name: Push to main on: workflow_dispatch: {} push: branches: - main permissions: contents: read packages: write attestations: write id-token: write jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up Go uses: actions/setup-go@v5 with: go-version: 1.24.x - name: Build run: ./build.sh test: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Set up Go uses: actions/setup-go@v5 with: go-version: 1.24.x - name: Test run: go test -v -coverprofile coverage.out -covermode atomic ./... - name: Publish coverage uses: codecov/codecov-action@v5 with: token: ${{ secrets.CODECOV_TOKEN }} publish-docker-hub: needs: - build - test runs-on: ubuntu-latest steps: # - uses: actions/checkout@v4 # - name: Publish to Docker Hub # uses: jerray/publish-docker-action@87d84711629b0dc9f6bb127b568413cc92a2088e #master@2022-10-14 # with: # username: ${{ secrets.DOCKERHUB_USERNAME }} # password: ${{ secrets.DOCKERHUB_TOKEN }} # file: dockerfiles/Dockerfile.self-contained # repository: beatkind/watchtower # tags: latest-dev - name: Check out the repo uses: actions/checkout@v4 - name: Log in to Docker Hub uses: docker/login-action@6d4b68b490aef8836e8fb5e50ee7b3bdfa5894f0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Extract metadata (tags, labels) for Docker id: meta uses: docker/metadata-action@418e4b98bf2841bd337d0b24fe63cb36dc8afa55 with: images: beatkind/watchtower labels: | org.opencontainers.image.created={{date 'YYYY-MM-DDTHH:mm:ss.SSS[Z]'}} org.opencontainers.image.authors=${{github.actor}} org.opencontainers.image.source=${{github.repository}} org.opencontainers.image.documentation=https://watchtower.devcdn.net org.opencontainers.image.version=latest-dev org.opencontainers.image.revision=${{github.sha}} org.opencontainers.image.vendor=beatkind org.opencontainers.image.licenses=Apache-2.0 tags: | type=raw,value=latest-dev - name: Build and push Docker image id: push uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 with: context: . file: dockerfiles/Dockerfile.self-contained push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - name: Generate artifact attestation uses: actions/attest-build-provenance@v2 with: subject-name: index.docker.io/beatkind/watchtower subject-digest: ${{ steps.push.outputs.digest }} push-to-registry: false publish-github: needs: - build - test env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v4 - name: Log in to the Container registry uses: docker/login-action@6d4b68b490aef8836e8fb5e50ee7b3bdfa5894f0 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Extract metadata (tags, labels) for Docker id: meta uses: docker/metadata-action@418e4b98bf2841bd337d0b24fe63cb36dc8afa55 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} labels: | org.opencontainers.image.created={{date 'YYYY-MM-DDTHH:mm:ss.SSS[Z]'}} org.opencontainers.image.authors=${{github.actor}} org.opencontainers.image.source=${{github.repository}} org.opencontainers.image.documentation=https://watchtower.devcdn.net org.opencontainers.image.version=latest-dev org.opencontainers.image.revision=${{github.sha}} org.opencontainers.image.vendor=beatkind org.opencontainers.image.licenses=Apache-2.0 tags: | type=raw,value=latest-dev - name: Build and push Docker image id: push uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 with: context: . file: dockerfiles/Dockerfile.self-contained push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - name: Generate artifact attestation uses: actions/attest-build-provenance@v2 with: subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} subject-digest: ${{ steps.push.outputs.digest }} push-to-registry: false