Build images #36

	name: Build images

	on:
	push:
	branches: [main]
	schedule:
	- cron: '0 2 * * *'
	workflow_dispatch:

	jobs:
	build:
	strategy:
	matrix:
	image:
	- silverblue-nvidia
	runs-on: ubuntu-latest
	permissions:
	contents: read
	packages: write
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Extract tag
	run: \|
	echo TAG=$(./tag.sh) >> $GITHUB_ENV
	echo TIMESTAMP=$(date +%Y%m%d) >> $GITHUB_ENV
	working-directory: images/${{ matrix.image }}

	- name: Extract metadata (tags, labels) for Docker
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: ghcr.io/${{ github.repository }}/${{ matrix.image }}
	tags: ${{ env.TAG }}
	labels: \|
	org.opencontainers.image.version=${{ env.TAG }}.${{ env.TIMESTAMP }}

	- name: Build image
	uses: redhat-actions/buildah-build@v2
	with:
	context: images/${{ matrix.image }}
	containerfiles: images/${{ matrix.image }}/Containerfile
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	oci: false

	- name: Push image
	id: push
	uses: redhat-actions/push-to-registry@v2
	with:
	tags: ${{ steps.meta.outputs.tags }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Log in to the Container registry
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- uses: sigstore/[email protected]

	- name: Sign container image
	run: cosign sign -y --key env://COSIGN_PRIVATE_KEY ghcr.io/${{ github.repository }}/${{ matrix.image }}@${{ steps.push.outputs.digest }}
	env:
	COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}

Provide feedback