Modernize GitHub Actions workflow with best practices. #96
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker Build | |
| on: | |
| pull_request: | |
| branches: main | |
| push: | |
| branches: | |
| - main | |
| - dev | |
| tags: | |
| - v* | |
| # Cancel in-progress builds for same branch/PR | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| # Minimal permissions for GITHUB_TOKEN | |
| permissions: | |
| contents: read | |
| packages: write | |
| attestations: write | |
| id-token: write | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 # 2026-02-05: v4.2.2 | |
| - name: Docker metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 # 2026-02-05: v5.7.0 | |
| with: | |
| images: portableprogrammer/status-light | |
| tags: | | |
| # Tag PRs with 'edge' | |
| type=edge,branch=main | |
| # Tag releases with semver | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }} | |
| labels: | | |
| org.opencontainers.image.title=Status-Light | |
| org.opencontainers.image.description=Multi-platform presence status indicator for smart RGB lights | |
| org.opencontainers.image.vendor=PortableProgrammer | |
| org.opencontainers.image.licenses=MIT | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 # 2026-02-05: v3.2.0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 # 2026-02-05: v3.7.1 | |
| - name: Docker Hub login | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 # 2026-02-05: v3.3.0 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Build and push | |
| id: build | |
| uses: docker/build-push-action@v6 # 2026-02-05: v6.10.0 | |
| with: | |
| context: . | |
| file: ./Dockerfiles/Dockerfile | |
| platforms: linux/amd64,linux/arm/v7,linux/arm64 | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| # GitHub Actions cache for faster builds | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| # Supply chain security | |
| provenance: mode=max | |
| sbom: true | |
| - name: Docker Hub description | |
| if: github.event_name != 'pull_request' && startsWith(github.ref, 'refs/tags/v') | |
| uses: peter-evans/dockerhub-description@v4 # 2026-02-05: v4.0.0 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| repository: portableprogrammer/status-light | |
| short-description: Multi-platform presence status indicator for smart RGB lights | |
| continue-on-error: true | |
| - name: Verify multi-arch manifest | |
| if: github.event_name != 'pull_request' | |
| run: | | |
| docker buildx imagetools inspect ${{ steps.meta.outputs.tags }} | tee manifest.txt | |
| echo "## Multi-Architecture Manifest" >> $GITHUB_STEP_SUMMARY | |
| echo '```' >> $GITHUB_STEP_SUMMARY | |
| cat manifest.txt >> $GITHUB_STEP_SUMMARY | |
| echo '```' >> $GITHUB_STEP_SUMMARY | |
| - name: Build summary | |
| if: always() | |
| run: | | |
| echo "## Build Summary" >> $GITHUB_STEP_SUMMARY | |
| echo "- **Event:** ${{ github.event_name }}" >> $GITHUB_STEP_SUMMARY | |
| echo "- **Ref:** ${{ github.ref }}" >> $GITHUB_STEP_SUMMARY | |
| echo "- **Platforms:** linux/amd64, linux/arm/v7, linux/arm64" >> $GITHUB_STEP_SUMMARY | |
| echo "- **Tags:** ${{ steps.meta.outputs.tags }}" >> $GITHUB_STEP_SUMMARY | |
| if [[ "${{ github.event_name }}" != "pull_request" ]]; then | |
| echo "- **Digest:** ${{ steps.build.outputs.digest }}" >> $GITHUB_STEP_SUMMARY | |
| echo "- **Pushed:** ✅ Yes" >> $GITHUB_STEP_SUMMARY | |
| else | |
| echo "- **Pushed:** ⏭️ Skipped (PR)" >> $GITHUB_STEP_SUMMARY | |
| fi |