name: publish-image on: push: branches: ["main"] workflow_dispatch: schedule: # Rebuild periodically so content sources can be refreshed even without code changes. - cron: "0 9 * * *" jobs: publish: runs-on: ubuntu-latest permissions: contents: read packages: write steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: "24" cache: "npm" cache-dependency-path: site/package-lock.json - name: Install + Fetch Content + Build Site working-directory: site env: YOUTUBE_CHANNEL_ID: ${{ secrets.YOUTUBE_CHANNEL_ID }} YOUTUBE_API_KEY: ${{ secrets.YOUTUBE_API_KEY }} PODCAST_RSS_URL: ${{ secrets.PODCAST_RSS_URL }} WORDPRESS_BASE_URL: ${{ secrets.WORDPRESS_BASE_URL }} WORDPRESS_USERNAME: ${{ secrets.WORDPRESS_USERNAME }} WORDPRESS_APP_PASSWORD: ${{ secrets.WORDPRESS_APP_PASSWORD }} REDIS_URL: ${{ secrets.REDIS_URL }} run: | npm ci npm run fetch-content npm run build - uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - uses: docker/setup-buildx-action@v3 - uses: docker/metadata-action@v5 id: meta with: images: ghcr.io/${{ github.repository }} tags: | type=raw,value=latest type=sha,format=short,prefix=sha- - uses: docker/build-push-action@v6 with: context: . file: Dockerfile push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} build-args: | BUILD_SHA=${{ github.sha }} BUILD_DATE=${{ github.run_started_at }} BUILD_REF=${{ github.server_url }}/${{ github.repository }} PUBLIC_SITE_URL=${{ secrets.PUBLIC_SITE_URL }} PUBLIC_UMAMI_SCRIPT_URL=${{ secrets.PUBLIC_UMAMI_SCRIPT_URL }} PUBLIC_UMAMI_WEBSITE_ID=${{ secrets.PUBLIC_UMAMI_WEBSITE_ID }} PUBLIC_ENABLE_SW=${{ secrets.PUBLIC_ENABLE_SW }}