Skip to content

Commit

Permalink
maybe?
Browse files Browse the repository at this point in the history
  • Loading branch information
@ryanabx
ryanabx committed Feb 9, 2024
1 parent 3546297 commit e57941f
Showing 1 changed file with 45 additions and 48 deletions.
93 changes: 45 additions & 48 deletions .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,9 @@ on: # https://docs.github.com/en/actions/using-workflows/events-that-trigger-wor
pull_request:
workflow_dispatch:

env:
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}

# Only deploys the branch named "live". Ignores all other branches, to allow
# having "development" branches without interfering with GHCR image uploads.
jobs:
Expand All @@ -21,49 +24,45 @@ jobs:
strategy:
fail-fast: false
matrix:
arch: [amd64]
arch: [amd64] #add ,arm64 to add back arm build

steps:
# - name: Maximize build space
# uses: easimon/maximize-build-space@v10
# with:
# root-reserve-mb: 37500
# remove-dotnet: 'true'
# remove-android: 'true'
# remove-haskell: 'true'
# remove-codeql: 'true'
# remove-docker-images: 'true'
- name: Maximize build space
uses: easimon/maximize-build-space@v10
with:
root-reserve-mb: 37500
remove-dotnet: 'true'
remove-android: 'true'
remove-haskell: 'true'
remove-codeql: 'true'
remove-docker-images: 'true'

# Checkout push-to-registry action GitHub repository
- name: Checkout Push to Registry action
uses: actions/checkout@v4

# Install the cosign tool except on PR
# https://github.com/sigstore/cosign-installer
- name: Install cosign
if: github.event_name != 'pull_request' && github.ref == 'refs/heads/live'
uses: sigstore/cosign-installer@v3.3.0

- name: Add yq (for reading desc.yml)
uses: mikefarah/yq@v4.35.1

# important here is to lowercase image related variables like IMAGE_REGISTRY
# and IMAGE_NAME because docker does not allow uppercase chars in the whole image name.
- name: Gather image data from description
run: |
echo "IMAGE_TITLE=$(yq '.title' ./desc.yml)" >> $GITHUB_ENV
echo "IMAGE_NAME=${GITHUB_REPOSITORY_OWNER@L}/$(yq '.name | downcase' ./desc.yml)" >> $GITHUB_ENV
echo "IMAGE_NAME=$(yq '.name' ./desc.yml)" >> $GITHUB_ENV
echo "IMAGE_DESCRIPTION=$(yq '.description' ./desc.yml)" >> $GITHUB_ENV
echo "IMAGE_MAJOR_VERSION=$(yq '.image-version' ./desc.yml)" >> $GITHUB_ENV
echo "IMAGE_REGISTRY=$(yq '.image-registry | downcase' ./desc.yml)" >> $GITHUB_ENV
- name: Get current version
id: labels
run: |
ver=$(skopeo inspect docker://quay.io/fedora/fedora-silverblue:${{ env.IMAGE_MAJOR_VERSION }} | jq -r '.Labels["org.opencontainers.image.version"]')
echo "VERSION=$ver" >> $GITHUB_OUTPUT
- name: Generate tags
id: generate-tags
shell: bash
run: |
# Generate a timestamp for creating an image version history
TIMESTAMP="$(date +%Y%m%d)"
MAJOR_VERSION=${IMAGE_MAJOR_VERSION}
MAJOR_VERSION="$(echo ${{ steps.labels.outputs.VERSION }} | cut -d . -f 1)"
COMMIT_TAGS=()
BUILD_TAGS=()
# Have tags for tracking builds during pull request
Expand Down Expand Up @@ -103,13 +102,26 @@ jobs:
images: |
${{ env.IMAGE_NAME }}
labels: |
org.opencontainers.image.title=${{ env.IMAGE_TITLE }}
org.opencontainers.image.ref.name=${{ env.IMAGE_NAME }}
org.opencontainers.image.version=${{ env.IMAGE_MAJOR_VERSION }}
org.opencontainers.image.title=${{ env.IMAGE_NAME }}
org.opencontainers.image.version=${{ steps.labels.outputs.VERSION }}
org.opencontainers.image.description=${{ env.IMAGE_DESCRIPTION }}
io.artifacthub.package.readme-url=https://raw.githubusercontent.com/drakulix/infinity/main/README.md
io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/33131755?s=200&v=4
# Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR.
# https://github.com/macbre/push-to-ghcr/issues/12
- name: Lowercase Registry
id: registry_case
uses: ASzc/change-string-case-action@v6
with:
string: ${{ env.IMAGE_REGISTRY }}

- name: Lowercase Image
id: image_case
uses: ASzc/change-string-case-action@v6
with:
string: ${{ env.IMAGE_NAME }}

- name: Install qemu dependency
run: |
sudo apt-get update
Expand All @@ -128,43 +140,28 @@ jobs:
archs: ${{ matrix.arch }}
build-args: |
IMAGE_MAJOR_VERSION=${{ env.IMAGE_MAJOR_VERSION }}
IMAGE_REGISTRY=${{ steps.registry_case.outputs.lowercase }}
labels: ${{ steps.meta.outputs.labels }}
oci: false

- name: Login to GitHub Container Registry
- name: 'Login to GitHub Container Registry'
uses: docker/login-action@v3
if: github.event_name != 'pull_request' && github.ref == 'refs/heads/live'
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
username: ${{github.actor}}
password: ${{secrets.GITHUB_TOKEN}}

# Push the image to GHCR (Image Registry)
- name: Push To GHCR
uses: redhat-actions/push-to-registry@v2
id: push
if: github.event_name != 'pull_request' && github.ref == 'refs/heads/live'
with:
image: ${{ steps.build_image.outputs.image }}
tags: ${{ steps.build_image.outputs.tags }}
registry: ${{ env.IMAGE_REGISTRY }}
username: ${{ env.REGISTRY_USER }}
password: ${{ env.REGISTRY_PASSWORD }}
registry: ${{ steps.registry_case.outputs.lowercase }}
extra-args: |
--disable-content-trust
- name: Echo outputs
if: github.event_name != 'pull_request' && github.ref == 'refs/heads/live'
run: |
echo "${{ toJSON(steps.push.outputs) }}"
# Sign the resulting Docker image digest except on PRs.
# This will only write to the public Rekor transparency log when the Docker
# repository is public to avoid leaking data. If you would like to publish
# transparency data even for private images, pass --force to cosign below.
# https://github.com/sigstore/cosign
- name: Sign the published Docker image
if: github.event_name != 'pull_request' && github.ref == 'refs/heads/live'
env:
COSIGN_EXPERIMENTAL: "true"
# This step uses the identity token to provision an ephemeral certificate
# against the sigstore community Fulcio instance.
run: cosign sign --yes ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.push.outputs.digest }}
echo "${{ toJSON(steps.push.outputs) }}"

0 comments on commit e57941f

Please sign in to comment.