add actions workload to build and publish images to ghcr (#1) #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Container Images | |
| on: | |
| push: | |
| branches: | |
| - main | |
| # supports manualy running a workflow | |
| workflow_dispatch: | |
| env: | |
| REGISTRY: ghcr.io | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| include: | |
| - image: microsoft/defender-for-cloud/attacksimulation/victim | |
| dockerpath: Images/victim | |
| - image: microsoft/defender-for-cloud/attacksimulation/attacker | |
| dockerpath: Images/attacker | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Extract Docker metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ matrix.image }} | |
| tags: | | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - name: Login to ${{ env.REGISTRY }} | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push Docker image | |
| id: build-and-push | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: ${{ matrix.dockerpath }} | |
| file: ${{ matrix.dockerpath }}/Dockerfile | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} |