From: German Service Network <support@gsnw.de>
Date: Tue, 9 Sep 2025 09:54:33 +0000 (+0200)
Subject: ci: Github action Build and Push Docker Image
X-Git-Url: https://git.gsnw.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c272f1b87e8166fc1569ed4c20707ccf958e5f64;p=fping.git

ci: Github action Build and Push Docker Image
---

diff --git a/.github/workflows/docker-deployment.yml b/.github/workflows/docker-deployment.yml
new file mode 100644
index 0000000..da22d72
--- /dev/null
+++ b/.github/workflows/docker-deployment.yml
@@ -0,0 +1,65 @@
+name: Build and Push Docker Image
+on:
+  workflow_run:
+    workflows: ["Test"]
+    types:
+      - completed
+permissions:
+  contents: read
+  packages: write
+  id-token: write    # Cosign OIDC-Signing
+  actions: write     # Upload Artifacts
+  attestations: write # build-provenance
+env:
+  REGISTRY: ghcr.io
+jobs:
+  push_to_regsitry:
+    if: >
+      github.event.workflow_run.conclusion == 'success' &&
+      github.event.workflow_run.event == 'push'
+    name: Push Docker image to Github Container Redistry
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Login Github Container Redistry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels)
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ github.repository }}
+          tags: |
+            type=raw,value=latest
+
+      - name: Build and push Docker image
+        id: build
+        uses: docker/build-push-action@v6
+        with:
+          file: contrib/Dockerfile
+          context: .
+          push: true
+          provenance: false
+          sbom: false
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          target: ""
+
+      - name: Install cosign
+        uses: sigstore/cosign-installer@v3
+
+      - name: Sign image with Cosign
+        run: cosign sign --yes ${{ env.REGISTRY }}/${{ github.repository }}@${{ steps.build.outputs.digest }}
+
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ github.repository }}
+          subject-digest: ${{ steps.build.outputs.digest }}
+          push-to-registry: true
\ No newline at end of file