Add invite email (#209) #74

Workflow file for this run

.github/workflows/staging-ghcr-public.yml at 72da582

	name: Publish to ghcr (staging)

	on:
	push:
	branches: ["v3"]

	env:
	REGISTRY_IMAGE: ghcr.io/sourcebot-dev/sourcebot

	jobs:
	build:
	runs-on: ${{ matrix.runs-on}}
	permissions:
	contents: read
	packages: write
	id-token: write
	strategy:
	matrix:
	platform: [linux/amd64, linux/arm64]
	include:
	- platform: linux/amd64
	runs-on: ubuntu-latest
	- platform: linux/arm64
	runs-on: ubuntu-24.04-arm

	steps:
	- name: Prepare
	run: \|
	platform=${{ matrix.platform }}
	echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV

	- name: Checkout repository
	uses: actions/checkout@v4
	with:
	submodules: "true"

	- name: Extract Docker metadata
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: ${{ env.REGISTRY_IMAGE }}
	tags: staging

	- name: Install cosign
	uses: sigstore/[email protected]
	with:
	cosign-release: "v2.2.4"

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Login to GitHub Packages Docker Registry
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Build Docker image
	id: build
	uses: docker/build-push-action@v6
	with:
	context: .
	labels: ${{ steps.meta.outputs.labels }}
	cache-from: \|
	type=gha,scope=${{ matrix.platform }}
	cache-to: \|
	type=gha,mode=max,scope=${{ matrix.platform }}
	platforms: ${{ matrix.platform }}
	outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true
	build-args: \|
	SOURCEBOT_VERSION=${{ github.ref_name }}
	POSTHOG_PAPIK=${{ secrets.STAGING_POSTHOG_PAPIK }}

	- name: Export digest
	run: \|
	mkdir -p /tmp/digests
	digest="${{ steps.build.outputs.digest }}"
	touch "/tmp/digests/${digest#sha256:}"

	- name: Upload digest
	uses: actions/upload-artifact@v4
	with:
	name: digests-${{ env.PLATFORM_PAIR }}
	path: /tmp/digests/*
	if-no-files-found: error
	retention-days: 1

	- name: Sign the published Docker image
	env:
	TAGS: ${{ steps.meta.outputs.tags }}
	DIGEST: ${{ steps.build.outputs.digest }}
	run: echo "${TAGS}" \| xargs -I {} cosign sign --yes {}@${DIGEST}

	merge:
	runs-on: ubuntu-latest
	permissions:
	packages: write
	needs:
	- build
	steps:
	- name: Download digests
	uses: actions/download-artifact@v4
	with:
	path: /tmp/digests
	pattern: digests-*
	merge-multiple: true

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Extract Docker metadata
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: ${{ env.REGISTRY_IMAGE }}
	tags: staging

	- name: Login to GitHub Packages Docker Registry
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Create manifest list and push
	working-directory: /tmp/digests
	run: \|
	docker buildx imagetools create $(jq -cr '.tags \| map("-t " + .) \| join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
	$(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)

	- name: Inspect image
	run: \|
	docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add invite email (#209) #74

Workflow file

Add invite email (#209) #74

Jobs

Run details

Workflow file for this run