name: Docker image builds on: workflow_dispatch: push: branches: [ "main" ] tags: [ "v*" ] env: DOCKER_METADATA_SET_OUTPUT_ENV: "true" permissions: contents: read packages: write attestations: write id-token: write pull-requests: write jobs: build: runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 with: fetch-tags: true fetch-depth: 0 persist-credentials: false - name: Set up Homebrew uses: Homebrew/actions/setup-homebrew@master - name: Setup Homebrew cellar cache uses: actions/cache@v4 with: path: | /home/linuxbrew/.linuxbrew/Cellar /home/linuxbrew/.linuxbrew/bin /home/linuxbrew/.linuxbrew/etc /home/linuxbrew/.linuxbrew/include /home/linuxbrew/.linuxbrew/lib /home/linuxbrew/.linuxbrew/opt /home/linuxbrew/.linuxbrew/sbin /home/linuxbrew/.linuxbrew/share /home/linuxbrew/.linuxbrew/var key: ${{ runner.os }}-go-homebrew-cellar-${{ hashFiles('go.sum') }} restore-keys: | ${{ runner.os }}-go-homebrew-cellar- - name: Install Brew dependencies run: | brew bundle - name: Log into registry uses: docker/login-action@v3 with: registry: ghcr.io username: techarohq password: ${{ secrets.GITHUB_TOKEN }} - name: Docker meta id: meta uses: docker/metadata-action@v5 with: images: ghcr.io/techarohq/anubis - name: Build and push id: build run: | npm ci npm run container env: DOCKER_REPO: ghcr.io/techarohq/anubis SLOG_LEVEL: debug - name: Generate artifact attestation uses: actions/attest-build-provenance@v2 with: subject-name: ghcr.io/techarohq/anubis subject-digest: ${{ steps.build.outputs.digest }} push-to-registry: true