Image CI Build #59

Workflow file for this run

.github/workflows/build-images-ci.yaml at 1f59b36

	name: Image CI Build

	# Any change in triggers needs to be reflected in the concurrency group.
	on:
	pull_request_target:
	types:
	- opened
	- synchronize
	- reopened
	push:
	branches:
	- master
	- ft/master/**

	# If the cache was cleaned we should re-build the cache with the latest commit
	workflow_run:
	workflows:
	- "Image CI Cache Cleaner"
	branches:
	- master
	- ft/master/**
	types:
	- completed

	permissions:
	# To be able to access the repository with `actions/checkout`
	contents: read
	# Required to generate OIDC tokens for `sigstore/cosign-installer` authentication
	id-token: write

	concurrency:
	group: ${{ github.workflow }}-${{ github.event.pull_request.number \|\| github.event.after }}
	cancel-in-progress: true

	jobs:
	build-and-push-prs:
	runs-on: ubuntu-20.04
	strategy:
	matrix:
	include:
	- name: cilium
	dockerfile: ./images/cilium/Dockerfile

	- name: operator-aws
	dockerfile: ./images/operator/Dockerfile

	- name: operator-azure
	dockerfile: ./images/operator/Dockerfile

	- name: operator-alibabacloud
	dockerfile: ./images/operator/Dockerfile

	- name: operator-generic
	dockerfile: ./images/operator/Dockerfile

	- name: hubble-relay
	dockerfile: ./images/hubble-relay/Dockerfile

	- name: clustermesh-apiserver
	dockerfile: ./images/clustermesh-apiserver/Dockerfile

	- name: docker-plugin
	dockerfile: ./images/cilium-docker-plugin/Dockerfile

	steps:
	- name: Checkout master branch to access local actions
	uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
	with:
	ref: ${{ github.event.repository.default_branch }}
	persist-credentials: false

	- name: Set Environment Variables
	uses: ./.github/actions/set-env-variables

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2.5.0

	- name: Login to quay.io for CI
	uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
	with:
	registry: quay.io
	username: ${{ secrets.QUAY_USERNAME_CI }}
	password: ${{ secrets.QUAY_PASSWORD_CI }}

	- name: Getting image tag
	id: tag
	run: \|
	if [ ${{ github.event.pull_request.head.sha }} != "" ]; then
	echo tag=${{ github.event.pull_request.head.sha }} >> $GITHUB_OUTPUT
	else
	echo tag=${{ github.sha }} >> $GITHUB_OUTPUT
	fi

	- name: Checkout Source Code
	uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
	with:
	persist-credentials: false
	ref: ${{ steps.tag.outputs.tag }}

	# Load Golang cache build from GitHub
	- name: Load ${{ matrix.name }} Golang cache build from GitHub
	uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
	id: cache
	with:
	path: /tmp/.cache/${{ matrix.name }}
	key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}-${{ matrix.name }}-${{ github.sha }}
	restore-keys: \|
	${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}-${{ matrix.name }}-
	${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}-
	${{ runner.os }}-go-

	- name: Create ${{ matrix.name }} cache directory
	if: ${{ steps.cache.outputs.cache-hit != 'true' }}
	shell: bash
	run: \|
	mkdir -p /tmp/.cache/${{ matrix.name }}

	# Import GitHub's cache build to docker cache
	- name: Copy ${{ matrix.name }} Golang cache to docker cache
	uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4.0.0
	with:
	provenance: false
	context: /tmp/.cache/${{ matrix.name }}
	file: ./images/cache/Dockerfile
	push: false
	platforms: linux/amd64
	target: import-cache

	- name: Install Cosign
	uses: sigstore/cosign-installer@c3667d99424e7e6047999fb6246c0da843953c65 # v3.0.1

	- name: Install Bom
	shell: bash
	run: \|
	curl -L https://github.com/kubernetes-sigs/bom/releases/download/v0.4.1/bom-linux-amd64 -o bom
	sudo mv ./bom /usr/local/bin/bom
	sudo chmod +x /usr/local/bin/bom

	# master branch pushes
	- name: CI Build ${{ matrix.name }}
	if: ${{ github.event_name != 'pull_request_target' }}
	uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4.0.0
	id: docker_build_ci_master
	with:
	provenance: false
	context: .
	file: ${{ matrix.dockerfile }}
	# Only push when the event name was a GitHub push, this is to avoid
	# re-pushing the image tags when we only want to re-create the Golang
	# docker cache after the workflow "Image CI Cache Cleaner" was terminated.
	push: ${{ github.event_name == 'push' }}
	platforms: linux/amd64,linux/arm64
	tags: \|
	quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:latest
	quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}
	target: release
	build-args: \|
	OPERATOR_VARIANT=${{ matrix.name }}

