name: Build and push Builder image on: push: branches: [ "main" ] paths: - "deployment/builder/Dockerfile" workflow_dispatch: {} jobs: build-and-push-builder: runs-on: ubuntu-latest steps: - name: Checkout source uses: actions/checkout@v4 - name: Compute image metadata id: meta env: REGISTRY: ${{ secrets.REGISTRY }} REGISTRY_IMAGE: ${{ secrets.REGISTRY_IMAGE_BUILDER }} run: | REPO_LC="${GITHUB_REPOSITORY,,}" REG="${REGISTRY:-docker.io}" IMAGE="${REGISTRY_IMAGE:-${REG}/${REPO_LC}-builder}" echo "registry=${REG}" >> "$GITHUB_OUTPUT" echo "image=${IMAGE}" >> "$GITHUB_OUTPUT" if [ "$GITHUB_REF_TYPE" = "tag" ]; then TAGS="${IMAGE}:${GITHUB_REF_NAME}" else SHA=$(git rev-parse --short HEAD) TAGS="${IMAGE}:${SHA},${IMAGE}:latest" fi echo "tags=${TAGS}" >> "$GITHUB_OUTPUT" - name: Log in to container registry (if credentials provided) env: REGISTRY: ${{ steps.meta.outputs.registry }} REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} run: | if [ -n "$REGISTRY_USERNAME" ] && [ -n "$REGISTRY_PASSWORD" ]; then echo "$REGISTRY_PASSWORD" | docker login "$REGISTRY" -u "$REGISTRY_USERNAME" --password-stdin else echo "No registry credentials provided; skipping login." fi - name: Build Docker image env: TAGS: ${{ steps.meta.outputs.tags }} run: | IFS=',' read -ra TAGS_ARR <<< "$TAGS" FIRST_TAG="${TAGS_ARR[0]}" docker build -f deployment/builder/Dockerfile -t "$FIRST_TAG" deployment/builder for TAG in "${TAGS_ARR[@]:1}"; do docker tag "$FIRST_TAG" "$TAG" done - name: Push Docker image (if logged in) env: TAGS: ${{ steps.meta.outputs.tags }} REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }} REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} run: | if [ -n "$REGISTRY_USERNAME" ] && [ -n "$REGISTRY_PASSWORD" ]; then IFS=',' read -ra TAGS_ARR <<< "$TAGS" for TAG in "${TAGS_ARR[@]}"; do docker push "$TAG" done else echo "No registry credentials provided; skipping push." fi