Skip to content

adding a new policy that allows scratch and root policy exceptions at… #581

adding a new policy that allows scratch and root policy exceptions at…

adding a new policy that allows scratch and root policy exceptions at… #581

Workflow file for this run

name: Build Main
on:
push:
branches: [ main, ghactions ]
env:
IMAGE_NAME: preflight
jobs:
build-main:
name: Build and push main snapshot images
strategy:
matrix:
architecture: [amd64,ppc64le,arm64,s390x]
platform: [linux]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Fetch latest release version
uses: reloc8/action-latest-release-version@1.0.0
id: fetch-latest-release
- name: Set Env Tags
run: echo RELEASE_TAG=${{ steps.fetch-latest-release.outputs.latest-release }} >> $GITHUB_ENV
- name: set short sha
run: echo SHA_SHORT=$(git rev-parse --short HEAD) >> $GITHUB_ENV
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Build Image
id: build-image
uses: redhat-actions/buildah-build@v2
with:
image: ${{ secrets.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }}
tags: ${{ env.SHA_SHORT }}-${{ matrix.platform }}-${{ matrix.architecture }}
archs: ${{ matrix.architecture }}
build-args: |
quay_expiration=1w
release_tag=${{ env.RELEASE_TAG }}+${{ github.sha }}
ARCH=${{ matrix.architecture }}
dockerfiles: |
./Dockerfile
- name: Push Image
id: push-image
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ env.IMAGE_NAME }}
tags: ${{ env.SHA_SHORT }}-${{ matrix.platform }}-${{ matrix.architecture }}
registry: ${{ secrets.IMAGE_REGISTRY }}
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Print image url
run: echo "Image pushed to ${{ steps.push-image.outputs.registry-paths }}"
outputs:
imageName: ${{ env.IMAGE_NAME }}
imageVersion: ${{ env.SHA_SHORT }}
build-coverage:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install system deps
run: 'sudo apt update && sudo apt install -y libgpgme-dev libbtrfs-dev libdevmapper-dev'
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
- name: Tidy
run: make tidy
- name: Vet
run: make vet
- name: Format
run: make fmt
- name: Test
run: make cover
- name: Coveralls
uses: coverallsapp/github-action@v2
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
file: coverage.out
build-multiarch:
needs: build-main
uses: ./.github/workflows/build-multiarch.yml
with:
name: ${{ needs.build-main.outputs.imageName }}
tag: ${{ needs.build-main.outputs.imageVersion }}
sign: false # do not sign images built on main
secrets:
registry: ${{ secrets.IMAGE_REGISTRY }}
user: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_PASSWORD }}