	- name: CI race detection Build ${{ matrix.name }}
	if: ${{ github.event_name != 'pull_request_target' }}
	uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4.0.0
	id: docker_build_ci_master_detect_race_condition
	with:
	provenance: false
	context: .
	file: ${{ matrix.dockerfile }}
	# Only push when the event name was a GitHub push, this is to avoid
	# re-pushing the image tags when we only want to re-create the Golang
	# docker cache after the workflow "Image CI Cache Cleaner" was terminated.
	push: ${{ github.event_name == 'push' }}
	platforms: linux/amd64
	tags: \|
	quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:latest-race
	quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-race
	target: release
	build-args: \|
	BASE_IMAGE=quay.io/cilium/cilium-runtime:fe3fe058796057d2a089fac72a6a7afdf6b31435@sha256:d3f15d63ba73529963a3e9b5b2ff737f5638fc7a33819ac5380e72f2af7b4642
	LOCKDEBUG=1
	RACE=1
	OPERATOR_VARIANT=${{ matrix.name }}

	- name: CI Unstripped Binaries Build ${{ matrix.name }}
	if: ${{ github.event_name != 'pull_request_target' }}
	uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4.0.0
	id: docker_build_ci_master_unstripped
	with:
	provenance: false
	context: .
	file: ${{ matrix.dockerfile }}
	# Only push when the event name was a GitHub push, this is to avoid
	# re-pushing the image tags when we only want to re-create the Golang
	# docker cache after the workflow "Image CI Cache Cleaner" was terminated.
	push: ${{ github.event_name == 'push' }}
	platforms: linux/amd64
	tags: \|
	quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:latest-unstripped
	quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-unstripped
	target: release
	build-args: \|
	NOSTRIP=1
	OPERATOR_VARIANT=${{ matrix.name }}

	- name: Sign Container Images
	if: ${{ github.event_name != 'pull_request_target' }}
	env:
	COSIGN_EXPERIMENTAL: "true"
	run: \|
	cosign sign -y quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_master.outputs.digest }}
	cosign sign -y quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_master_detect_race_condition.outputs.digest }}
	cosign sign -y quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_master_unstripped.outputs.digest }}

	- name: Generate SBOM
	if: ${{ github.event_name != 'pull_request_target' }}
	shell: bash
	# To-Do: generate SBOM from source after https://github.com/kubernetes-sigs/bom/issues/202 is fixed
	# To-Do: format SBOM output to json after cosign v2.0 is released with https://github.com/sigstore/cosign/pull/2479
	run: \|
	bom generate -o sbom_ci_master_${{ matrix.name }}_${{ steps.tag.outputs.tag }}.spdx \
	--image=quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}
	bom generate -o sbom_ci_master_race_${{ matrix.name }}_${{ steps.tag.outputs.tag }}.spdx \
	--image=quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-race
	bom generate -o sbom_ci_master_unstripped_${{ matrix.name }}_${{ steps.tag.outputs.tag }}.spdx \
	--image=quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-unstripped

	- name: Attach SBOM to Container Images
	if: ${{ github.event_name != 'pull_request_target' }}
	run: \|
	cosign attach sbom --sbom sbom_ci_master_${{ matrix.name }}_${{ steps.tag.outputs.tag }}.spdx quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_master.outputs.digest }}
	cosign attach sbom --sbom sbom_ci_master_race_${{ matrix.name }}_${{ steps.tag.outputs.tag }}.spdx quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_master_detect_race_condition.outputs.digest }}
	cosign attach sbom --sbom sbom_ci_master_unstripped_${{ matrix.name }}_${{ steps.tag.outputs.tag }}.spdx quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_master_unstripped.outputs.digest }}

