Skip to content

Fetch digests first #669

Fetch digests first

Fetch digests first #669

name: Build, Test, Publish
on:
push:
permissions:
contents: read
defaults:
run:
# Setting an explicit bash shell ensures GitHub Actions enables pipefail mode too, rather
# than only error on exit. This is important for UX since this workflow uses pipes. See:
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsshell
shell: bash
jobs:
publish:
runs-on: ubuntu-22.04
steps:
- name: Install crane
uses: buildpacks/github-actions/[email protected]
- name: Log into internal registry
run: |
REGISTRY_TOKEN=$(
curl -sSf --retry 3 --retry-delay 1 --retry-all-errors --connect-timeout 3 \
-X POST -d '{"username":"${{ secrets.SERVICE_TOKEN_USER_NAME }}", "password":"${{ secrets.SERVICE_TOKEN_PASSWORD }}"}' \
'${{ secrets.SERVICE_TOKEN_ENDPOINT }}' \
| jq --exit-status -r '.raw_id_token'
)
echo "${REGISTRY_TOKEN}" | docker login '${{ secrets.REGISTRY_HOST }}' -u '${{ secrets.REGISTRY_USER }}' --password-stdin
- name: Fetch digests of unused internal images
run: |
set -x
crane digest --full-ref '${{ secrets.REGISTRY_HOST }}/s/${{ secrets.SERVICE_TOKEN_USER_NAME }}/heroku-18:builder'
crane digest --full-ref '${{ secrets.REGISTRY_HOST }}/s/${{ secrets.SERVICE_TOKEN_USER_NAME }}/heroku-18:build'
crane digest --full-ref '${{ secrets.REGISTRY_HOST }}/s/${{ secrets.SERVICE_TOKEN_USER_NAME }}/heroku-18:run'
crane digest --full-ref '${{ secrets.REGISTRY_HOST }}/s/${{ secrets.SERVICE_TOKEN_USER_NAME }}/heroku-20:builder'
crane digest --full-ref '${{ secrets.REGISTRY_HOST }}/s/${{ secrets.SERVICE_TOKEN_USER_NAME }}/heroku-20:build'
crane digest --full-ref '${{ secrets.REGISTRY_HOST }}/s/${{ secrets.SERVICE_TOKEN_USER_NAME }}/heroku-20:run'
crane digest --full-ref '${{ secrets.REGISTRY_HOST }}/s/${{ secrets.SERVICE_TOKEN_USER_NAME }}/heroku-22:builder'
crane digest --full-ref '${{ secrets.REGISTRY_HOST }}/s/${{ secrets.SERVICE_TOKEN_USER_NAME }}/heroku-22:build'
crane digest --full-ref '${{ secrets.REGISTRY_HOST }}/s/${{ secrets.SERVICE_TOKEN_USER_NAME }}/heroku-22:run'