Skip to content

Commit

Permalink
chore(ci): fixup CI (#390)
Browse files Browse the repository at this point in the history 
Somehow #375 merged with very broken CI. This should fix the build at least. Not sure about the merge weirdness.

Force merging because the build workflow is totally broken right now without this.
  • Loading branch information
@bsherman
bsherman authored Oct 12, 2023
1 parent 4bec2a4 commit fbc230d
Showing 1 changed file with 11 additions and 38 deletions.
49 changes: 11 additions & 38 deletions .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,7 @@ jobs:
# Generate image metadata
- name: Image Metadata
uses: docker/metadata-action@v5
id: meta-main
id: meta
with:
images: |
${{ env.IMAGE_NAME }}
Expand All @@ -167,7 +167,7 @@ jobs:
# Build image using Buildah action
- name: Build Image
id: build_image-main
id: build_image
uses: redhat-actions/buildah-build@v2
with:
containerfiles: |
Expand All @@ -179,7 +179,7 @@ jobs:
IMAGE_NAME=${{ matrix.image_name }}
SOURCE_IMAGE=${{ env.SOURCE_IMAGE }}
FEDORA_MAJOR_VERSION=${{ matrix.major_version }}
labels: ${{ steps.meta-main.outputs.labels }}
labels: ${{ steps.meta.outputs.labels }}
oci: false
extra-args: |
--target=${{ matrix.build_target }}
Expand All @@ -192,33 +192,16 @@ jobs:
with:
string: ${{ env.IMAGE_REGISTRY }}

# Push the image to GHCR (Image Registry)
- name: Push Base To GHCR
- name: Push To GHCR
uses: redhat-actions/push-to-registry@v2
id: push-base
id: push
if: github.event_name != 'pull_request'
env:
REGISTRY_USER: ${{ github.actor }}
REGISTRY_PASSWORD: ${{ github.token }}
with:
image: ${{ steps.build_image-base.outputs.image }}
tags: ${{ steps.build_image-base.outputs.tags }}
registry: ${{ steps.registry_case.outputs.lowercase }}
username: ${{ env.REGISTRY_USER }}
password: ${{ env.REGISTRY_PASSWORD }}
extra-args: |
--disable-content-trust
- name: Push Main To GHCR
uses: redhat-actions/push-to-registry@v2
id: push-main
if: github.event_name != 'pull_request'
env:
REGISTRY_USER: ${{ github.actor }}
REGISTRY_PASSWORD: ${{ github.token }}
with:
image: ${{ steps.build_image-main.outputs.image }}
tags: ${{ steps.build_image-main.outputs.tags }}
image: ${{ steps.build_image.outputs.image }}
tags: ${{ steps.build_image.outputs.tags }}
registry: ${{ steps.registry_case.outputs.lowercase }}
username: ${{ env.REGISTRY_USER }}
password: ${{ env.REGISTRY_PASSWORD }}
Expand All @@ -237,29 +220,19 @@ jobs:
- uses: sigstore/[email protected]
if: github.event_name != 'pull_request'

- name: Sign Base container image
if: github.event_name != 'pull_request'
run: |
cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image-base.outputs.image }}@${TAGS}
env:
TAGS: ${{ steps.push-base.outputs.digest }}
COSIGN_EXPERIMENTAL: false
COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}

- name: Sign Main container image
- name: Sign container image
if: github.event_name != 'pull_request'
run: |
cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image-main.outputs.image }}@${TAGS}
cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image.outputs.image }}@${TAGS}
env:
TAGS: ${{ steps.push-main.outputs.digest }}
TAGS: ${{ steps.push.outputs.digest }}
COSIGN_EXPERIMENTAL: false
COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}

- name: Echo outputs
if: github.event_name != 'pull_request'
run: |
echo "${{ toJSON(steps.push-base.outputs) }}"
echo "${{ toJSON(steps.push-main.outputs) }}"
echo "${{ toJSON(steps.push.outputs) }}"
check:
name: Check all builds successful
Expand Down

0 comments on commit fbc230d

Please sign in to comment.