|
@@ -6,20 +6,15 @@ name: Docker
|
|
|
# documentation.
|
|
# documentation.
|
|
|
|
|
|
|
|
on:
|
|
on:
|
|
|
- schedule:
|
|
|
|
|
- - cron: '24 15 * * *'
|
|
|
|
|
push:
|
|
push:
|
|
|
- branches: [ "main" ]
|
|
|
|
|
# Publish semver tags as releases.
|
|
# Publish semver tags as releases.
|
|
|
tags: [ 'v*.*.*' ]
|
|
tags: [ 'v*.*.*' ]
|
|
|
- pull_request:
|
|
|
|
|
- branches: [ "main" ]
|
|
|
|
|
|
|
|
|
|
env:
|
|
env:
|
|
|
# Use docker.io for Docker Hub if empty
|
|
# Use docker.io for Docker Hub if empty
|
|
|
- REGISTRY: ghcr.io
|
|
|
|
|
|
|
+ REGISTRY: docker.io
|
|
|
# github.repository as <account>/<repo>
|
|
# github.repository as <account>/<repo>
|
|
|
- IMAGE_NAME: ${{ github.repository }}
|
|
|
|
|
|
|
+ IMAGE_NAME: byaidu/pdf2zh
|
|
|
|
|
|
|
|
|
|
|
|
|
jobs:
|
|
jobs:
|
|
@@ -39,11 +34,6 @@ jobs:
|
|
|
|
|
|
|
|
# Install the cosign tool except on PR
|
|
# Install the cosign tool except on PR
|
|
|
# https://github.com/sigstore/cosign-installer
|
|
# https://github.com/sigstore/cosign-installer
|
|
|
- - name: Install cosign
|
|
|
|
|
- if: github.event_name != 'pull_request'
|
|
|
|
|
- uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 #v3.5.0
|
|
|
|
|
- with:
|
|
|
|
|
- cosign-release: 'v2.2.4'
|
|
|
|
|
|
|
|
|
|
# Set up BuildKit Docker container builder to be able to build
|
|
# Set up BuildKit Docker container builder to be able to build
|
|
|
# multi-platform images and export cache
|
|
# multi-platform images and export cache
|
|
@@ -58,8 +48,8 @@ jobs:
|
|
|
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
|
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
|
|
with:
|
|
with:
|
|
|
registry: ${{ env.REGISTRY }}
|
|
registry: ${{ env.REGISTRY }}
|
|
|
- username: ${{ github.actor }}
|
|
|
|
|
- password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
|
|
|
+ username: ${{ secrets.DOCKER_USERNAME }}
|
|
|
|
|
+ password: ${{ secrets.DOCKER_PASSWORD }}
|
|
|
|
|
|
|
|
# Extract metadata (tags, labels) for Docker
|
|
# Extract metadata (tags, labels) for Docker
|
|
|
# https://github.com/docker/metadata-action
|
|
# https://github.com/docker/metadata-action
|
|
@@ -81,18 +71,3 @@ jobs:
|
|
|
labels: ${{ steps.meta.outputs.labels }}
|
|
labels: ${{ steps.meta.outputs.labels }}
|
|
|
cache-from: type=gha
|
|
cache-from: type=gha
|
|
|
cache-to: type=gha,mode=max
|
|
cache-to: type=gha,mode=max
|
|
|
-
|
|
|
|
|
- # Sign the resulting Docker image digest except on PRs.
|
|
|
|
|
- # This will only write to the public Rekor transparency log when the Docker
|
|
|
|
|
- # repository is public to avoid leaking data. If you would like to publish
|
|
|
|
|
- # transparency data even for private images, pass --force to cosign below.
|
|
|
|
|
- # https://github.com/sigstore/cosign
|
|
|
|
|
- - name: Sign the published Docker image
|
|
|
|
|
- if: ${{ github.event_name != 'pull_request' }}
|
|
|
|
|
- env:
|
|
|
|
|
- # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
|
|
|
|
|
- TAGS: ${{ steps.meta.outputs.tags }}
|
|
|
|
|
- DIGEST: ${{ steps.build-and-push.outputs.digest }}
|
|
|
|
|
- # This step uses the identity token to provision an ephemeral certificate
|
|
|
|
|
- # against the sigstore community Fulcio instance.
|
|
|
|
|
- run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
|
|
|
Byaidu