add image signing to the readme file (#32) #35
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release to Production | |
on: | |
push: | |
branches: [ main ] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
PALETTE_VERSION: 4.0.2 | |
PALETTE_CLI_VERSION: 4.0.1 | |
PALETTE_EDGE_VERSION: 3.4.3 | |
PACKER_VERSION: 1.9.4 | |
ORAS_VERSION: 1.0.0 | |
TERRAFORM_VERSION: 1.6.5 | |
jobs: | |
docker: | |
name: "Release Docker image" | |
runs-on: ubuntu-latest | |
outputs: | |
VERSION: ${{ steps.get-version.outputs.version }} | |
steps: | |
- name: Setup nodeJs | |
uses: actions/[email protected] | |
with: | |
node-version: '18' | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@v4 | |
- | |
name: "Get dependencies" | |
id: dependencies | |
run: | | |
npm ci | |
npx semantic-release --dry-run | |
cat VERSION.env | |
source VERSION.env | |
echo "version=$VERSION" >> $GITHUB_OUTPUT | |
- name: Set up QEMU | |
if: ${{ steps.dependencies.outputs.VERSION != ''}} | |
uses: docker/setup-qemu-action@v2 | |
- name: "Set up Docker Buildx" | |
if: ${{ steps.dependencies.outputs.VERSION != ''}} | |
uses: docker/setup-buildx-action@v2 | |
- name: Login to GHCR | |
if: ${{ steps.dependencies.outputs.VERSION != ''}} | |
uses: docker/login-action@v1 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and push | |
if: ${{ steps.dependencies.outputs.VERSION != ''}} | |
uses: docker/build-push-action@v2 | |
id: build-and-push | |
with: | |
context: . | |
build-args: | | |
PALETTE_VERSION=${{env.PALETTE_VERSION}} | |
PALETTE_CLI_VERSION=${{env.PALETTE_CLI_VERSION}} | |
PALETTE_EDGE_VERSION=${{env.PALETTE_EDGE_VERSION}} | |
PACKER_VERSION=${{env.PACKER_VERSION}} | |
ORAS_VERSION=${{env.ORAS_VERSION}} | |
TERRAFORM_VERSION=${{env.TERRAFORM_VERSION}} | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
tags: ghcr.io/${{ github.repository }}:${{steps.dependencies.outputs.VERSION}} | |
- uses: sigstore/[email protected] | |
- name: Image Signing | |
run: | | |
cosign sign --yes \ | |
-a "repo=${{ github.repository }}" \ | |
-a "workflow=${{ github.workflow }}" \ | |
-a "ref=${{ github.sha }}" \ | |
-a "owner=Spectro Cloud" \ | |
--key env://COSIGN_PRIVATE_KEY --recursive "${TAGS}@${DIGEST}" | |
env: | |
TAGS: ghcr.io/${{ github.repository }}:${{steps.dependencies.outputs.VERSION}} | |
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} | |
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | |
DIGEST: ${{ steps.build-and-push.outputs.digest }} | |
release: | |
name: "Release" | |
needs: [docker] | |
runs-on: ubuntu-latest | |
steps: | |
- id: checkout | |
name: Checkout Repository | |
uses: actions/checkout@v3 | |
- name: Setup Nodejs | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 18 | |
- name: Install dependencies | |
run: npm ci | |
- name: "release" | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
npx semantic-release |