diff --git a/.github/workflows/main.yml b/.github/workflows/docker-publish.yml similarity index 71% rename from .github/workflows/main.yml rename to .github/workflows/docker-publish.yml index 9c14398..1fb81b3 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/docker-publish.yml @@ -1,61 +1,48 @@ -name: Docker +name: Docker Publish + +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. on: + # workflow_dispatch: + #schedule: + # - cron: '28 1 * * *' push: - # Publish `master` as Docker `latest` image. - branches: - - master - - # Publish `v1.2.3` tags as releases. - tags: - - v* + branches: [ "master" ] + # Publish semver tags as releases. + tags: [ 'v*.*.*' ] + #pull_request: + # branches: [ "main" ] - # Run tests for any PRs. - # pull_request: - - workflow_dispatch: - env: # Use docker.io for Docker Hub if empty REGISTRY: ghcr.io # github.repository as / IMAGE_NAME: ${{ github.repository }} -jobs: - # Run tests. - # See also https://docs.docker.com/docker-hub/builds/automated-testing/ - test: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - name: Run tests - run: | - if [ -f docker-compose.test.yml ]; then - docker-compose --file docker-compose.test.yml build - docker-compose --file docker-compose.test.yml run sut - else - docker-compose build - fi - # Push image to GitHub Packages. - # See also https://docs.docker.com/docker-hub/builds/ - push: - # Ensure test job passes before pushing image. - needs: test +jobs: + build: runs-on: ubuntu-latest - if: github.event_name == 'push' + permissions: + contents: read + packages: write + # This is used to complete the identity challenge + # with sigstore/fulcio when running outside of PRs. + id-token: write steps: - - uses: actions/checkout@v2 - - + - name: Checkout repository + uses: actions/checkout@v3 + # Install the cosign tool except on PR # https://github.com/sigstore/cosign-installer - name: Install cosign if: github.event_name != 'pull_request' - uses: sigstore/cosign-installer@v3.0.5 + uses: sigstore/cosign-installer@v3.1.1 with: cosign-release: 'v2.0.2' @@ -83,9 +70,9 @@ jobs: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | type=ref,event=tag - type=semver,pattern={{version}} + type=semver,pattern={{raw}} + type=schedule,pattern={{date 'YYYYMMDD-hhmmss'}} type=sha - # Build and push Docker image with Buildx (don't push on PR) # https://github.com/docker/build-push-action @@ -99,7 +86,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max - + # Sign the resulting Docker image digest except on PRs. # This will only write to the public Rekor transparency log when the Docker @@ -108,9 +95,6 @@ jobs: # https://github.com/sigstore/cosign - name: Sign the published Docker image if: ${{ github.event_name != 'pull_request' }} - - # This step uses the identity token to provision an ephemeral certificate # against the sigstore community Fulcio instance. run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign --yes {}@${{ steps.build-and-push.outputs.digest }} - diff --git a/README.md b/README.md index 8c87da0..170f195 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Marktwerking -[![Docker](https://github.com/VSLCatena/marktwerking/actions/workflows/main.yml/badge.svg)](https://github.com/VSLCatena/marktwerking/actions/workflows/main.yml) +[![Docker](https://github.com/VSLCatena/marktwerking/actions/workflows/docker-publish.yml/badge.svg)](https://github.com/VSLCatena/marktwerking/actions/workflows/docker-publish.yml) The forces of a market during one evening? It is possible! Include your drinks and boundaries and enjoy the evening. The prices will fluctuate based on the sellings.