name: CD / cert-manager webhook on: push: tags: - 'v*.*.*' jobs: publish: name: Build and push cert-manager-webhook container runs-on: ubuntu-latest permissions: contents: 'read' id-token: 'write' packages: 'write' steps: - name: Checkout uses: actions/checkout@v3 - name: Docker meta id: meta uses: docker/metadata-action@v4 with: # list of Docker images to use as base name for tags images: | ghcr.io/pluralsh/plural-certmanager-webhook dkr.plural.sh/bootstrap/plural-certmanager-webhook gcr.io/pluralsh/plural-certmanager-webhook # generate Docker tags based on the following events/attributes tags: | type=semver,pattern={{version}} - name: Set up QEMU uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - uses: google-github-actions/auth@v1 with: workload_identity_provider: 'projects/${{ secrets.GOOGLE_PROJECT_ID }}/locations/global/workloadIdentityPools/github/providers/github' service_account: 'terraform@pluralsh.iam.gserviceaccount.com' token_format: 'access_token' create_credentials_file: true - uses: google-github-actions/setup-gcloud@v1.0.0 - name: Login to gcr run: gcloud auth configure-docker -q - name: Login to plural registry uses: docker/login-action@v2 with: registry: dkr.plural.sh username: mjg@plural.sh password: ${{ secrets.PLURAL_ACCESS_TOKEN }} - name: Login to GHCR uses: docker/login-action@v2 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push uses: docker/build-push-action@v3 with: context: "." file: "./Dockerfile" push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} platforms: linux/amd64,linux/arm64