actions/build-container-installer
1
0
Fork 0
mirror of https://github.com/JasonN3/build-container-installer.git synced 2025-12-25 02:47:56 +01:00
Code Releases Activity
build-container-installer/.github/workflows/build_container.yml
dependabot[bot] f6220211a4
Bump sigstore/cosign-installer from 3.7.0 to 3.8.0 
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.7.0 to 3.8.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/v3.7.0...v3.8.0)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-02-05 01:48:51 +00:00

144 lines
4.2 KiB
YAML
Raw Blame History

name: Build Container
on:
workflow_call:
inputs:
pr:
required: false
type: string
parent_job_name:
required: true
type: string
jobs:
build-container:
if: >
github.event_name == 'push' ||
github.event_name == 'issue_comment' ||
github.event_name == 'workflow_dispatch'
name: Build Container Image
env:
JOB_NAME: Build Container Image
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
statuses: write
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: recursive
fetch-depth: 0
fetch-tags: 'true'
- name: Switch branch
if: inputs.pr
env:
GITHUB_USER: ${{ github.actor }}
GITHUB_TOKEN: ${{ github.token }}
run: |
sudo apt-get update
sudo apt-get install -y hub
hub pr checkout ${{ inputs.pr }}
echo "sha=$(git rev-parse HEAD)" >> $GITHUB_ENV
- name: Get Current Job Log URL
if: inputs.pr && always()
uses: Tiryoh/gha-jobid-action@v1
id: jobs
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
job_name: "${{ inputs.parent_job_name }} / ${{ env.JOB_NAME }}"
per_page: 100
- name: Set status
if: inputs.pr && always()
uses: myrotvorets/set-commit-status-action@v2.0.1
with:
token: ${{ secrets.GITHUB_TOKEN }}
status: pending
context: ${{ env.JOB_NAME }}
sha: ${{ env.sha }}
targetUrl: ${{ steps.jobs.outputs.html_url }}
- name: Docker meta
if: inputs.pr == ''
id: meta
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/${{ github.repository }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=raw,value=${{ github.sha }}
type=semver,pattern=v{{version}}
type=semver,pattern=v{{major}}.{{minor}}
type=semver,pattern=v{{major}}.{{minor}}.{{patch}}
- name: Docker meta for PR
if: inputs.pr
id: meta_pr
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/${{ github.repository }}
tags: |
pr-${{ inputs.pr }}
${{ github.sha }}
- name: Buildah Build
id: build-image
uses: redhat-actions/buildah-build@v2
with:
containerfiles: Containerfile
tags: ${{ steps.meta.outputs.tags || steps.meta_pr.outputs.tags }}
labels: ${{ steps.meta.outputs.labels || steps.meta_pr.outputs.labels }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3.3.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Push image
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ steps.build-image.outputs.image }}
tags: ${{ steps.build-image.outputs.tags }}
username: ${{ github.actor }}
password: ${{ github.token }}
- name: Set status
if: inputs.pr && always()
uses: myrotvorets/set-commit-status-action@v2.0.1
with:
token: ${{ secrets.GITHUB_TOKEN }}
status: ${{ job.status }}
context: ${{ env.JOB_NAME }}
sha: ${{ env.sha }}
targetUrl: ${{ steps.jobs.outputs.html_url }}
- name: Install Cosign
if: startsWith(github.ref, 'refs/tags/v')
uses: sigstore/cosign-installer@v3.8.0
- name: Sign the images
if: startsWith(github.ref, 'refs/tags/v')
env:
TAGS: ${{ steps.build-image.outputs.tags }}
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
run: |
images=""
digest=""
for tag in ${TAGS}; do
if [[ -z "${digest}" ]]
then
digest=$(cat $(echo ${tag} | tr '/:' '--')_digest.txt)
fi
images+="${tag}@${digest} "
done
cosign sign --key env://COSIGN_PRIVATE_KEY --yes ${images}
View git blame Copy permalink