-
Notifications
You must be signed in to change notification settings - Fork 0
70 lines (69 loc) · 2.39 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
name: build
on:
push:
branches:
- master
jobs:
gcp-oidc-token-proxy:
name: gcp-oidc-token-proxy
runs-on: ubuntu-latest
env:
REPO: dazwilkin/gcp-oidc-token-proxy
steps:
- name: checkout
uses: actions/checkout@v4
- name: setup
uses: docker/setup-buildx-action@v3
- name: QEMU
uses: docker/setup-qemu-action@v3
- name: login
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GHCR }}
- name: Get kernel version
run: echo "VERSION=$(uname --kernel-release)" >> ${GITHUB_ENV}
- name: docker-build-push-multi-platform
id: docker-build-push-multi-platform
uses: docker/build-push-action@v6
with:
context: .
platforms: linux/amd64,linux/arm64/v7,linux/arm64
file: ./Dockerfile
build-args: |
VERSION=${{ env.VERSION }}
COMMIT=${{ github.sha }}
tags: ghcr.io/${{ env.REPO }}:${{ github.sha }}
push: true
- name: Install Cosign
uses: sigstore/cosign-installer@main
- name: Write signing key to disk (only needed for `cosign sign --key`)
run: echo "${{ secrets.SIGNING }}" > ./cosign.key
- name: Sign container image
run: |
DIGEST=${{ steps.docker-build-push-multi-platform.outputs.digest }}
cosign sign \
--yes \
--key=./cosign.key \
--annotations="repo=${{ github.repository }}" \
--annotations="workflow=${{ github.workflow }}" \
--annotations="commit=${{ github.sha }}" \
--annotations="version=${{ env.VERSION }}" \
ghcr.io/${{ env.REPO }}@${DIGEST}
env:
COSIGN_PASSWORD: ""
- name: revise occurrences of the image
run: |
git config --local user.email "[email protected]"
git config --local user.name "GitHub Actions"
for FILENAME in "./docker-compose.yml" "./README.md" "./kubernetes/deployment.yml"
do
sed \
--in-place \
"s|ghcr.io/${{ env.REPO }}:[0-9a-f]\{40\}|ghcr.io/${{ env.REPO }}:${{ github.sha }}|g" \
${FILENAME}
git add ${FILENAME}
done
git commit --message "GitHub Actions update image references"
git push origin master