Skip to content

Merge pull request #14 from betterup/broken_pipeline #143

Merge pull request #14 from betterup/broken_pipeline

Merge pull request #14 from betterup/broken_pipeline #143

Workflow file for this run

# name: Publish and Sign Container Image
# on:
# workflow_call:
# inputs:
# go-version:
# required: true
# type: string
# quay_image_name:
# required: false
# type: string
# ghcr_image_name:
# required: false
# type: string
# docker_image_name:
# required: false
# type: string
# platforms:
# required: true
# type: string
# default: linux/amd64
# push:
# required: true
# type: boolean
# default: false
# target:
# required: false
# type: string
# secrets:
# quay_username:
# required: false
# quay_password:
# required: false
# ghcr_username:
# required: false
# ghcr_password:
# required: false
# docker_username:
# required: false
# docker_password:
# required: false
# outputs:
# image-digest:
# description: "sha256 digest of container image"
# value: ${{ jobs.publish.outputs.image-digest }}
# permissions: {}
# jobs:
# publish:
# permissions:
# contents: read
# packages: write # Used to push images to `ghcr.io` if used.
# id-token: write # Needed to create an OIDC token for keyless signing
# runs-on: ubuntu-22.04
# outputs:
# image-digest: ${{ steps.image.outputs.digest }}
# steps:
# - name: Checkout code
# uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.3.0
# with:
# fetch-depth: 0
# token: ${{ secrets.GITHUB_TOKEN }}
# if: ${{ github.ref_type == 'tag'}}
# - name: Checkout code
# uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.3.0
# if: ${{ github.ref_type != 'tag'}}
# - name: Setup Golang
# uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
# - name: Install cosign
# uses: sigstore/cosign-installer@c3667d99424e7e6047999fb6246c0da843953c65 # v3.0.1
# with:
# cosign-release: 'v2.0.0'
# - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
# - uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2.5.0
# - name: Setup tags for container image as a CSV type
# run: |
# IMAGE_TAGS=$(for str in \
# ${{ inputs.quay_image_name }} \
# ${{ inputs.ghcr_image_name }} \
# ${{ inputs.docker_image_name}}; do
# echo -n "${str}",;done | sed 's/,$//')
# echo $IMAGE_TAGS
# echo "TAGS=$IMAGE_TAGS" >> $GITHUB_ENV
# - name: Setup image namespace for signing, strip off the tag
# run: |
# TAGS=$(for tag in \
# ${{ inputs.quay_image_name }} \
# ${{ inputs.ghcr_image_name }} \
# ${{ inputs.docker_image_name}}; do
# echo -n "${tag}" | awk -F ":" '{print $1}' -;done)
# echo $TAGS
# echo 'SIGNING_TAGS<<EOF' >> $GITHUB_ENV
# echo $TAGS >> $GITHUB_ENV
# echo 'EOF' >> $GITHUB_ENV
# - name: Login to Quay.io
# uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
# with:
# registry: quay.io
# username: ${{ secrets.quay_username }}
# password: ${{ secrets.quay_password }}
# if: ${{ inputs.quay_image_name && inputs.push }}
# - name: Login to GitHub Container Registry
# uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
# with:
# registry: ghcr.io
# username: ${{ secrets.ghcr_username }}
# password: ${{ secrets.ghcr_password }}
# if: ${{ inputs.ghcr_image_name && inputs.push }}
# - name: Login to dockerhub Container Registry
# uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
# with:
# username: ${{ secrets.docker_username }}
# password: ${{ secrets.docker_password }}
# if: ${{ inputs.docker_image_name && inputs.push }}
# - name: Build and push container image
# id: image
# uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 #v4.0.0
# with:
# context: .
# platforms: ${{ inputs.platforms }}
# push: ${{ inputs.push }}
# tags: ${{ env.TAGS }}
# target: ${{ inputs.target }}
# provenance: false
# sbom: false
# - name: Sign container images
# run: |
# for signing_tag in $SIGNING_TAGS; do
# cosign sign \
# -a "repo=${{ github.repository }}" \
# -a "workflow=${{ github.workflow }}" \
# -a "sha=${{ github.sha }}" \
# -y \
# "$signing_tag"@${{ steps.image.outputs.digest }}
# done
# if: ${{ inputs.push }}