Skip to content

release

release #2

Workflow file for this run

name: release
on:
workflow_dispatch:
env:
TAG: ${{ github.ref_name }}
REGISTRY: ghcr.io
USERNAME: ${{ github.actor }}
PASSWORD: ${{ secrets.GITHUB_TOKEN }}
ORG: alexander-demicev
PROD_ORG: alexander-demicev
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
GH_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
RELEASE_DIR: .cr-release-packages
REPO: ${{ github.repository }}
permissions:
contents: write # Allow to create a release.
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
outputs:
ghcr-images: ${{ steps.ghcr-images.outputs.ghcr-images }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: setupGo
uses: actions/setup-go@v4
with:
go-version: '=1.20.7'
- name: Docker login to ghcr registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ env.USERNAME }}
password: ${{ env.PASSWORD }}
- name: Build docker image for gh registry
run: make docker-build-all TAG=${{ env.TAG }} REGISTRY=${{ env.REGISTRY }}
- name: Push docker image to gh registry
run: make docker-push-all TAG=${{ env.TAG }} REGISTRY=${{ env.REGISTRY }}
- name: Store list of ghcr images
id: ghcr-images
run: |
output=$(./scripts/image-digest.sh ${{ env.TAG }} ${{ env.REGISTRY }})
echo "ghcr-images=$result" >> "$GITHUB_OUTPUT"
ghcr-sign:
runs-on: ubuntu-latest
needs: [build]
strategy:
matrix:
images: ${{ needs.build.outputs.ghcr-images }}
steps:
- uses: sigstore/[email protected]
- name: Sign manifests
env:
COSIGN_EXPERIMENTAL: 1
run: |
cosign sign --yes ${{ matrix.images.image }}
ghcr-provenance:
needs: [build, ghcr-sign]
permissions:
actions: read
id-token: write
packages: write
strategy:
matrix:
images: ${{ needs.build.outputs.ghcr-images }}
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
with:
image: ${{ matrix.images.image }}
digest: ${{ matrix.images.digest }}
secrets:
registry-username: ${{ github.actor }}
registry-password: ${{ secrets.GITHUB_TOKEN }}