name: Docker image builds on: workflow_dispatch: push: branches: ["main"] tags: ["v*"] env: DOCKER_METADATA_SET_OUTPUT_ENV: "true" permissions: contents: read packages: write attestations: write id-token: write pull-requests: write jobs: build: runs-on: node-16 steps: - name: Checkout code uses: http://github.com/actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-tags: true fetch-depth: 0 persist-credentials: false - name: build essential run: | apt-get update apt-get install -y build-essential apt-get install -y jq - name: Set lowercase image name run: | echo "IMAGE=git.sad.ovh/${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV - uses: http://github.com/actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 with: node-version: "24.11.0" - uses: http://github.com/actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 with: go-version: "1.24.2" # this is the version in go.mod cache: false - uses: http://github.com/ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9 - name: Log into registry uses: http://github.com/docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: git.sad.ovh username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Docker meta id: meta uses: http://github.com/docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 with: images: ${{ env.IMAGE }} - name: Build and push id: build run: | npm ci npm run container env: DOCKER_REPO: ${{ env.IMAGE }} SLOG_LEVEL: debug - name: Generate artifact attestation uses: http://github.com/actions/attest-build-provenance@00014ed6ed5efc5b1ab7f7f34a39eb55d41aa4f8 # v3.1.0 with: subject-name: ${{ env.IMAGE }} subject-digest: ${{ steps.build.outputs.digest }} push-to-registry: true