Skip to content

Permissions?

Permissions? #19

Workflow file for this run

name: Build
on:
workflow_dispatch:
push:
# branches:
# - release/v0.12
tags:
- v0.12.*
# permissions:
# contents: read
# id-token: write
jobs:
deploy:
name: Build everything
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
environment:
name: release
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Log in to Docker Hub
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_SECRET }}
- name: Install build dependencies
run: pip3 install jsonnet
- name: Get version
id: version
run: echo VERSION=sha-$(git rev-parse --short HEAD) >> $GITHUB_OUTPUT
- name: Build packages
run: make packages VERSION=${{ steps.version.outputs.VERSION }}
- name: Publish release distributions to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
- name: Create deploy bundle
run: templates/generate-all deploy.zip v${{ steps.version.outputs.VERSION }}
- uses: ncipollo/release-action@v1
with:
artifacts: deploy.zip
generateReleaseNotes: true
makeLatest: false
prerelease: true
skipIfReleaseExists: true
- name: Build container
run: make container VERSION=${{ steps.version.outputs.VERSION }}
- name: Extract metadata for container
id: meta
uses: docker/metadata-action@v4
with:
images: trustgraph/trustgraph-flow
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: Build and push Docker image
id: push
uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
with:
context: .
file: ./Containerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}