From 547d75f3d330111e3f02d6c8adcd9873ee74bc4d Mon Sep 17 00:00:00 2001 From: "Jorge O. Castro" Date: Mon, 13 May 2024 07:08:35 -0600 Subject: [PATCH] chore(ci): build powerrshell --- .github/workflows/build-powershell.yml | 118 +++++++++++++++++++++++++ 1 file changed, 118 insertions(+) create mode 100644 .github/workflows/build-powershell.yml diff --git a/.github/workflows/build-powershell.yml b/.github/workflows/build-powershell.yml new file mode 100644 index 0000000..d2437c6 --- /dev/null +++ b/.github/workflows/build-powershell.yml @@ -0,0 +1,118 @@ +name: Build and Push Powershell Toolbox Image +on: + schedule: + - cron: '0 6,18 * * *' # 6am and 6pm every day + pull_request: + merge_group: + workflow_dispatch: +env: + IMAGE_TAGS: latest + IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} + +concurrency: + group: ${{ github.workflow }}-${{ github.ref || github.run_id }} + cancel-in-progress: true + +jobs: + push-ghcr: + name: Build and push image + runs-on: ubuntu-22.04 + permissions: + contents: read + packages: write + id-token: write + strategy: + fail-fast: false + matrix: + image_name: ["powershell-toolbox"] + steps: + # Checkout push-to-registry action GitHub repository + - name: Checkout Push to Registry action + uses: actions/checkout@v4 + + - name: Verify base image + uses: EyeCantCU/cosign-action/verify@v0.2.2 + with: + containers: wolfi-base + cert-identity: https://github.com/chainguard-images/images/.github/workflows/release.yaml@refs/heads/main + oidc-issuer: https://token.actions.githubusercontent.com + registry: cgr.dev/chainguard + + # Build metadata + - name: Image Metadata + uses: docker/metadata-action@v5 + id: meta + with: + images: | + ${{ matrix.image_name }} + labels: | + io.artifacthub.package.readme-url=https://raw.githubusercontent.com/ublue-os/boxkit/main/README.md + + # Maximize build space for DX + - name: Maximize build space + uses: ublue-os/remove-unwanted-software@v6 + if: matrix.image_name == 'wolfi-dx-toolbox' + + # Build image using Buildah action + - name: Build Image + id: build_image + uses: redhat-actions/buildah-build@v2 + with: + containerfiles: | + ./toolboxes/wolfi-toolbox/Containerfile.wolfi + image: ${{ matrix.image_name }} + tags: ${{ env.IMAGE_TAGS }} + build-args: | + IMAGE_NAME=${{ matrix.image_name }} + labels: ${{ steps.meta.outputs.labels }} + oci: false + + # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. + # https://github.com/macbre/push-to-ghcr/issues/12 + - name: Lowercase Registry + id: registry_case + uses: ASzc/change-string-case-action@v6 + with: + string: ${{ env.IMAGE_REGISTRY }} + + # Push the image to GHCR (Image Registry) + - name: Push To GHCR + uses: redhat-actions/push-to-registry@v2 + if: github.event_name != 'pull_request' + id: push + env: + REGISTRY_USER: ${{ github.actor }} + REGISTRY_PASSWORD: ${{ github.token }} + with: + image: ${{ steps.build_image.outputs.image }} + tags: ${{ steps.build_image.outputs.tags }} + registry: ${{ steps.registry_case.outputs.lowercase }} + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY_PASSWORD }} + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + if: github.event_name != 'pull_request' + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # Sign container + - uses: sigstore/cosign-installer@v3.5.0 + if: github.event_name != 'pull_request' + + - name: Sign container image + if: github.event_name != 'pull_request' + run: | + echo "${{ env.COSIGN_PRIVATE_KEY }}" > cosign.key + wc -c cosign.key + cosign sign -y --key cosign.key ${{ steps.registry_case.outputs.lowercase }}/${{ matrix.image_name }}@${TAGS} + env: + TAGS: ${{ steps.push.outputs.digest }} + COSIGN_EXPERIMENTAL: false + COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }} + + - name: Echo outputs + run: | + echo "${{ toJSON(steps.push.outputs) }}"