Iain Sproat
49 lines
1.7 KiB
YAML
49 lines
1.7 KiB
YAML
name: Build Docker Container
|
|
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
PUBLISH:
|
|
required: false
|
|
type: boolean
|
|
default: false
|
|
IMAGE_VERSION_TAG:
|
|
required: true
|
|
type: string
|
|
|
|
permissions: {} # purposefully empty by default at workflow level, explicitly overridden for specific jobs below
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-build-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
docker-build:
|
|
runs-on: blacksmith-4vcpu-ubuntu-2404
|
|
name: Build Docker image
|
|
permissions:
|
|
contents: read
|
|
packages: write # to be able to push images to ghcr.io. As permissions is static, it has to be granted even if PUBLISH is false
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
|
|
with:
|
|
fetch-depth: 0
|
|
persist-credentials: false
|
|
- name: Login to Helm Chart & Container Image Registry
|
|
if: ${{ inputs.PUBLISH == true }}
|
|
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.actor }}
|
|
password: ${{ github.token }}
|
|
- name: Setup Docker Builder
|
|
uses: useblacksmith/setup-docker-builder@affa10db466676f3dfb3e54caeb228ee0691510f
|
|
- name: Build and push
|
|
uses: useblacksmith/build-push-action@30c71162f16ea2c27c3e21523255d209b8b538c1
|
|
with:
|
|
push: ${{ inputs.PUBLISH }}
|
|
tags: ghcr.io/specklesystems/speckle-dui:${{ inputs.IMAGE_VERSION_TAG }}
|
|
file: ./deployment/docker/Dockerfile
|
|
network: host # to be able to connect to Tailscale and pull private base image during build
|
|
allow: network.host # to be able to connect to Tailscale and pull private base image during build
|