name: Go CD on: push: branches: [main] tags: ["v*"] jobs: build-and-push: name: Build and Push Docker Image runs-on: ubuntu-latest permissions: contents: read packages: write attestations: write id-token: write steps: - name: Check out code uses: actions/checkout@v5 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Extract metadata id: meta uses: docker/metadata-action@v5 with: images: ghcr.io/${{ github.repository }} tags: | type=ref,event=branch type=ref,event=tag type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=sha,format=long - name: Build and push id: push uses: docker/build-push-action@v6 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max platforms: linux/amd64,linux/arm64 - name: Generate artifact attestation uses: actions/attest-build-provenance@v3 with: subject-name: ghcr.io/${{ github.repository}} subject-digest: ${{ steps.push.outputs.digest }} push-to-registry: true deploy: name: Deploy to Production needs: build-and-push runs-on: ubuntu-latest if: startsWith(github.ref, 'refs/tags/v') steps: - name: Check out code uses: actions/checkout@v5 - name: Extract tag name id: tag run: echo "TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT # This step is a placeholder for deployment logic # Replace with your actual deployment mechanism (SSH, kubectl, etc.) - name: Deploy to production run: | echo "Deploying version ${{ steps.tag.outputs.TAG }} to production" # Add your deployment commands here env: TAG: ${{ steps.tag.outputs.TAG }} # Add other environment variables needed for deployment