabajo en push de etiquetas que siguen el patrón semver | |
| pull_request: | |
| branches: [ "main" ] # Rama principal | |
| env: | |
| REGISTRY: ghcr.io # Registro de imágenes Docker | |
| IMAGE_NAME: ${{ github.repository }} # Nombre de la imagen basado en el repositorio | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest # Ejecuta una máquina virtual Ubuntu con la última versión disponible | |
| permissions: # Permisos | |
| contents: read # Leer el contenido del repositorio | |
| packages: write # Escribir en los paquetes | |
| id-token: write # Escribir en el token de identidad | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4.1.1 # Clona el repositorio | |
| - name: Install cosign | |
| if: github.event_name != 'pull_request' # Instala cosign solo si no es un pull request | |
| uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1 | |
| with: | |
| cosign-release: 'v2.1.1' | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 | |
| - name: Log into registry ${{ env.REGISTRY }} | |
| if: github.event_name != 'pull_request' # Inicia sesión en el registro de Docker solo si no es un pull request | |
| uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract Docker metadata | |
| id: meta # Asigna un ID al paso para su posterior referencia | |
| uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} # Especifica las imágenes Docker | |
| - name: Build and push Docker image | |
| id: build-and-push # Asigna un ID al paso para su posterior referencia | |
| uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 | |
| with: | |
| context: . # Especifica el contexto | |
| push: ${{ github.event_name != 'pull_request' }} # Indica si se debe realizar el push | |
| tags: ${{ steps.meta.outputs.tags }} # Especifica las etiquetas de la imagen | |
| labels: ${{ steps.meta.outputs.labels }} # Especifica las etiquetas de la imagen | |
| cache-from: type=gha # Especifica el tipo de caché | |
| cache-to: type=gha,mode=max # Especifica el tipo de caché en el que se guardará | |
| # - name: Sign the published Docker image | |
| # if: ${{ github.event_name != 'pull_request' }} | |
| # env: | |
| # TAGS: ${{ steps.meta.outputs.tags }} | |
| # DIGEST: ${{ steps.build-and-push.outputs.digest }} | |
| # run: | | |
| # for tag in ${TAGS}; do | |
| # cosign sign --yes "${tag}@${DIGEST}" | |
| # done | |