s3adm: on tags #7
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
push: | |
paths: | |
- 'Dockerfile.nginx' | |
release: | |
types: [created] | |
name: Build & Sign & Push Dockerfile.nginx | |
env: | |
IMAGE_NAME: nginx | |
DOCKER_FILE: Dockerfile.nginx | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@v2 | |
- name: Install Cosign | |
uses: sigstore/cosign-installer@main | |
with: | |
cosign-release: 'v1.13.1' | |
- name: Log in to ghcr registry | |
run: | | |
echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin | |
- name: Build the image with docker | |
run: docker build . --file $DOCKER_FILE --tag $IMAGE_NAME --label "runnumber=${GITHUB_RUN_ID}" | |
- name: Push & Sign image | |
run: | | |
IMAGE_ID=ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME | |
# Change all uppercase to lowercase | |
IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]') | |
# Strip git ref prefix from version | |
VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') | |
# Strip "v" prefix from tag name | |
[[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//') | |
# Use Docker `latest` tag convention | |
[ "$VERSION" == "master" ] && VERSION=latest | |
echo IMAGE_ID=$IMAGE_ID | |
echo VERSION=$VERSION | |
echo "{{ github.ref.type }}" | |
docker tag $IMAGE_NAME $IMAGE_ID:$VERSION | |
docker push $IMAGE_ID:$VERSION | |
cosign sign --key env://COSIGN_KEY $IMAGE_ID:$VERSION | |
env: | |
COSIGN_KEY: ${{secrets.COSIGN_PRIVATE_KEY}} | |
- name: Push & Sign image release | |
if: github.ref.type == 'tag' | |
run: | | |
IMAGE_ID=ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME | |
IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]') | |
VERSION=${GITHUB_REF_NAME} | |
docker tag $IMAGE_NAME $IMAGE_ID:$VERSION | |
docker push $IMAGE_ID:$VERSION | |
cosign sign --key env://COSIGN_KEY $IMAGE_ID:$VERSION | |
env: | |
COSIGN_KEY: ${{secrets.COSIGN_PRIVATE_KEY}} |