feat: Auto logout impersonation #67784
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: GitHub Codespaces image build | |
| #聽Run only on master branch. We could also build on branch but this seems like | |
| #聽an optimization that can be done as and when desired. The main use case we're | |
| #聽handling is creating and working off a branch from master, so it doesn't seem | |
| #聽like an immediate requirement to have branches as well. | |
| # | |
| # NOTE: the job is setup to also push branch images as well, and using branch | |
| #聽and master as caching, so if we want to add the optimisation for branches we | |
| #聽can just remove the master branch restriction. | |
| on: | |
| push: | |
| branches: | |
| - master | |
| pull_request: | |
| types: | |
| - opened | |
| - labeled | |
| - synchronize | |
| jobs: | |
| build: | |
| name: Build Codespaces image | |
| runs-on: ubuntu-latest | |
| # Build on master and PRs with the label 'codespaces-build' only | |
| if: ${{ github.ref == 'refs/heads/master' || contains(github.event.pull_request.labels.*.name, 'codespaces-build') }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 1 | |
| - name: Lowercase GITHUB_REPOSITORY | |
| id: lowercase | |
| run: | | |
| echo "repository=${GITHUB_REPOSITORY,,}" >> "$GITHUB_OUTPUT" | |
| # As ghcr.io complains if the image has upper case letters, we use | |
| # this action to ensure we get a lower case version. See | |
| # https://github.com/docker/build-push-action/issues/237#issuecomment-848673650 | |
| # for more details | |
| - name: Docker image metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ghcr.io/${{ steps.lowercase.outputs.repository }}/codespaces | |
| tags: | | |
| type=ref,event=branch | |
| type=raw,value=master | |
| # We also want to use cache-from when building, but we want to also | |
| # include the master tag so we get the master branch image as well. | |
| # This creates a scope similar to the github cache action scoping | |
| - name: Docker cache-from/cache-to metadata | |
| id: meta-for-cache | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ghcr.io/${{ steps.lowercase.outputs.repository }}/codespaces | |
| tags: | | |
| type=raw,value=master | |
| # Install QEMU so we can target x86_64 (github codespaces) | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push | |
| uses: docker/build-push-action@v2 | |
| with: | |
| context: . | |
| file: .devcontainer/Dockerfile | |
| push: true | |
| platforms: x86_64 | |
| # Cache from this branch, or master | |
| cache-from: ${{ steps.meta-for-cache.outputs.tags }} | |
| # NOTE: we use inline as suggested here: | |
| # https://github.com/docker/build-push-action/blob/master/docs/advanced/cache.md#inline-cache | |
| # It notes that it doesn't support mode=max, but we're not | |
| # removing any layers, soooo, maybe it's fine. | |
| cache-to: type=inline | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} |