Skip to content

Commit 34d3ca9

Browse files
JossWhittleJossWhittle
authored
feat(containers): build rc container with inline cache and final release container without cache (#133)
1 parent 071161f commit 34d3ca9

File tree

1 file changed

+20
-7
lines changed

1 file changed

+20
-7
lines changed

.github/actions/release-container/action.yaml

Lines changed: 20 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -233,7 +233,7 @@ runs:
233233
tags: |
234234
type=raw,value=${{ inputs.registry-tag-prefix }}${{ steps.semantic.outputs.release-version }}${{ inputs.registry-tag-suffix }}
235235
236-
- name: build and push
236+
- name: build and push rc container using inline cache
237237
if: steps.semantic.outputs.new-release-published == 'true'
238238
uses: docker/build-push-action@v5
239239
id: build
@@ -251,6 +251,7 @@ runs:
251251
cache-to: type=inline
252252
cache-from: |
253253
type=registry,ref=${{ steps.branch-recent-meta.outputs.tags }}
254+
type=registry,ref=${{ steps.rc-recent-meta.outputs.tags }}
254255
type=registry,ref=${{ steps.pr-recent-meta.outputs.tags }}
255256
256257
- name: cosign image with key
@@ -293,10 +294,22 @@ runs:
293294
${{ inputs.registry }}/${{ inputs.registry-repo }}@${{ steps.build.outputs.digest }} \
294295
${{ inputs.test-args }}
295296
296-
- name: retag container
297+
- name: build and push release container
297298
if: steps.semantic.outputs.new-release-published == 'true'
298-
shell: bash
299-
run: docker buildx imagetools create -t ${{ steps.meta.outputs.tags }} ${{ inputs.registry }}/${{ inputs.registry-repo }}@${{ steps.build.outputs.digest }}
299+
uses: docker/build-push-action@v5
300+
id: build-release
301+
with:
302+
file: ${{ inputs.build-file }}
303+
context: ${{ inputs.build-context }}
304+
tags: |
305+
${{ steps.meta.outputs.tags }}
306+
labels: ${{ steps.meta.outputs.labels }}
307+
push: true
308+
github-token: ${{ github.token }}
309+
provenance: true
310+
cache-from: |
311+
type=registry,ref=${{ steps.rc-meta.outputs.tags }}
312+
type=registry,ref=${{ steps.meta.outputs.tags }}
300313
301314
- name: cosign image with key
302315
if: steps.semantic.outputs.new-release-published == 'true' && inputs.cosign-public-key != ''
@@ -307,14 +320,14 @@ runs:
307320
COSIGN_PRIVATE_KEY: ${{ inputs.cosign-private-key }}
308321
COSIGN_PASSWORD: ${{ inputs.cosign-password }}
309322
TAGS: ${{ steps.meta.outputs.tags }}
310-
DIGEST: ${{ steps.build.outputs.digest }}
323+
DIGEST: ${{ steps.build-release.outputs.digest }}
311324

312325
- name: cosign verify container
313326
if: steps.semantic.outputs.new-release-published == 'true' && inputs.cosign-public-key != ''
314327
env:
315328
COSIGN_PUBLIC_KEY: ${{ inputs.cosign-public-key }}
316329
TAG: ${{ steps.meta.outputs.tags }}
317-
DIGEST: ${{ steps.build.outputs.digest }}
330+
DIGEST: ${{ steps.build-release.outputs.digest }}
318331
shell: bash
319332
run: |
320333
cosign verify --key env://COSIGN_PUBLIC_KEY "${TAG}@${DIGEST}"
@@ -347,7 +360,7 @@ runs:
347360
Pushed release container version ${{ steps.semantic.outputs.release-version }}!%0A
348361
- %0A
349362
docker pull ${{ steps.meta.outputs.tags }}%0A
350-
docker pull ${{ inputs.registry }}/${{ inputs.registry-repo }}@${{ steps.build.outputs.digest }}"
363+
docker pull ${{ inputs.registry }}/${{ inputs.registry-repo }}@${{ steps.build-release.outputs.digest }}"
351364
352365
- name: update slack thread failure
353366
uses: archive/github-actions-slack@v2.7.0

0 commit comments

Comments
 (0)