Bump almalinuxorg/atomic-desktop-gnome from 1166472 to d7642c5
#192
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # ba0fde3d-bee7-4307-b97b-17d0d20aff50 | |
| name: Build image | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - 'main' | |
| paths-ignore: | |
| - '**/README.md' | |
| workflow_dispatch: | |
| schedule: | |
| # run on Saturday at 10:00 UTC | |
| - cron: '0 10 * * 6' | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref || github.run_id }} | |
| cancel-in-progress: true | |
| jobs: | |
| set-env: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| LATEST_TAG: ${{ steps.set.outputs.LATEST_TAG }} | |
| REGISTRY: ${{ steps.set.outputs.REGISTRY }} | |
| REGISTRY_USER: ${{ steps.set.outputs.REGISTRY_USER }} | |
| PLATFORMS: ${{ steps.set.outputs.PLATFORMS }} | |
| IMAGE_PATH: ${{ steps.set.outputs.IMAGE_PATH }} | |
| IMAGE_NAME: ${{ steps.set.outputs.IMAGE_NAME }} | |
| IMAGE_REF: ${{ steps.set.outputs.IMAGE_REF }} | |
| IS_SIGNED: ${{ steps.set.outputs.IS_SIGNED }} | |
| steps: | |
| - name: Checkout github actions | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4 | |
| - name: Set environment variables | |
| uses: ./.github/actions/config | |
| id: set | |
| check-update: | |
| name: Check for updates | |
| if: github.event_name == 'schedule' | |
| needs: set-env | |
| runs-on: ubuntu-latest | |
| outputs: | |
| res: ${{ steps.check-update.outputs.res }} | |
| steps: | |
| - name: Log in to registry | |
| shell: bash | |
| run: podman login ${{ needs.set-env.outputs.REGISTRY }} -u ${{ needs.set-env.outputs.REGISTRY_USER }} -p ${{ secrets.QUAY_PASSWORD }} | |
| - name: Check update | |
| id: check-update | |
| shell: bash | |
| run: | | |
| # 'dnf check-update' | |
| # exit codes: | |
| # 0 - no updates | |
| # 100 - updates available | |
| # 125 - tag/platform not found | |
| # 127 - command not found | |
| res=0 | |
| podman run --quiet --rm ${{ needs.set-env.outputs.IMAGE_REF }}:latest dnf check-update || res=$? | |
| echo "res=${res}" >> "$GITHUB_OUTPUT" | |
| echo "Exit code: '$res'" | |
| build-image: | |
| name: Build image | |
| uses: AlmaLinux/atomic-ci/.github/workflows/build-image.yml@v10 | |
| needs: [set-env, check-update] | |
| if: ${{ !failure() && !cancelled() && (github.event_name != 'schedule' || needs.check-update.outputs.res != 0) }} | |
| with: | |
| containerfile: Dockerfile | |
| image-name: "${{ needs.set-env.outputs.IMAGE_NAME }}" | |
| previous-image: "${{ needs.set-env.outputs.IMAGE_REF }}:latest" | |
| upstream-public-key: atomic-desktop.pub | |
| platforms: ${{ needs.set-env.outputs.PLATFORMS }} | |
| skip-maximize-build-space: true | |
| image-path: ${{ needs.set-env.outputs.IMAGE_PATH }} | |
| REGISTRY: ${{ needs.set-env.outputs.REGISTRY }} | |
| REGISTRY_USER: ${{ needs.set-env.outputs.REGISTRY_USER }} | |
| image-description: "AlmaLinux Atomic Workstation" | |
| KMS_KEY_ALIAS: atomicsig | |
| AWS_REGION: us-east-1 | |
| generate-sbom: true | |
| secrets: | |
| REGISTRY_TOKEN: ${{ secrets.QUAY_PASSWORD }} | |
| AWS_ROLE_ARN: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/atomicimages | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| test-image: | |
| name: Test image | |
| runs-on: ubuntu-latest | |
| needs: [set-env, check-update, build-image] | |
| if: ${{ !failure() && !cancelled() && (github.event_name != 'schedule' || needs.check-update.outputs.res != 0) }} | |
| env: | |
| IMAGE_REF: "${{ needs.build-image.outputs.image-ref }}@${{ needs.build-image.outputs.digest }}" | |
| steps: | |
| - name: Login to Container Registry | |
| run: echo ${{ secrets.QUAY_PASSWORD }} | podman login -u ${{ needs.set-env.outputs.REGISTRY_USER }} --password-stdin ${{ needs.set-env.outputs.REGISTRY }} | |
| - name: Test container | |
| run: | | |
| # Create a short script to test the image using heredoc | |
| cat << 'EOF' > /tmp/test.sh | |
| set -ex | |
| cat /etc/os-release | |
| bootc -V | |
| EOF | |
| podman run --rm \ | |
| -v /tmp/test.sh:/tmp/test.sh \ | |
| ${{ env.IMAGE_REF }} \ | |
| /bin/bash /tmp/test.sh | |
| promote-image: | |
| name: Promote image | |
| needs: [set-env, check-update, build-image, test-image] | |
| if: ${{ !failure() && !cancelled() && github.ref == format('refs/heads/{0}', github.event.repository.default_branch) && (github.event_name != 'schedule' || needs.check-update.outputs.res != 0) }} | |
| uses: AlmaLinux/atomic-ci/.github/workflows/retag-image.yml@v10 | |
| with: | |
| image: ${{ needs.build-image.outputs.image-ref }} | |
| digest: ${{ needs.build-image.outputs.digest }} | |
| tag: | | |
| ${{ needs.set-env.outputs.LATEST_TAG }} | |
| ${{ needs.build-image.outputs.major-version }} | |
| ${{ needs.build-image.outputs.redhat-version-id }} | |
| ${{ needs.build-image.outputs.version }} | |
| REGISTRY: ${{ needs.set-env.outputs.REGISTRY }} | |
| REGISTRY_USER: ${{ needs.set-env.outputs.REGISTRY_USER }} | |
| secrets: | |
| REGISTRY_TOKEN: ${{ secrets.QUAY_PASSWORD }} | |
| permissions: | |
| packages: write | |
| create-release: | |
| name: Create Release | |
| needs: [set-env, check-update, build-image, test-image, promote-image] | |
| if: ${{ !failure() && !cancelled() && github.ref == format('refs/heads/{0}', github.event.repository.default_branch) && (github.event_name != 'schedule' || needs.check-update.outputs.res != 0) }} | |
| uses: AlmaLinux/atomic-ci/.github/workflows/create-release.yml@v10 | |
| with: | |
| image-name: "${{ needs.set-env.outputs.IMAGE_NAME }}" | |
| version: ${{ needs.build-image.outputs.version }} | |
| pretty-version: ${{ needs.build-image.outputs.redhat-version-id }} | |
| latest-image-ref: "${{ needs.build-image.outputs.image-ref }}:${{ needs.set-env.outputs.LATEST_TAG }}" | |
| permissions: | |
| contents: write |