Files
console/.github/workflows/dockerize-profiles.yml
T
Jake Barnby e1d3606a9a chore: pin github actions to sha and bump to latest (#3034)
Pin every third-party action in .github/workflows/ to a full commit SHA
with a trailing version comment, and bump to the latest stable release.
Defends against tag-rewrite supply-chain attacks while keeping versions
legible.
2026-05-08 13:41:32 +12:00

50 lines
1.8 KiB
YAML

name: Dockerize Profiles
on:
push:
branches: [feat-profiles]
pull_request:
types: [opened, synchronize, reopened]
branches: [feat-profiles]
workflow_dispatch:
jobs:
dockerize-profiles:
runs-on: ubuntu-latest
steps:
- name: Checkout the repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up QEMU
uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
- name: Log in to Docker Hub
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
with:
username: ${{ vars.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
with:
images: appwrite/console-profiles
tags: |
type=ref,event=branch,prefix=branch-
type=ref,event=pr
type=sha,prefix=sha-
type=raw,value=gh-${{ github.run_id}}
flavor: |
latest=false
- name: Build and push Docker image
id: push
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
with:
context: .
push: true
platforms: linux/amd64,linux/arm64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}