Bump the minor-patch group with 2 updates #261
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: End-to-End Testing | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| - 'releases/*' | |
| permissions: {} | |
| jobs: | |
| e2e-oci: | |
| name: Publish/Verify (Container Image) | |
| runs-on: ubuntu-latest | |
| permissions: | |
| attestations: write | |
| contents: read | |
| id-token: write | |
| services: | |
| registry: | |
| image: registry@sha256:860f379a011eddfab604d9acfe3cf50b2d6e958026fb0f977132b0b083b1a3d7 # 2.8.3 | |
| ports: | |
| - 5000:5000 | |
| env: | |
| REGISTRY: localhost:5000 | |
| IMAGE_NAME: test | |
| IMAGE_TAG: latest | |
| steps: | |
| - name: Checkout | |
| id: checkout | |
| uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 | |
| - name: Build Dockerfile | |
| run: | | |
| cat <<EOF > Dockerfile | |
| FROM scratch | |
| COPY README.md . | |
| EOF | |
| - name: Build and push container image | |
| id: push | |
| uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} | |
| - name: Attest image | |
| id: attest-action | |
| uses: ./ | |
| with: | |
| subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| subject-digest: ${{ steps.push.outputs.digest }} | |
| - name: Verify attestation | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| gh attestation verify oci://${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} -R ${{ github.repository }} |