add permissions #21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Build and Push devcontainers | |
| on: | |
| push: | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }} | |
| cancel-in-progress: true | |
| jobs: | |
| build-and-push: | |
| timeout-minutes: 1440 | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout | |
| id: checkout | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
| - name: Free Disk Space (Ubuntu) | |
| uses: jlumbroso/free-disk-space@main | |
| with: | |
| tool-cache: true | |
| - name: Free disk space | |
| run: | | |
| sudo apt-get remove -y aria2 ansible azure-cli shellcheck rpm xorriso zsync \ | |
| firefox gfortran-9 google-chrome-stable \ | |
| imagemagick \ | |
| libmagickcore-dev libmagickwand-dev libmagic-dev ant ant-optional kubectl \ | |
| mercurial apt-transport-https mono-complete \ | |
| unixodbc-dev yarn chrpath libssl-dev libxft-dev snapd \ | |
| libfreetype6 libfreetype6-dev libfontconfig1 libfontconfig1-dev \ | |
| snmp pollinate libpq-dev postgresql-client powershell ruby-full \ | |
| sphinxsearch subversion azure-cli microsoft-edge-stable --fix-missing || true | |
| - name: Set up QEMU for multi-architecture builds | |
| uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 | |
| - name: Setup Docker buildx for multi-architecture builds | |
| uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb | |
| with: | |
| use: true | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: "ghcr.io" | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and run Dev Container task | |
| uses: devcontainers/ci@a56d055efecd725e8cfe370543b6071b79989cc8 | |
| with: | |
| imageName: ghcr.io/${{ github.repository_owner }}/devcontainer | |
| cacheFrom: ghcr.io/${{ github.repository_owner }}/devcontainer | |
| subFolder: src/devcontainer | |
| platform: linux/arm64,linux/amd64 | |
| push: always |