update GitHub action workflow and go mod (#279)

* add permission block * switching from local cache to gha * add annotations and sbom to build step * moving dockerhub update to separate job * update go mods * add gha workflow_dispatch
2026-02-27 09:54:18 +08:00 · 2024-04-07 15:05:01 +02:00
parent f038e96845
commit a8966b3e0e
4 changed files with 33 additions and 26 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -13,6 +13,11 @@ on:
      - "go.sum"
  release:
    types: [published]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  packages: write

 jobs:
  build:
@@ -41,14 +46,6 @@ jobs:
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

-      - name: Cache Docker layers
-        uses: actions/cache@v4
-        with:
-          path: /tmp/.buildx-cache
-          key: ${{ runner.os }}-buildx-${{ github.sha }}
-          restore-keys: |
-            ${{ runner.os }}-buildx-
-
      - name: Login to DockerHub
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v3
@@ -68,16 +65,26 @@ jobs:
        uses: docker/build-push-action@v5
        with:
          context: .
-          file: ./Dockerfile
          platforms: linux/amd64,linux/arm/v7,linux/arm64
          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.docker_meta.outputs.tags }}
+          annotations: ${{ steps.docker_meta.outputs.annotations }}
          labels: ${{ steps.docker_meta.outputs.labels }}
-          cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache
+          tags: ${{ steps.docker_meta.outputs.tags }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          sbom: true
          build-args: |
            apiVersion=${{ fromJSON(steps.docker_meta.outputs.json).labels['org.opencontainers.image.version'] }}

+  dockerhub:
+    if: github.event_name == 'release'
+    runs-on: ubuntu-latest
+    needs:
+      - build
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
      - name: Docker Hub Description
        uses: peter-evans/dockerhub-description@v4
        if: github.event_name == 'release'