publish-ghcr #7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: publish-ghcr | |
| on: | |
| push: | |
| tags: | |
| - v* | |
| schedule: | |
| - cron: '30 8 * * 0' # early morning (08:30 UTC) every Sunday | |
| workflow_dispatch: | |
| permissions: read-all | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| packages: write | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac | |
| - name: prepare | |
| id: prepare | |
| run: | | |
| VERSION=${GITHUB_REF#refs/*/} | |
| BRANCH_NAME=${GITHUB_REF#refs/heads/} | |
| DATE=$(date +'%Y%m%d') | |
| COMMIT=${{ github.sha }} | |
| REPOSITORY=ghcr.io/${{ github.repository }} | |
| REPOSITORYBASE=ghcr.io/${{ github.repository }}-base | |
| REPOSITORYCRD=ghcr.io/${{ github.repository }}-crds | |
| if [[ "${VERSION}" == "${BRANCH_NAME}" ]]; then | |
| VERSION=$(git rev-parse --short HEAD) | |
| fi | |
| if [[ "${{ github.event_name }}" == "workflow_dispatch" || "${{ github.event_name }}" == "schedule" ]]; then | |
| VERSION=dev.${DATE}.${COMMIT:0:7} | |
| REPOSITORY=${REPOSITORY}-dev | |
| REPOSITORYBASE=${REPOSITORYBASE}-dev | |
| REPOSITORYCRD=${REPOSITORYCRD}-dev | |
| fi | |
| echo ::set-output name=version::${VERSION} | |
| echo ::set-output name=ref::${REPOSITORY}:${VERSION} | |
| echo ::set-output name=baseref::${REPOSITORYBASE}:${VERSION} | |
| echo ::set-output name=crdref::${REPOSITORYCRD}:${VERSION} | |
| - name: Get tag | |
| run: | | |
| echo "TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV | |
| - name: docker login | |
| uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: docker build ratify-crds | |
| run: | | |
| docker buildx create --use | |
| docker buildx build --build-arg KUBE_VERSION="1.25.4" -f crd.Dockerfile --platform linux/amd64,linux/arm64,linux/arm/v7 --label org.opencontainers.image.revision=${{ github.sha }} -t ${{ steps.prepare.outputs.crdref }} --push ./charts/ratify/crds | |
| - name: docker build ratify base | |
| run: | | |
| docker buildx create --use | |
| docker buildx build -f ./httpserver/Dockerfile \ | |
| --platform linux/amd64,linux/arm64,linux/arm/v7 \ | |
| --build-arg LDFLAGS="-X github.com/deislabs/ratify/internal/version.Version=$(TAG)" \ | |
| --label org.opencontainers.image.revision=${{ github.sha }} \ | |
| -t ${{ steps.prepare.outputs.baseref }} \ | |
| --push . | |
| - name: docker build ratify with plugin | |
| run: | | |
| docker buildx create --use | |
| docker buildx build -f ./httpserver/Dockerfile \ | |
| --platform linux/amd64,linux/arm64,linux/arm/v7 \ | |
| --build-arg build_cosign=true \ | |
| --build-arg build_sbom=true \ | |
| --build-arg build_licensechecker=true \ | |
| --build-arg build_schemavalidator=true \ | |
| --build-arg LDFLAGS="-X github.com/deislabs/ratify/internal/version.Version=$(TAG)" \ | |
| --label org.opencontainers.image.revision=${{ github.sha }} \ | |
| -t ${{ steps.prepare.outputs.ref }} \ | |
| --push . | |
| - name: clear | |
| if: always() | |
| run: | | |
| rm -f ${HOME}/.docker/config.json |