build(infra): add package write permissions to workflow (#2000)

* add package write permissions to workflow * add refs metadata to container image
kanisterio · Apr 11, 2023 · 9a8a2ea · 9a8a2ea
1 parent d0d0a3d
commit 9a8a2ea
Showing 1 changed file with 16 additions and 1 deletion.
diff --git a/.github/workflows/kanister-image-build.yaml b/.github/workflows/kanister-image-build.yaml
@@ -29,13 +29,27 @@ jobs:
   #         files: docker/build/Dockerfile
 
   build:
+    permissions:
+      contents: read
+      packages: write
+
     runs-on: ubuntu-latest
     # TODO: Uncomment following when we enable check-file job
     # needs: check-files
     # if: needs.check-files.outputs.changed == 'true'
     steps:
     - name: Set up Docker Buildx
       uses: docker/setup-buildx-action@v2
+    - name: Image metadata
+      id: meta
+      uses: docker/metadata-action@v4
+      with:
+        images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+        tags: |
+          type=ref,event=branch
+          type=sha
+          {{date 'YYYY.MM.DD-HHmm'}}
+          {{ inputs.tag }}
     - name: Login to GHCR
       uses: docker/login-action@v2
       with:
@@ -47,4 +61,5 @@ jobs:
       with:
         context: "{{defaultContext}}:docker/build"
         push: true
-        tags: ${{ env.IMAGE_NAME }}:${{ inputs.tag }}
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}