Files
pnpm/.github/workflows/docker.yml
dependabot[bot] d67385eac1 chore(deps): bump the github-actions group across 1 directory with 12 updates
Bumps the github-actions group with 12 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [dorny/paths-filter](https://github.com/dorny/paths-filter) | `4.0.1` | `4.0.2` |
| [github/codeql-action/init](https://github.com/github/codeql-action) | `4.36.2` | `4.36.3` |
| [github/codeql-action/autobuild](https://github.com/github/codeql-action) | `4.36.2` | `4.36.3` |
| [github/codeql-action/analyze](https://github.com/github/codeql-action) | `4.36.2` | `4.36.3` |
| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `4.1.0` | `4.2.0` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.1.0` | `4.2.0` |
| [docker/login-action](https://github.com/docker/login-action) | `4.2.0` | `4.4.0` |
| [docker/build-push-action](https://github.com/docker/build-push-action) | `7.2.0` | `7.3.0` |
| [taiki-e/install-action](https://github.com/taiki-e/install-action) | `2.82.5` | `2.82.9` |
| [crate-ci/typos](https://github.com/crate-ci/typos) | `1.47.2` | `1.48.0` |
| [garnet-org/action](https://github.com/garnet-org/action) | `2.0.2` | `2.2.0` |
| [warpdotdev/oz-agent-action](https://github.com/warpdotdev/oz-agent-action) | `1.0.21` | `1.0.23` |



Updates `dorny/paths-filter` from 4.0.1 to 4.0.2
- [Release notes](https://github.com/dorny/paths-filter/releases)
- [Changelog](https://github.com/dorny/paths-filter/blob/master/CHANGELOG.md)
- [Commits](fbd0ab8f3e...7b450fff21)

Updates `github/codeql-action/init` from 4.36.2 to 4.36.3
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](8aad20d150...54f647b7e1)

Updates `github/codeql-action/autobuild` from 4.36.2 to 4.36.3
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](8aad20d150...54f647b7e1)

Updates `github/codeql-action/analyze` from 4.36.2 to 4.36.3
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](8aad20d150...54f647b7e1)

Updates `docker/setup-qemu-action` from 4.1.0 to 4.2.0
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](06116385d9...96fe6ef7f3)

Updates `docker/setup-buildx-action` from 4.1.0 to 4.2.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](d7f5e7f509...bb05f3f551)

Updates `docker/login-action` from 4.2.0 to 4.4.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](650006c6eb...af1e73f918)

Updates `docker/build-push-action` from 7.2.0 to 7.3.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](f9f3042f7e...53b7df96c9)

Updates `taiki-e/install-action` from 2.82.5 to 2.82.9
- [Release notes](https://github.com/taiki-e/install-action/releases)
- [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md)
- [Commits](bffeee26d4...4684b84056)

Updates `crate-ci/typos` from 1.47.2 to 1.48.0
- [Release notes](https://github.com/crate-ci/typos/releases)
- [Changelog](https://github.com/crate-ci/typos/blob/master/CHANGELOG.md)
- [Commits](37bb98842b...bee27e3a4f)

Updates `garnet-org/action` from 2.0.2 to 2.2.0
- [Release notes](https://github.com/garnet-org/action/releases)
- [Commits](2b7fc9d79b...3d47f4a900)

Updates `warpdotdev/oz-agent-action` from 1.0.21 to 1.0.23
- [Release notes](https://github.com/warpdotdev/oz-agent-action/releases)
- [Commits](1922f22c00...8ba4e14206)

---
updated-dependencies:
- dependency-name: crate-ci/typos
  dependency-version: 1.48.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/build-push-action
  dependency-version: 7.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/login-action
  dependency-version: 4.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/setup-buildx-action
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/setup-qemu-action
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: dorny/paths-filter
  dependency-version: 4.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: garnet-org/action
  dependency-version: 2.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: github/codeql-action/analyze
  dependency-version: 4.36.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: github/codeql-action/autobuild
  dependency-version: 4.36.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: github/codeql-action/init
  dependency-version: 4.36.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: taiki-e/install-action
  dependency-version: 2.82.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: warpdotdev/oz-agent-action
  dependency-version: 1.0.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-13 09:30:55 +00:00

115 lines
3.7 KiB
YAML

name: Docker
on:
release:
types: [published]
workflow_dispatch:
inputs:
version:
description: "pnpm version to build (without leading v)"
required: true
prerelease:
description: "Treat as prerelease (skips mutable tags)"
type: boolean
default: false
jobs:
build:
name: Build
runs-on: ubuntu-latest
environment: release
permissions:
contents: read
packages: write
id-token: write
env:
IMAGE: ghcr.io/${{ github.repository_owner }}/pnpm
steps:
- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- name: Resolve release metadata
id: meta
env:
EVENT_NAME: ${{ github.event_name }}
RELEASE_TAG: ${{ github.event.release.tag_name }}
RELEASE_PRERELEASE: ${{ github.event.release.prerelease }}
INPUT_VERSION: ${{ inputs.version }}
INPUT_PRERELEASE: ${{ inputs.prerelease }}
run: |
set -eu
if [ "$EVENT_NAME" = "release" ]; then
version="${RELEASE_TAG#v}"
prerelease="$RELEASE_PRERELEASE"
else
version="${INPUT_VERSION#v}"
prerelease="$INPUT_PRERELEASE"
fi
case "$version" in
*[!0-9A-Za-z.+-]*) echo "invalid version: $version" >&2; exit 1 ;;
[0-9]*.[0-9]*.[0-9]*) ;;
*) echo "invalid version: $version" >&2; exit 1 ;;
esac
major="${version%%.*}"
echo "version=$version" >> "$GITHUB_OUTPUT"
echo "major=$major" >> "$GITHUB_OUTPUT"
echo "prerelease=$prerelease" >> "$GITHUB_OUTPUT"
- name: Compute image tags
id: tags
env:
VERSION: ${{ steps.meta.outputs.version }}
MAJOR: ${{ steps.meta.outputs.major }}
PRERELEASE: ${{ steps.meta.outputs.prerelease }}
run: |
set -eu
tags="${IMAGE}:${VERSION}"
if [ "$PRERELEASE" != "true" ]; then
tags="${tags},${IMAGE}:${MAJOR},${IMAGE}:latest"
fi
echo "tags=$tags" >> "$GITHUB_OUTPUT"
- name: Compute pnpm tarball checksums
id: checksums
env:
VERSION: ${{ steps.meta.outputs.version }}
run: |
set -eu
base="https://github.com/pnpm/pnpm/releases/download/v${VERSION}"
for pair in amd64:x64 arm64:arm64; do
key="${pair%:*}"
name="${pair#*:}"
sha="$(curl -fsSL --retry 3 --retry-delay 2 "${base}/pnpm-linux-${name}.tar.gz" \
| sha256sum | awk '{print $1}')"
echo "sha_${key}=${sha}" >> "$GITHUB_OUTPUT"
done
- name: Set up QEMU
uses: docker/setup-qemu-action@96fe6ef7f33517b61c61be40b68a1882f3264fb8 # v4.2.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4.2.0
- name: Login to GHCR
uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4.4.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push
uses: docker/build-push-action@53b7df96c91f9c12dcc8a07bcb9ccacbed38856a # v7.3.0
with:
context: ./docker
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.tags.outputs.tags }}
build-args: |
PNPM_VERSION=${{ steps.meta.outputs.version }}
PNPM_SHA256_AMD64=${{ steps.checksums.outputs.sha_amd64 }}
PNPM_SHA256_ARM64=${{ steps.checksums.outputs.sha_arm64 }}
provenance: mode=max
sbom: true