Integration with GitHub Actions in SourceCraft

tokens:
  # Token name (can be any).
  <token_name>:
    # Name of the service connection to Yandex Cloud
    service_connection: <service_connection_name>
    # Requested access scope:
    # org: All repositories
    # repo: Specific repository
    # ref: Branch or tag
    scope: repo

workflows:
  test-workflow:
    tasks:
      - name: test-gh-actions-task
        cubes:
          # The cube exchanges the SourceCraft token for the Yandex Cloud IAM token
          # and saves it to the `IAM_TOKEN` variable within the `outputs` section.
          - name: get-iam-token
            env:
              ID_TOKEN: ${{ tokens.<token_name>.id_token }}
              YC_SA_ID: ${{ tokens.<token_name>.service_account_id }}
            image: cr.yandex/sourcecraft/yc-iam:latest

          # The cube installs and configures the Docker Buildx utility.
          - name: setup-buildx
            action: docker/setup-buildx-action@v3.11.1

          # The cube authenticates with Yandex Cloud Registry 
          # using the IAM token.
          - name: login
            action: docker/login-action@v3.5.0
            with:
              registry: cr.yandex/<registry_ID>
              username: iam
              # Substitute to the `outputs` section the name of the IAM token cube,
              # e.g., `get-iam-token`.
              password: ${{ cubes.<IAM_token_cube_name>.outputs.IAM_TOKEN }}

          # The cube builds the Docker image from the Dockerfile and pushes it to the registry in
          # Cloud Registry.
          - name: build-and-push
            action: docker/build-push-action@v6.18.0
            with:
              context: .
              file: Dockerfile
              platforms: linux/amd64
              tags: |
                cr.yandex/<registry_ID>/image-name:latest
              push: true

on:
  push: test-workflow