Merge branch 'release' into main #76
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright 2025 SAP SE | |
| # SPDX-License-Identifier: Apache-2.0 | |
| name: Build and Push Docker Images | |
| on: | |
| push: | |
| branches: | |
| - main | |
| env: | |
| REGISTRY: ghcr.io | |
| jobs: | |
| # Build and publish the core Cortex image. | |
| core: | |
| permissions: | |
| contents: read | |
| packages: write | |
| attestations: write | |
| id-token: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Docker Meta (Cortex) | |
| id: meta_cortex | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ github.repository }} | |
| tags: | | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=sha | |
| latest | |
| - name: Build and Push Cortex | |
| id: push_cortex | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: ${{ steps.meta_cortex.outputs.tags }} | |
| labels: ${{ steps.meta_cortex.outputs.labels }} | |
| build-args: | | |
| GIT_TAG=${{ github.ref_name }} | |
| GIT_COMMIT=${{ github.sha }} | |
| - name: Generate Artifact Attestation | |
| uses: actions/attest-build-provenance@v2 | |
| with: | |
| subject-name: ${{ env.REGISTRY }}/${{ github.repository }} | |
| subject-digest: ${{ steps.push_cortex.outputs.digest }} | |
| push-to-registry: true | |
| # Vernemq EULA requires us to build the image ourselves and not use the official image. | |
| # This workflow clones the official docker-vernemq repository and builds the image. | |
| # The image is then pushed to the GitHub Container Registry. | |
| vernemq: | |
| permissions: | |
| contents: read | |
| packages: write | |
| attestations: write | |
| id-token: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Configure the vernemq repository and its tag that should be pushed. | |
| - uses: actions/checkout@v4 | |
| with: | |
| repository: vernemq/docker-vernemq | |
| ref: 2.0.1 | |
| # Build and push the VerneMQ image. | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Docker Meta (VerneMQ) | |
| id: meta_vernemq | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ github.repository }}-vernemq | |
| tags: | | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=sha | |
| latest | |
| - name: Build and Push VerneMQ | |
| id: push_vernemq | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: ${{ steps.meta_vernemq.outputs.tags }} | |
| labels: ${{ steps.meta_vernemq.outputs.labels }} | |
| - name: Generate Artifact Attestation | |
| uses: actions/attest-build-provenance@v2 | |
| with: | |
| subject-name: ${{ env.REGISTRY }}/${{ github.repository }}-vernemq | |
| subject-digest: ${{ steps.push_vernemq.outputs.digest }} | |
| push-to-registry: true |