chore: bump cgate and tls fix #12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker Image Publish | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| # Publish semver tags as releases. | |
| tags: [ 'v*.*.*' ] | |
| pull_request: | |
| branches: [ "main" ] | |
| env: | |
| # Use docker.io for Docker Hub if empty | |
| REGISTRY: ghcr.io | |
| # github.repository as <account>/<repo> | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| # This is used to complete the identity challenge | |
| # with sigstore/fulcio when running outside of PRs. | |
| id-token: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| # Install the cosign tool except on PR | |
| # https://github.com/sigstore/cosign-installer | |
| - name: Install cosign | |
| if: github.event_name != 'pull_request' | |
| uses: sigstore/cosign-installer@v3.1.1 | |
| with: | |
| cosign-release: 'v2.1.1' | |
| - name: Check install! | |
| if: github.event_name != 'pull_request' | |
| run: cosign version | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v2.1.0 | |
| # Workaround: https://github.com/docker/build-push-action/issues/461 | |
| - name: Setup Docker buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v2.5.0 | |
| - name: Available platforms | |
| run: echo ${{ steps.buildx.outputs.platforms }} | |
| # Login against a Docker registry except on PR | |
| # https://github.com/docker/login-action | |
| - name: Log into registry ${{ env.REGISTRY }} | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v2.1.0 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| # this is a simple way of using date and time to do versioning. | |
| - name: Modify scripts and get version | |
| id: version | |
| run: | | |
| output=$(date -u '+%Y%m%d%H%M%S') | |
| echo ::set-output name=date_version::$output | |
| # Extract metadata (tags, labels) for Docker | |
| # https://github.com/docker/metadata-action | |
| - name: Extract Docker metadata | |
| id: docker_meta | |
| uses: docker/metadata-action@v4.4.0 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: type=sha,format=long | |
| - name: downcase REPO | |
| run: | | |
| echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} | |
| # Build and push Docker image with Buildx (don't push on PR) | |
| # https://github.com/docker/build-push-action | |
| - name: Build and Push container images | |
| id: build-and-push | |
| uses: docker/build-push-action@v4.1.1 | |
| with: | |
| context: . | |
| push: ${{ github.event_name != 'pull_request' }} # Don't push on PR | |
| labels: ${{ steps.docker_meta.outputs.tags }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| file: ./Dockerfile | |
| platforms: linux/amd64,linux/arm/v7,linux/arm64 | |
| tags: | | |
| ${{ steps.docker_meta.outputs.tags }} | |
| ghcr.io/${{env.REPO}}:latest | |
| ghcr.io/${{env.REPO}}:${{steps.version.outputs.date_version}} | |
| # # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable | |
| # - name: Sign image with a key | |
| # if: github.event_name != 'pull_request' | |
| # run: | | |
| # cosign sign --yes --key env://COSIGN_PRIVATE_KEY "${TAGS}@${DIGEST}" | |
| # env: | |
| # TAGS: ${{ steps.docker_meta.outputs.tags }} | |
| # COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} | |
| # COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | |
| # DIGEST: ${{ steps.build-and-push.outputs.digest }} | |
| # - name: Sign the images with GitHub OIDC Token | |
| # if: github.event_name != 'pull_request' | |
| # env: | |
| # DIGEST: ${{ steps.build-and-push.outputs.digest }} | |
| # TAGS: ${{ steps.docker_meta.outputs.tags }} | |
| # run: cosign sign --yes "${TAGS}@${DIGEST}" |