name: Publish Docker images on: workflow_dispatch: {} push: tags: - "v*.*.*" permissions: contents: read env: GHCR_REGISTRY: ghcr.io/supercorp-ai DOCKERHUB_REGISTRY: docker.io/supercorp jobs: publish: name: Build and push supergateway container runs-on: ubuntu-latest permissions: contents: read id-token: write packages: write steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Login to GHCR uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Login to Docker Hub uses: docker/login-action@v3 with: registry: docker.io username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Extract version id: ver run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> "$GITHUB_OUTPUT" - name: Docker meta id: docker_meta uses: docker/metadata-action@v5 with: images: | ${{ env.GHCR_REGISTRY }}/supergateway ${{ env.DOCKERHUB_REGISTRY }}/supergateway labels: | org.opencontainers.image.title=Supergateway org.opencontainers.image.version=${{ steps.ver.outputs.VERSION }} org.opencontainers.image.source=${{ github.repository }} - name: Build & push (Bake) uses: docker/bake-action@v6 env: VERSION: ${{ steps.ver.outputs.VERSION }} with: source: . files: | docker-bake.hcl ${{ steps.docker_meta.outputs.bake-file }} push: true set: | *.args.VERSION=${{ steps.ver.outputs.VERSION }} *.cache-from=type=gha *.cache-to=type=gha,mode=max