add permissions #22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Build and Push devcontainers | |
| on: | |
| push: | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }} | |
| cancel-in-progress: true | |
| jobs: | |
| build-and-push: | |
| timeout-minutes: 1440 | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout | |
| id: checkout | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
| - name: Free Disk Space (Ubuntu) | |
| uses: jlumbroso/free-disk-space@main | |
| with: | |
| tool-cache: true | |
| - name: Free disk space | |
| run: | | |
| sudo apt-get remove -y aria2 shellcheck rpm xorriso zsync \ | |
| gfortran-9 \ | |
| imagemagick \ | |
| libmagickcore-dev libmagickwand-dev libmagic-dev ant ant-optional kubectl \ | |
| mercurial apt-transport-https \ | |
| unixodbc-dev yarn libssl-dev snapd \ | |
| libfreetype6 libfreetype6-dev libfontconfig1 libfontconfig1-dev \ | |
| snmp pollinate libpq-dev ruby-full \ | |
| subversion microsoft-edge-stable --fix-missing || true | |
| - name: Set up QEMU for multi-architecture builds | |
| uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 | |
| - name: Setup Docker buildx for multi-architecture builds | |
| uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb | |
| with: | |
| use: true | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: "ghcr.io" | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and run Dev Container task | |
| uses: devcontainers/ci@a56d055efecd725e8cfe370543b6071b79989cc8 | |
| with: | |
| imageName: ghcr.io/${{ github.repository_owner }}/devcontainer | |
| cacheFrom: ghcr.io/${{ github.repository_owner }}/devcontainer | |
| subFolder: src/devcontainer | |
| platform: linux/arm64,linux/amd64 | |
| push: always |