Build and publish Docker images and Maven artifacts #4
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and publish Docker images and Maven artifacts | |
on: | |
release: | |
types: [published] | |
env: | |
REGISTRY: ghcr.io | |
REPOSITORY_OWNER: ${{ github.repository_owner }} | |
jobs: | |
build-and-push-image: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v2 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
- name: Log in to the Container registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
with: | |
buildkitd-flags: --debug | |
- name: Prepare required files | |
run: ./gradlew clean build | |
- name: downcase NAMESPACE | |
run: | | |
echo "NAMESPACE=${REPOSITORY_OWNER,,}" >>${GITHUB_ENV} | |
- name: Docker "connector" meta | |
id: connector-meta | |
uses: docker/metadata-action@v4 | |
with: | |
images: ${{ env.REGISTRY }}/${{ env.NAMESPACE }}/connector | |
tags: | | |
type=raw,value=latest,enable={{is_default_branch}} | |
${{ github.ref_name }} | |
- name: Install Cosign | |
uses: sigstore/cosign-installer@main | |
- name: Write signing key to disk | |
run: echo "${{ secrets.SIGNING_SECRET }}" > cosign.key | |
- name: Build and push "connector" | |
id: build-and-push-connector | |
uses: docker/build-push-action@v4 | |
with: | |
context: ./connector | |
file: ./connector/Dockerfile | |
push: true | |
tags: ${{ steps.connector-meta.outputs.tags }} | |
labels: ${{ steps.connector-meta.outputs.labels }} | |
- name: Sign "connector" image | |
run: | | |
cosign sign -y --key cosign.key \ | |
${{ env.REGISTRY }}/${{ env.NAMESPACE }}/connector@${{ github.ref_name }}.sig | |
env: | |
COSIGN_PASSWORD: ${{ secrets.SIGNING_SECRET_PASSWORD }} | |
- name: Docker "connector-persistence" meta | |
id: connector-persistence-meta | |
uses: docker/metadata-action@v4 | |
with: | |
images: ${{ env.REGISTRY }}/${{ env.NAMESPACE }}/connector | |
tags: | | |
type=raw,value=persistence-latest,enable={{is_default_branch}} | |
${{ github.ref_name }}-persistence | |
- name: Build and push "connector-persistence" | |
id: build-and-push-connector-persistence | |
uses: docker/build-push-action@v4 | |
with: | |
context: ./connector-persistence | |
file: ./connector-persistence/Dockerfile | |
push: true | |
tags: ${{ steps.connector-persistence-meta.outputs.tags }} | |
labels: ${{ steps.connector-persistence-meta.outputs.labels }} | |
- name: Sign "connector-persistence" image | |
run: | | |
cosign sign -y --key cosign.key \ | |
${{ env.REGISTRY }}/${{ env.NAMESPACE }}/connector@${{ github.ref_name }}-persistence.sig | |
env: | |
COSIGN_PASSWORD: ${{ secrets.SIGNING_SECRET_PASSWORD }} | |
build-and-publish-artifacts: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v2 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
- name: Build project | |
run: ./gradlew clean build | |
- name: Publish artifacts to GitHub Packages | |
run: | | |
./gradlew -PextensionsVersion=${{ github.ref_name }} \ | |
-Pgithub_owner=${{ github.repository_owner }} \ | |
-Pgithub_repo=edc-ionos-s3 publish \ | |
-Dorg.gradle.project.gitHubUser=${{ github.actor }} \ | |
-Dorg.gradle.project.gitHubToken=${{ secrets.GITHUB_TOKEN }} |