Skip to content

Bump actions/checkout from 4.1.6 to 4.1.7 #144

Bump actions/checkout from 4.1.6 to 4.1.7

Bump actions/checkout from 4.1.6 to 4.1.7 #144

name: Proxy-init release
on:
pull_request:
paths:
- .github/workflows/release-proxy-init.yml
push:
tags: ["proxy-init/v*"]
permissions:
contents: read
jobs:
meta:
timeout-minutes: 3
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- uses: ./.github/actions/version-mode
id: meta
with:
package: proxy-init
outputs:
repo: ${{ steps.meta.outputs.repo }}
mode: ${{ steps.meta.outputs.mode }}
version: ${{ steps.meta.outputs.version }}
docker-publish:
needs: meta
runs-on: ubuntu-latest
timeout-minutes: 10
permissions:
id-token: write # needed for signing the images with GitHub OIDC token
steps:
# Build multi-arch docker images for proxy-init:
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9
with:
path: ${{ runner.temp }}/.buildx-cache
key: proxy-init-${{ needs.meta.outputs.mode }}-${{ needs.meta.outputs.version }}
restore-keys: proxy-init-${{ needs.meta.outputs.mode }}-
- uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3
- uses: linkerd/dev/actions/setup-tools@v43
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- run: |
just proxy-init-image='${{ needs.meta.outputs.repo }}:${{ needs.meta.outputs.version }}' \
build-proxy-init-image \
--cache-from type=local,src="$RUNNER_TEMP/.buildx-cache" \
--cache-to type=local,dest="$RUNNER_TEMP/.buildx-cache",mode=max \
--platform linux/amd64,linux/arm64,linux/arm/v7
- run: just-dev prune-action-cache "$RUNNER_TEMP/.buildx-cache"
# Only publish images on release
- if: needs.meta.outputs.mode == 'release'
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446
with:
registry: ghcr.io
username: ${{ secrets.DOCKER_GHCR_USERNAME }}
password: ${{ secrets.DOCKER_GHCR_PAT }}
- if: needs.meta.outputs.mode == 'release'
run: |
just proxy-init-image='${{ needs.meta.outputs.repo }}:${{ needs.meta.outputs.version }}' \
build-proxy-init-image \
--cache-from type=local,src="$RUNNER_TEMP/.buildx-cache" \
--cache-to type=local,dest="$RUNNER_TEMP/.buildx-cache",mode=max \
--platform linux/amd64,linux/arm64,linux/arm/v7 \
--output type=registry
- if: needs.meta.outputs.mode == 'release'
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20
- if: needs.meta.outputs.mode == 'release'
run: cosign sign -y "${{ needs.meta.outputs.repo }}:${{ needs.meta.outputs.version }}"
env:
COSIGN_EXPERIMENTAL: 1
github:
needs: [meta, docker-publish]
timeout-minutes: 5
permissions:
contents: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- if: needs.meta.outputs.mode == 'release'
uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87
with:
name: proxy-init ${{ needs.meta.outputs.version }}