# This workflow uses actions that are not certified by GitHub. # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. # GitHub recommends pinning actions to a commit SHA. # To get a newer version, you will need to update the SHA. # You can also reference a tag or branch, but the action may change without warning. name: Publish Docker images on: push: tags: - "v*" jobs: push_to_registry: name: Push Docker image to Docker Hub runs-on: ubuntu-latest strategy: matrix: repos: - image: streetwriters/notesnook-sync file: ./Notesnook.API/Dockerfile context: . - image: streetwriters/cors-proxy file: ./cors-proxy/Dockerfile context: ./cors-proxy/ - image: streetwriters/identity file: ./Streetwriters.Identity/Dockerfile context: . - image: streetwriters/sse file: ./Streetwriters.Messenger/Dockerfile context: . - image: streetwriters/notesnook-inbox file: ./Notesnook.Inbox.API/Dockerfile context: ./Notesnook.Inbox.API/ permissions: packages: write contents: read attestations: write id-token: write steps: - name: Check out the repo uses: actions/checkout@v4 # Setup Buildx - name: Docker Setup Buildx uses: docker/setup-buildx-action@v3 with: platforms: linux/amd64,linux/arm64 - name: Log in to Docker Hub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} ecr: auto logout: true # Pull previous image from docker hub to use it as cache to improve the image build time. - name: docker pull cache image continue-on-error: true run: docker pull ${{ matrix.repos.image }}:latest # Setup QEMU - name: Set up QEMU uses: docker/setup-qemu-action@v2 - name: Extract metadata (tags, labels) for Docker id: meta uses: docker/metadata-action@v5 with: images: ${{ matrix.repos.image }} - name: Build and push Docker image id: push uses: docker/build-push-action@v6 with: context: ${{ matrix.repos.context }} file: ${{ matrix.repos.file }} push: true platforms: linux/amd64,linux/arm64 tags: ${{ steps.meta.outputs.tags }} cache-from: ${{ matrix.repos.image }}:latest - name: Generate artifact attestation uses: actions/attest-build-provenance@v1 with: subject-name: index.docker.io/${{ matrix.repos.image }} subject-digest: ${{ steps.push.outputs.digest }} push-to-registry: true