# This workflow uses actions that are not certified by GitHub. # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. # GitHub recommends pinning actions to a commit SHA. # To get a newer version, you will need to update the SHA. # You can also reference a tag or branch, but the action may change without warning. name: Publish Docker images on: release: types: [published] jobs: push_to_registry: name: Push Docker image to Docker Hub runs-on: ubuntu-latest strategy: matrix: repos: - image: streetwriters/notesnook-sync file: ./Notesnook.API/Dockerfile - image: streetwriters/identity file: ./Streetwriters.Identity/Dockerfile - image: streetwriters/sse file: ./Streetwriters.Messenger/Dockerfile permissions: packages: write contents: read attestations: write id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 - name: Log in to Docker Hub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Extract metadata (tags, labels) for Docker id: meta uses: docker/metadata-action@v5 with: images: ${{ matrix.repos.image }} - name: Build and push Docker image id: push uses: docker/build-push-action@v6 with: context: . file: ${{ matrix.repos.file }} push: true tags: ${{ steps.meta.outputs.tags }} - name: Generate artifact attestation uses: actions/attest-build-provenance@v1 with: subject-name: ${{ matrix.repos.image }} subject-digest: ${{ steps.push.outputs.digest }} push-to-registry: true