Merge dev into main — docs only [skip publish] #33
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish container image | |
| # One build per push to main: tags the image with :latest, :<package.json version>, and :<sha>. | |
| # Git tags (v0.1.0) are optional for GitHub Releases only — they do not trigger this workflow. | |
| # | |
| # Skip the container build for a push: include [skip publish] anywhere in the commit message. | |
| # Example: git commit -m "docs: note HC4 requirement [skip publish]" | |
| # | |
| # Verify both platforms locally before push: | |
| # docker buildx build --platform linux/amd64,linux/arm64 -f Dockerfile . | |
| on: | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| contents: read | |
| packages: write | |
| concurrency: | |
| group: publish-container-${{ github.sha }} | |
| cancel-in-progress: true | |
| env: | |
| IMAGE_NAME: videosphere | |
| jobs: | |
| publish: | |
| name: Build and push image | |
| if: ${{ !contains(github.event.head_commit.message, '[skip publish]') }} | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 90 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| - name: Read package version | |
| id: pkg | |
| run: echo "version=$(node -p "require('./package.json').version")" >> "$GITHUB_OUTPUT" | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v4 | |
| # Secrets cannot be used in `if:` expressions, but they are available to `run` steps. | |
| # Prefer repo variable DOCKERHUB_USERNAME; fall back to the homonymous secret. | |
| - name: Resolve Docker Hub target | |
| id: dockerhub | |
| env: | |
| DOCKERHUB_USERNAME_VAR: ${{ vars.DOCKERHUB_USERNAME }} | |
| DOCKERHUB_USERNAME_SECRET: ${{ secrets.DOCKERHUB_USERNAME }} | |
| run: | | |
| username="${DOCKERHUB_USERNAME_VAR:-$DOCKERHUB_USERNAME_SECRET}" | |
| if [ -n "$username" ]; then | |
| echo "enabled=true" >> "$GITHUB_OUTPUT" | |
| echo "username=$username" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "enabled=false" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Log in to GHCR | |
| uses: docker/login-action@v4 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Log in to Docker Hub | |
| if: steps.dockerhub.outputs.enabled == 'true' | |
| uses: docker/login-action@v4 | |
| with: | |
| username: ${{ steps.dockerhub.outputs.username }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Extract GHCR metadata | |
| id: meta_ghcr | |
| uses: docker/metadata-action@v6 | |
| with: | |
| images: ghcr.io/${{ github.repository }} | |
| tags: | | |
| type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }} | |
| type=raw,value=${{ steps.pkg.outputs.version }},enable=${{ github.ref == 'refs/heads/main' }} | |
| type=sha,prefix= | |
| type=ref,event=branch | |
| - name: Extract Docker Hub metadata | |
| id: meta_dockerhub | |
| if: steps.dockerhub.outputs.enabled == 'true' | |
| uses: docker/metadata-action@v6 | |
| with: | |
| images: docker.io/${{ steps.dockerhub.outputs.username }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }} | |
| type=raw,value=${{ steps.pkg.outputs.version }},enable=${{ github.ref == 'refs/heads/main' }} | |
| type=sha,prefix= | |
| type=ref,event=branch | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v7 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| push: true | |
| platforms: linux/amd64,linux/arm64 | |
| tags: | | |
| ${{ steps.meta_ghcr.outputs.tags }} | |
| ${{ steps.meta_dockerhub.outputs.tags }} | |
| labels: ${{ steps.meta_ghcr.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max |