Skip to content
Release and Publish

ci: testing release and package pipeline #6

Sign in to view logs

ci: testing release and package pipeline

ci: testing release and package pipeline #6

Workflow file for this run

.github/workflows/release-publish.yml at eff7f8c
name: Release and Publish
on:
pull_request:
types:
- closed
- opened
branches: ["main"]
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
DOCKER_TAG: theignorantview/skillanthropy
permissions:
contents: write
jobs:
release:
name: Tag and Release
outputs:
new_tag: ${{ steps.tag_version.outputs.new_tag }}
# if: github.event.pull_request.merged == true
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.merge_commit_sha }}
fetch-depth: "0"
- name: Bump version and push tag
id: tag_version
uses: anothrNick/github-tag-action@v1
env:
WITH_V: true
DRY_RUN: true
BRANCH_HISTORY: "last"
- name: Release
uses: softprops/action-gh-release@v2
with:
tag_name: ${{ steps.tag_version.outputs.new_tag }}
generate_release_notes: true
make_latest: "true"
continue-on-error: true
push_to_registries:
needs: release
name: Build and Push Image
runs-on: ubuntu-latest
outputs:
digest: ${{ steps.push.outputs.digest }}
tag: ${{ needs.release.outputs.new_tag }}
strategy:
fail-fast: false
matrix:
platform:
- linux/amd64
- linux/arm64
permissions:
packages: write
contents: read
attestations: write
id-token: write
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Log in to the Container registry
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
with:
images: |
theignorantview/skillanthropy:${{ needs.release.outputs.new_tag }}
ghcr.io/${{ github.repository }}:${{ needs.release.outputs.new_tag }}
- name: Build and push Docker images
id: push
uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
with:
context: .
push: true
platforms: ${{ matrix.platform }}
tags: |
theignorantview/skillanthropy:${{ needs.release.outputs.new_tag }}
theignorantview/skillanthropy:latest
ghcr.io/${{ github.repository }}:${{ needs.release.outputs.new_tag }}
ghcr.io/${{ github.repository }}:latest
labels: ${{ matrix.platform }}
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v1
with:
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true
sign_images:
name: Sign Images
runs-on: ubuntu-latest
needs: push_to_registries
permissions:
contents: read
steps:
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- uses: sigstore/cosign-installer@main
- name: Write signing key to disk
run: echo "${{ secrets.SIGNING_SECRET }}" > cosign.key
- name: Sign container image
run: |
cosign sign --key cosign.key \
-a "repo=${{ github.repository }}" \
-a "ref=${{ github.sha }}" \
${{ env.DOCKER_TAG }}:latest
cosign sign --key cosign.key \
-a "ref=${{ github.sha }}" \
-a "repo=${{ github.repository }}" \
${{ env.DOCKER_TAG }}:${{ needs.push_to_registries.outputs.tag }}
env:
COSIGN_PASSWORD: ""