1+ name : " Docker: GitHub Packages"
2+
3+ on :
4+ push :
5+ branches :
6+ - main
7+
8+ env :
9+ REGISTRY : ghcr.io
10+ IMAGE_NAME : ${{ github.repository_owner }}/mcp-server-nodejs-api-docs
11+
12+ jobs :
13+ build_and_publish :
14+
15+ runs-on : ubuntu-latest
16+ permissions :
17+ contents : read
18+ packages : write
19+
20+ steps :
21+ - name : Checkout repository
22+ uses : actions/checkout@v4
23+
24+ - name : Log into registry ${{ env.REGISTRY }}
25+ uses : docker/login-action@v3
26+ with :
27+ registry : ${{ env.REGISTRY }}
28+ username : ${{ github.repository_owner }}
29+ password : ${{ secrets.GITHUB_TOKEN }}
30+
31+ - name : Extract Docker metadata
32+ id : meta
33+ uses : docker/metadata-action@v5
34+ with :
35+ images : ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
36+ tags : |
37+ type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
38+ type=ref,event=pr
39+ flavor : |
40+ prefix=
41+ suffix=
42+
43+ name : Build and push Docker image
44+ uses : docker/build-push-action@v6
45+ with :
46+ context : .
47+ push : true
48+ tags : ${{ steps.meta.outputs.tags }}
49+ labels : ${{ steps.meta.outputs.labels }}
50+
51+ - name : Cosign install
52+ uses : sigstore/cosign-installer@v3.8.2
53+
54+ - name : Sign the published container image
55+ env :
56+ COSIGN_PRIVATE_KEY : ${{ secrets.COSIGN_PRIVATE_KEY }}
57+ COSIGN_PASSWORD : ${{ secrets.COSIGN_PASSWORD }}
58+ TAGS : ${{ steps.meta.outputs.tags }}
59+ run : |
60+ cosign sign --key env://COSIGN_PRIVATE_KEY ${TAGS} \
61+ -a "repo=${{ github.repository }}" \
62+ -a "workflow=${{ github.workflow }}" \
63+ -a "ref=${{ github.sha }}" \
64+ -a "actor=${{ github.actor }}" \
65+ -a "build=${{ github.run_id }}"
0 commit comments