Fetch digests first #669
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build, Test, Publish | |
on: | |
push: | |
permissions: | |
contents: read | |
defaults: | |
run: | |
# Setting an explicit bash shell ensures GitHub Actions enables pipefail mode too, rather | |
# than only error on exit. This is important for UX since this workflow uses pipes. See: | |
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsshell | |
shell: bash | |
jobs: | |
publish: | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Install crane | |
uses: buildpacks/github-actions/[email protected] | |
- name: Log into internal registry | |
run: | | |
REGISTRY_TOKEN=$( | |
curl -sSf --retry 3 --retry-delay 1 --retry-all-errors --connect-timeout 3 \ | |
-X POST -d '{"username":"${{ secrets.SERVICE_TOKEN_USER_NAME }}", "password":"${{ secrets.SERVICE_TOKEN_PASSWORD }}"}' \ | |
'${{ secrets.SERVICE_TOKEN_ENDPOINT }}' \ | |
| jq --exit-status -r '.raw_id_token' | |
) | |
echo "${REGISTRY_TOKEN}" | docker login '${{ secrets.REGISTRY_HOST }}' -u '${{ secrets.REGISTRY_USER }}' --password-stdin | |
- name: Fetch digests of unused internal images | |
run: | | |
set -x | |
crane digest --full-ref '${{ secrets.REGISTRY_HOST }}/s/${{ secrets.SERVICE_TOKEN_USER_NAME }}/heroku-18:builder' | |
crane digest --full-ref '${{ secrets.REGISTRY_HOST }}/s/${{ secrets.SERVICE_TOKEN_USER_NAME }}/heroku-18:build' | |
crane digest --full-ref '${{ secrets.REGISTRY_HOST }}/s/${{ secrets.SERVICE_TOKEN_USER_NAME }}/heroku-18:run' | |
crane digest --full-ref '${{ secrets.REGISTRY_HOST }}/s/${{ secrets.SERVICE_TOKEN_USER_NAME }}/heroku-20:builder' | |
crane digest --full-ref '${{ secrets.REGISTRY_HOST }}/s/${{ secrets.SERVICE_TOKEN_USER_NAME }}/heroku-20:build' | |
crane digest --full-ref '${{ secrets.REGISTRY_HOST }}/s/${{ secrets.SERVICE_TOKEN_USER_NAME }}/heroku-20:run' | |
crane digest --full-ref '${{ secrets.REGISTRY_HOST }}/s/${{ secrets.SERVICE_TOKEN_USER_NAME }}/heroku-22:builder' | |
crane digest --full-ref '${{ secrets.REGISTRY_HOST }}/s/${{ secrets.SERVICE_TOKEN_USER_NAME }}/heroku-22:build' | |
crane digest --full-ref '${{ secrets.REGISTRY_HOST }}/s/${{ secrets.SERVICE_TOKEN_USER_NAME }}/heroku-22:run' |