chore: main from bluefin-dev (#12) #33
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Push Image (Using Docker buildx) | |
| on: | |
| merge_group: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: '40 14 * * *' # 14:30 UTC everyday (2:30 PM UTC everyday) (8:30 AM CST everyday) | |
| pull_request: | |
| branches: | |
| - main | |
| - testing | |
| paths-ignore: | |
| - '**.md' | |
| push: | |
| branches: | |
| - main | |
| - testing | |
| tags: | |
| - "v*.*.*" | |
| paths-ignore: | |
| - '**.md' | |
| concurrency: | |
| cancel-in-progress: true | |
| group: ${{ github.workflow }}-${{ github.ref || github.run_id }} | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| IMAGE_FLAVOR: asus | |
| AKMODS_FLAVOR: asus | |
| IMAGE_NAME: orora-asus | |
| IMAGE_BASE_NAME: orora | |
| PROJECT_ID: 5rkt16xwr1 | |
| IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} | |
| jobs: | |
| push-ghcr: | |
| name: Build using Docker Buildx | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| base_name: [orora] | |
| major_version: [39] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up Depot CLI | |
| uses: depot/setup-action@v1 | |
| - name: Set up QEMU | |
| timeout-minutes: 1 | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| buildkitd-flags: --debug | |
| - name: Check just syntax | |
| uses: ublue-os/just-action@v1 | |
| - name: Verify base image | |
| uses: EyeCantCU/cosign-action/[email protected] | |
| with: | |
| containers: silverblue-${{ env.IMAGE_FLAVOR }}:${{ matrix.major_version }} | |
| - name: Verify Chainguard images | |
| uses: EyeCantCU/cosign-action/[email protected] | |
| with: | |
| registry: cgr.dev/chainguard | |
| containers: dive, flux, helm, ko, minio, kubectl | |
| oidc-issuer: https://token.actions.githubusercontent.com | |
| cert-identity: https://github.com/chainguard-images/images/.github/workflows/release.yaml@refs/heads/main | |
| - name: Maximize build space | |
| uses: ublue-os/remove-unwanted-software@v6 | |
| - name: Get Current Fedora Version | |
| id: labels | |
| shell: bash | |
| run: | | |
| set -eo pipefail | |
| ver=$(skopeo inspect docker://ghcr.io/ublue-os/silverblue-${{ env.IMAGE_FLAVOR }}:${{ matrix.major_version }} | jq -r '.Labels["org.opencontainers.image.version"]') | |
| if [ -z "$ver" ] || [ "null" = "$ver" ]; then | |
| echo "inspected image version must not be empty or null" | |
| exit 1 | |
| fi | |
| echo "VERSION=$ver" >> $GITHUB_OUTPUT | |
| # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. | |
| # https://github.com/macbre/push-to-ghcr/issues/12 | |
| - name: Lowercase Registry | |
| id: registry_case | |
| uses: ASzc/change-string-case-action@v6 | |
| with: | |
| string: ${{ env.IMAGE_REGISTRY }} | |
| - name: Image Metadata | |
| uses: docker/metadata-action@v5 | |
| id: meta | |
| with: | |
| flavor: | | |
| latest=true | |
| images: | | |
| ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }} | |
| labels: | | |
| org.opencontainers.image.title=${{ env.IMAGE_NAME }} | |
| org.opencontainers.image.version=${{ steps.labels.outputs.VERSION }} | |
| org.opencontainers.image.description=An interpretation of the Ubuntu spirit built on Fedora technology | |
| io.artifacthub.package.readme-url=https://raw.githubusercontent.com/bayou-brogrammer/bluefin/main/README.md | |
| io.artifacthub.package.logo-url=https://raw.githubusercontent.com/bayou-brogrammer/bluefin/main/assets/4-design/variant5.png | |
| # generate Docker tags based on the following events/attributes | |
| tags: | | |
| type=sha | |
| type=ref,event=branch | |
| type=schedule,pattern=nightly | |
| type=semver,pattern={{version}} | |
| - name: Login to GitHub Container Registry | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push | |
| id: build_push | |
| uses: depot/build-push-action@v1 | |
| with: | |
| buildx-fallback: true | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| project: ${{ env.PROJECT_ID }} | |
| target: ${{ env.IMAGE_BASE_NAME }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| token: ${{ secrets.DEPOT_PROJECT_TOKEN }} | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: | | |
| ${{ steps.meta.outputs.tags }} | |
| build-args: | | |
| IMAGE_NAME=${{ env.IMAGE_NAME }} | |
| AKMODS_FLAVOR=${{ env.AKMODS_FLAVOR }} | |
| IMAGE_FLAVOR=${{ env.IMAGE_FLAVOR }} | |
| IMAGE_VENDOR=${{ github.repository_owner }} | |
| FEDORA_MAJOR_VERSION=${{ matrix.major_version }} | |
| - uses: sigstore/[email protected] | |
| if: github.event_name != 'pull_request' | |
| - name: Sign container image | |
| if: github.event_name != 'pull_request' | |
| run: | | |
| cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}@${TAGS} | |
| env: | |
| COSIGN_EXPERIMENTAL: false | |
| TAGS: ${{ steps.build_push.outputs.digest }} | |
| COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }} | |
| - name: Echo outputs | |
| if: github.event_name != 'pull_request' | |
| # echo "${{ toJSON(steps.build_push.outputs) }}" | |
| run: | | |
| echo "${{ steps.build_push.outputs }}" | |
| check: | |
| name: Check all builds successful | |
| if: ${{ !cancelled() }} | |
| runs-on: ubuntu-latest | |
| needs: [push-ghcr] | |
| steps: | |
| - name: Exit on failure | |
| if: ${{ needs.push-ghcr.result == 'failure' }} | |
| shell: bash | |
| run: exit 1 | |
| - name: Exit | |
| shell: bash | |
| run: exit 0 |