conditionally running setup depending on x-chalk-setup header #109
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: setup | |
on: | |
pull_request: | |
permissions: | |
contents: read | |
env: | |
COSIGN_PASSWORD: 6EHvWD1BUk0yWdvm-GGNxA== | |
jobs: | |
verify: | |
runs-on: ubuntu-latest | |
concurrency: | |
# only allow one job per PR running | |
# older pending jobs will be cancelled not to waste CI minutes | |
# cannot use github.job here https://github.com/community/community/discussions/13496 | |
group: ${{ github.workflow }}-setup-${{ github.ref }} | |
cancel-in-progress: true | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Install cosign | |
uses: sigstore/cosign-installer@main | |
- name: Generate key | |
run: | | |
cosign \ | |
generate-key-pair \ | |
--output-key-prefix chalk | |
{ | |
echo 'PUBLIC_KEY<<EOF' | |
cat chalk.pub | |
echo EOF | |
} >> "$GITHUB_ENV" | |
{ | |
echo 'PRIVATE_KEY<<EOF' | |
cat chalk.key | |
echo EOF | |
} >> "$GITHUB_ENV" | |
- name: Setup Chalk | |
uses: ./ | |
with: | |
password: ${{ env.COSIGN_PASSWORD }} | |
public_key: ${{ env.PUBLIC_KEY }} | |
private_key: ${{ env.PRIVATE_KEY }} | |
- name: Verify Setup | |
run: | | |
echo 'log_level: "trace"' | sudo tee /etc/chalk.conf | |
set -x | |
which chalk | |
which docker | |
strings $(which chalk) | tail -n 18 | head -n1 | jq | |
strings $(which docker) | tail -n 18 | head -n1 | jq | |
chalk version | |
docker version |