-
Notifications
You must be signed in to change notification settings - Fork 0
92 lines (90 loc) · 2.99 KB
/
publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
name: Publish
on:
push:
tags:
- v[0-9]+.[0-9]+
permissions: read-all
jobs:
docker-hub:
name: Docker Hub
runs-on: ubuntu-24.04
permissions:
id-token: write # To perform keyless signing with cosign
environment:
name: docker
url: https://hub.docker.com/r/ericornelissen/ades
steps:
- name: Checkout repository
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
persist-credentials: false
- name: Install cosign
uses: sigstore/cosign-installer@c56c2d3e59e4281cc41dea2217323ba5694b171e # v3.8.0
with:
cosign-release: v2.2.3
- name: Get release version
id: version
shell: bash
run: |
echo "version=${GITHUB_REF#refs/tags/}" >>"$GITHUB_OUTPUT"
- name: Log in to Docker Hub
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
username: ${{ vars.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and push to Docker Hub
id: docker
uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0
with:
context: .
file: Containerfile
push: true
tags: >-
ericornelissen/ades:latest,
ericornelissen/ades:${{ steps.version.outputs.version }}
- name: Sign container image
env:
DIGEST: ${{ steps.docker.outputs.digest }}
REF: ${{ github.sha }}
REPO: ${{ github.repository }}
WORKFLOW: ${{ github.workflow }}
run: |
cosign sign --yes \
-a "ref=${REF}" \
-a "repo=${REPO}" \
-a "workflow=${WORKFLOW}" \
"docker.io/ericornelissen/ades@${DIGEST}"
github-release:
name: GitHub Release
runs-on: ubuntu-24.04
permissions:
attestations: write # To create GitHub Attestations
contents: write # To create a GitHub Release
id-token: write # To perform keyless signing with cosign for attestations
steps:
- name: Checkout repository
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
persist-credentials: false
- name: Install Go
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version-file: go.mod
- name: Get release version
id: version
shell: bash
run: |
echo "version=${GITHUB_REF#refs/tags/}" >>"$GITHUB_OUTPUT"
- name: Compile
run: go run tasks.go build-all
- name: Create GitHub release
uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0
with:
tag: ${{ steps.version.outputs.version }}
name: Release ${{ steps.version.outputs.version }}
body: ${{ steps.version.outputs.version }}
artifacts: ./_compiled/*
- name: Attest build provenance
uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0
with:
subject-path: ./_compiled/*