mirror of
https://github.com/vector-im/element-call.git
synced 2026-03-13 06:07:04 +00:00
Push docker images to oci.element.io
This commit is contained in:
fkwp
44
.github/workflows/build-and-publish-docker.yaml
vendored
44
.github/workflows/build-and-publish-docker.yaml
vendored
@@ -33,19 +33,57 @@ jobs:
|
|||||||
name: build-output-full
|
name: build-output-full
|
||||||
path: dist
|
path: dist
|
||||||
|
|
||||||
- name: Log in to container registry
|
- name: Login to GitHub container registry
|
||||||
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
||||||
with:
|
with:
|
||||||
registry: ${{ env.REGISTRY }}
|
registry: ${{ env.REGISTRY }}
|
||||||
username: ${{ github.actor }}
|
username: ${{ github.actor }}
|
||||||
password: ${{ secrets.GITHUB_TOKEN }}
|
password: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|
||||||
|
- name: Connect to Tailscale
|
||||||
|
uses: tailscale/github-action@53acf823325fe9ca47f4cdaa951f90b4b0de5bb9 # v4
|
||||||
|
if: github.event_name != 'pull_request'
|
||||||
|
with:
|
||||||
|
oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
|
||||||
|
audience: ${{ secrets.TS_AUDIENCE }}
|
||||||
|
tags: tag:github-actions
|
||||||
|
|
||||||
|
- name: Compute vault jwt role name
|
||||||
|
id: vault-jwt-role
|
||||||
|
if: github.event_name != 'pull_request'
|
||||||
|
run: |
|
||||||
|
echo "role_name=github_service_management_$( echo "${{ github.repository }}" | sed -r 's|[/-]|_|g')" | tee -a "$GITHUB_OUTPUT"
|
||||||
|
|
||||||
|
- name: Get team registry token
|
||||||
|
id: import-secrets
|
||||||
|
uses: hashicorp/vault-action@4c06c5ccf5c0761b6029f56cfb1dcf5565918a3b # v3
|
||||||
|
if: github.event_name != 'pull_request'
|
||||||
|
with:
|
||||||
|
url: https://vault.infra.ci.i.element.dev
|
||||||
|
role: ${{ steps.vault-jwt-role.outputs.role_name }}
|
||||||
|
path: service-management/github-actions
|
||||||
|
jwtGithubAudience: https://vault.infra.ci.i.element.dev
|
||||||
|
method: jwt
|
||||||
|
secrets: |
|
||||||
|
services/<team>-repositories/secret/data/oci.element.io username | OCI_USERNAME ;
|
||||||
|
services/<team>-repositories/secret/data/oci.element.io password | OCI_PASSWORD ;
|
||||||
|
|
||||||
|
- name: Login to oci.element.io Registry
|
||||||
|
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3
|
||||||
|
if: github.event_name != 'pull_request'
|
||||||
|
with:
|
||||||
|
registry: oci-push.vpn.infra.element.io
|
||||||
|
username: ${{ steps.import-secrets.outputs.OCI_USERNAME }}
|
||||||
|
password: ${{ steps.import-secrets.outputs.OCI_PASSWORD }}
|
||||||
|
|
||||||
- name: Extract metadata (tags, labels) for Docker
|
- name: Extract metadata (tags, labels) for Docker
|
||||||
id: meta
|
id: meta
|
||||||
uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0
|
uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0
|
||||||
with:
|
with:
|
||||||
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
|
images: |
|
||||||
tags: ${{ inputs.docker_tags}}
|
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
|
||||||
|
oci-push.vpn.infra.element.io/element-web
|
||||||
|
tags: ${{ inputs.docker_tags }}
|
||||||
labels: |
|
labels: |
|
||||||
org.opencontainers.image.licenses=AGPL-3.0-only OR LicenseRef-Element-Commercial
|
org.opencontainers.image.licenses=AGPL-3.0-only OR LicenseRef-Element-Commercial
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user