Skip to content

s3adm: on tags

s3adm: on tags #7

Workflow file for this run

on:
push:
paths:
- 'Dockerfile.nginx'
release:
types: [created]
name: Build & Sign & Push Dockerfile.nginx
env:
IMAGE_NAME: nginx
DOCKER_FILE: Dockerfile.nginx
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v2
- name: Install Cosign
uses: sigstore/cosign-installer@main
with:
cosign-release: 'v1.13.1'
- name: Log in to ghcr registry
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Build the image with docker
run: docker build . --file $DOCKER_FILE --tag $IMAGE_NAME --label "runnumber=${GITHUB_RUN_ID}"
- name: Push & Sign image
run: |
IMAGE_ID=ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME
# Change all uppercase to lowercase
IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')
# Strip git ref prefix from version
VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
# Strip "v" prefix from tag name
[[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
# Use Docker `latest` tag convention
[ "$VERSION" == "master" ] && VERSION=latest
echo IMAGE_ID=$IMAGE_ID
echo VERSION=$VERSION
echo "{{ github.ref.type }}"
docker tag $IMAGE_NAME $IMAGE_ID:$VERSION
docker push $IMAGE_ID:$VERSION
cosign sign --key env://COSIGN_KEY $IMAGE_ID:$VERSION
env:
COSIGN_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
- name: Push & Sign image release
if: github.ref.type == 'tag'
run: |
IMAGE_ID=ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME
IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')
VERSION=${GITHUB_REF_NAME}
docker tag $IMAGE_NAME $IMAGE_ID:$VERSION
docker push $IMAGE_ID:$VERSION
cosign sign --key env://COSIGN_KEY $IMAGE_ID:$VERSION
env:
COSIGN_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}