	- name: Sign SBOM Images
	if: ${{ github.event_name != 'pull_request_target' }}
	env:
	COSIGN_EXPERIMENTAL: "true"
	run: \|
	docker_build_ci_master_digest="${{ steps.docker_build_ci_master.outputs.digest }}"
	image_name="quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${docker_build_ci_master_digest/:/-}.sbom"
	docker_build_ci_master_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} \| sha256sum \| head -c 64)"
	cosign sign -y "quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${docker_build_ci_master_sbom_digest}"

	docker_build_ci_master_detect_race_condition_digest="${{ steps.docker_build_ci_master_detect_race_condition.outputs.digest }}"
	image_name="quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${docker_build_ci_master_detect_race_condition_digest/:/-}.sbom"
	docker_build_ci_master_detect_race_condition_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} \| sha256sum \| head -c 64)"
	cosign sign -y "quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${docker_build_ci_master_detect_race_condition_sbom_digest}"

	docker_build_ci_master_unstripped_digest="${{ steps.docker_build_ci_master_unstripped.outputs.digest }}"
	image_name="quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${docker_build_ci_master_unstripped_digest/:/-}.sbom"
	docker_build_ci_master_unstripped_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} \| sha256sum \| head -c 64)"
	cosign sign -y "quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${docker_build_ci_master_unstripped_sbom_digest}"

	- name: CI Image Releases digests
	if: ${{ github.event_name != 'pull_request_target' }}
	shell: bash
	run: \|
	mkdir -p image-digest/
	echo "quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:latest@${{ steps.docker_build_ci_master.outputs.digest }}" > image-digest/${{ matrix.name }}.txt
	echo "quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:latest-race@${{ steps.docker_build_ci_master_detect_race_condition.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt
	echo "quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:latest-unstripped@${{ steps.docker_build_ci_master_unstripped.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt
	echo "quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_ci_master.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt
	echo "quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-race@${{ steps.docker_build_ci_master_detect_race_condition.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt
	echo "quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-unstripped@${{ steps.docker_build_ci_master_unstripped.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt

	# PR updates
	- name: CI Build ${{ matrix.name }}
	if: ${{ github.event_name == 'pull_request_target' }}
	uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4.0.0
	id: docker_build_ci_pr
	with:
	provenance: false
	context: .
	file: ${{ matrix.dockerfile }}
	push: true
	platforms: linux/amd64,linux/arm64
	tags: \|
	quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}
	target: release
	build-args: \|
	OPERATOR_VARIANT=${{ matrix.name }}

	- name: CI race detection Build ${{ matrix.name }}
	if: ${{ github.event_name == 'pull_request_target' }}
	uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4.0.0
	id: docker_build_ci_pr_detect_race_condition
	with:
	provenance: false
	context: .
	file: ${{ matrix.dockerfile }}
	push: true
	platforms: linux/amd64
	tags: \|
	quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-race
	target: release
	build-args: \|
	BASE_IMAGE=quay.io/cilium/cilium-runtime:fe3fe058796057d2a089fac72a6a7afdf6b31435@sha256:d3f15d63ba73529963a3e9b5b2ff737f5638fc7a33819ac5380e72f2af7b4642
	LOCKDEBUG=1
	RACE=1
	OPERATOR_VARIANT=${{ matrix.name }}

	- name: CI Unstripped Binaries Build ${{ matrix.name }}
	if: ${{ github.event_name == 'pull_request_target' }}
	uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4.0.0
	id: docker_build_ci_pr_unstripped
	with:
	provenance: false
	context: .
	file: ${{ matrix.dockerfile }}
	push: true
	platforms: linux/amd64
	tags: \|
	quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-unstripped
	target: release
	build-args: \|
	NOSTRIP=1
	OPERATOR_VARIANT=${{ matrix.name }}

	- name: Sign Container Images
	if: ${{ github.event_name == 'pull_request_target' }}
	env:
	COSIGN_EXPERIMENTAL: "true"
	run: \|
	cosign sign -y quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_pr.outputs.digest }}
	cosign sign -y quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_pr_detect_race_condition.outputs.digest }}
	cosign sign -y quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_pr_unstripped.outputs.digest }}

	- name: Generate SBOM
	if: ${{ github.event_name == 'pull_request_target' }}
	shell: bash
	# To-Do: generate SBOM from source after https://github.com/kubernetes-sigs/bom/issues/202 is fixed
	# To-Do: format SBOM output to json after cosign v2.0 is released with https://github.com/sigstore/cosign/pull/2479
	run: \|
	bom generate -o sbom_ci_pr_${{ matrix.name }}_${{ steps.tag.outputs.tag }}.spdx \
	--image=quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}
	bom generate -o sbom_ci_pr_race_${{ matrix.name }}_${{ steps.tag.outputs.tag }}.spdx \
	--image=quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-race
	bom generate -o sbom_ci_pr_unstripped_${{ matrix.name }}_${{ steps.tag.outputs.tag }}.spdx \
	--image=quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-unstripped

