From 5977b4a03ed9cc6626ce4598dfccb2414c8b98e4 Mon Sep 17 00:00:00 2001 From: Johannes Maron Date: Sun, 29 Jun 2025 14:55:51 +0200 Subject: [PATCH] Publish containers to GitHub (#375) This workflow creates two offical container images: * `ghcr.io/codingjoe/deer-flow:main` * `ghcr.io/codingjoe/deer-flow-web:main` --- .github/workflows/container.yaml | 95 ++++++++++++++++++++++++++++++++ docker-compose.yml | 2 +- 2 files changed, 96 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/container.yaml diff --git a/.github/workflows/container.yaml b/.github/workflows/container.yaml new file mode 100644 index 0000000..e5c6e5f --- /dev/null +++ b/.github/workflows/container.yaml @@ -0,0 +1,95 @@ +name: Publish Containers + +on: + push: + branches: + - main + release: + types: [published] + workflow_dispatch: + +jobs: + + backend-container: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + attestations: write + id-token: write + env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Build and push Docker image + id: push + uses: docker/build-push-action@v6 + with: + context: . + file: Dockerfile + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v2 + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true + + frontend-container: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + attestations: write + id-token: write + env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }}-web + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + - name: Build and push Docker image + id: push + uses: docker/build-push-action@v6 + with: + context: web + file: web/Dockerfile + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v2 + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index a67a25c..a14c43f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,7 +9,7 @@ services: env_file: - .env volumes: - - ./conf.yaml:/app/conf.yaml + - ./conf.yaml:/app/conf.yaml:ro restart: unless-stopped networks: - deer-flow-network