azure-workload-identity/.github/workflows/publish-images.yaml

name: publish_images

on:
  push:
    branches:
      - main

permissions:
  contents: read
  packages: write

jobs:
  export-registry:
    runs-on: ubuntu-20.04
    outputs:
      registry: ${{ steps.export.outputs.registry }}
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
        with:
          egress-policy: audit

      - id: export
        run: |
          # registry must be in lowercase
          echo "registry=$(echo "ghcr.io/${{ github.repository }}" | tr [:upper:] [:lower:])" >> $GITHUB_OUTPUT          

  publish-images:
    needs: export-registry
    env:
      REGISTRY: ${{ needs.export-registry.outputs.registry }}
    strategy:
      fail-fast: false
      matrix:
        image: [webhook, proxy, proxy-init]
    runs-on: ubuntu-20.04
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
        with:
          egress-policy: audit

      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
        with:
          submodules: true
          fetch-depth: 0
      - name: Login to ghcr.io
        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Build ${{ matrix.image }}
        run: |
          make docker-build docker-push-manifest          
        env:
          ALL_IMAGES: ${{ matrix.image }}
          IMAGE_VERSION: latest

  publish-example-images:
    needs: export-registry
    env:
      REGISTRY: ${{ needs.export-registry.outputs.registry }}
    strategy:
      fail-fast: false
      matrix:
        dir: [examples/msal-go, examples/msal-net/akvdotnet, examples/msal-node, examples/msal-python, examples/msal-java]
    runs-on: ubuntu-20.04
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
        with:
          egress-policy: audit

      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
        with:
          submodules: true
          fetch-depth: 0
      - name: Login to ghcr.io
        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd # v2.8.3
        with:
          timeout_minutes: 20
          max_attempts: 3
          command: |
            make docker-buildx-builder
            make -C ${{ matrix.dir }} container-all push-manifest