--- name: Build, Scan and Push Image on: workflow_call: outputs: tag: value: ${{ jobs.build-push.outputs.tag }} tags: value: ${{ jobs.build-push.outputs.tags }} inputs: image: type: string required: true description: Image name excluding registry build-args: type: string required: false description: "List of build-time variables" file: type: string required: false registry: type: string default: reg.dev.krd required: false timeout: type: number default: 10 required: false runs-on: type: string default: "[ 'ubuntu-latest' ]" required: false secrets: username: required: true password: required: true build-secrets: required: false jobs: build-push: name: Build and Push runs-on: ${{ fromJson(inputs.runs-on) }} timeout-minutes: ${{ inputs.timeout }} outputs: tag: ${{ fromJson(steps.meta.outputs.json).tags[0] }} tags: ${{ steps.meta.outputs.tags }} steps: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - id: meta name: Extract Metadata uses: docker/metadata-action@v5 with: images: ${{ inputs.registry }}/${{ inputs.image }} flavor: latest=false tags: | # Cache type=raw,value=${{ github.ref_name }}-cache # Branches type=ref,event=branch type=ref,event=branch,suffix=-{{sha}},priority=8888 # 2 # Releases type=semver,pattern={{major}} type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{version}},priority=9999 #1 - name: Login to Registry uses: docker/login-action@v3 with: registry: ${{ inputs.registry }} username: ${{ secrets.username }} password: ${{ secrets.password }} - name: Build Docker images uses: docker/build-push-action@v6 with: push: true file: ${{ inputs.file }} tags: ${{ steps.meta.outputs.tags }} cache-to: type=inline cache-from: type=registry,ref=${{ inputs.registry }}/${{ inputs.image }}:${{ github.ref_name }}-cache build-args: ${{ inputs.build-args }} secrets: ${{ secrets.build-secrets }}