	- name: Attach SBOM to Container Images
	if: ${{ github.event_name == 'pull_request_target' }}
	run: \|
	cosign attach sbom --sbom sbom_ci_pr_${{ matrix.name }}_${{ steps.tag.outputs.tag }}.spdx quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_pr.outputs.digest }}
	cosign attach sbom --sbom sbom_ci_pr_race_${{ matrix.name }}_${{ steps.tag.outputs.tag }}.spdx quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_pr_detect_race_condition.outputs.digest }}
	cosign attach sbom --sbom sbom_ci_pr_unstripped_${{ matrix.name }}_${{ steps.tag.outputs.tag }}.spdx quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_pr_unstripped.outputs.digest }}

	- name: Sign SBOM Images
	if: ${{ github.event_name == 'pull_request_target' }}
	env:
	COSIGN_EXPERIMENTAL: "true"
	run: \|
	docker_build_ci_pr_digest="${{ steps.docker_build_ci_pr.outputs.digest }}"
	image_name="quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${docker_build_ci_pr_digest/:/-}.sbom"
	docker_build_ci_pr_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} \| sha256sum \| head -c 64)"
	cosign sign -y "quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${docker_build_ci_pr_sbom_digest}"

	docker_build_ci_pr_detect_race_condition_digest="${{ steps.docker_build_ci_pr_detect_race_condition.outputs.digest }}"
	image_name="quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${docker_build_ci_pr_detect_race_condition_digest/:/-}.sbom"
	docker_build_ci_pr_detect_race_condition_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} \| sha256sum \| head -c 64)"
	cosign sign -y "quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${docker_build_ci_pr_detect_race_condition_sbom_digest}"

	docker_build_ci_pr_unstripped_digest="${{ steps.docker_build_ci_pr_unstripped.outputs.digest }}"
	image_name="quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${docker_build_ci_pr_unstripped_digest/:/-}.sbom"
	docker_build_ci_pr_unstripped_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} \| sha256sum \| head -c 64)"
	cosign sign -y "quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${docker_build_ci_pr_unstripped_sbom_digest}"

	- name: CI Image Releases digests
	if: ${{ github.event_name == 'pull_request_target' }}
	shell: bash
	run: \|
	mkdir -p image-digest/
	echo "quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_ci_pr.outputs.digest }}" > image-digest/${{ matrix.name }}.txt
	echo "quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-race@${{ steps.docker_build_ci_pr_detect_race_condition.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt
	echo "quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-unstripped@${{ steps.docker_build_ci_pr_unstripped.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt

	# Upload artifact digests
	- name: Upload artifact digests
	uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
	with:
	name: image-digest ${{ matrix.name }}
	path: image-digest
	retention-days: 1

	# Store docker's golang's cache build locally only on the main branch
	- name: Store ${{ matrix.name }} Golang cache build locally
	if: ${{ github.event_name != 'pull_request_target' && steps.cache.outputs.cache-hit != 'true' }}
	uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4.0.0
	with:
	provenance: false
	context: .
	file: ./images/cache/Dockerfile
	push: false
	outputs: type=local,dest=/tmp/docker-cache-${{ matrix.name }}
	platforms: linux/amd64
	target: export-cache

	# Store docker's golang's cache build locally only on the main branch
	- name: Store ${{ matrix.name }} Golang cache in GitHub cache path
	if: ${{ github.event_name != 'pull_request_target' && steps.cache.outputs.cache-hit != 'true' }}
	shell: bash
	run: \|
	mkdir -p /tmp/.cache/${{ matrix.name }}/
	if [ -f /tmp/docker-cache-${{ matrix.name }}/tmp/go-build-cache.tar.gz ]; then
	cp /tmp/docker-cache-${{ matrix.name }}/tmp/go-build-cache.tar.gz /tmp/.cache/${{ matrix.name }}/
	fi
	if [ -f /tmp/docker-cache-${{ matrix.name }}/tmp/go-pkg-cache.tar.gz ]; then
	cp /tmp/docker-cache-${{ matrix.name }}/tmp/go-pkg-cache.tar.gz /tmp/.cache/${{ matrix.name }}/
	fi

	image-digests:
	if: ${{ always() }}
	name: Display Digests
	runs-on: ubuntu-20.04
	needs: build-and-push-prs
	steps:
	- name: Downloading Image Digests
	shell: bash
	run: \|
	mkdir -p image-digest/

	- name: Download digests of all images built
	uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
	with:
	path: image-digest/

	- name: Image Digests Output
	shell: bash
	run: \|
	cd image-digest/
	find -type f \| sort \| xargs -d '\n' cat

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Image CI Build #59

Workflow file

Image CI Build #59

Jobs

Run details

Workflow file for this run