Update to bring nhsuk stylesheet dependency within the project (#4) #3
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release | |
| on: | |
| push: | |
| tags: | |
| - '*' | |
| env: | |
| IMAGE_NAME: ${{ github.event.repository.name }} | |
| jobs: | |
| build-gradle: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-java@v4 | |
| with: | |
| distribution: temurin | |
| java-version: 21 | |
| - name: Setup Gradle | |
| uses: gradle/gradle-build-action@v3.5.0 | |
| - name: Execute Gradle build | |
| run: ./gradlew -PprojectVersion=${{ github.ref_name }} test assemble installDist | |
| - name: Archive binaries | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: binaries | |
| path: build/install | |
| retention-days: 1 | |
| - name: Archive distribution | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: distribution | |
| path: build/distributions | |
| retention-days: 1 | |
| build-push-docker: | |
| runs-on: ubuntu-latest | |
| needs: build-gradle | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Set up cosign | |
| uses: sigstore/cosign-installer@main | |
| - name: Download binaries | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: binaries | |
| path: build/install | |
| - name: Download distribution | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: distribution | |
| path: build/distributions | |
| - name: Build and publish container image | |
| uses: docker/build-push-action@v6 | |
| id: build_push | |
| with: | |
| push: true | |
| builder: ${{ steps.buildx.outputs.name }} | |
| context: . | |
| file: ./Dockerfile | |
| platforms: linux/amd64,linux/arm64/v8 | |
| tags: | | |
| ghcr.io/nhsdigital/${{ env.IMAGE_NAME }}:${{ github.ref_name }} | |
| ghcr.io/nhsdigital/${{ env.IMAGE_NAME }}:latest | |
| labels: | | |
| org.opencontainers.image.title=${{ github.event.repository.name }} | |
| org.opencontainers.image.description=${{ github.event.repository.description }} | |
| org.opencontainers.image.url=${{ github.event.repository.html_url }} | |
| org.opencontainers.image.source=${{ github.event.repository.html_url }} | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| org.opencontainers.image.version=${{ github.ref_name }} | |
| # - name: sign container image | |
| # run: | | |
| # cosign sign --yes --key env://COSIGN_KEY ghcr.io/nhs-digital/${{ env.IMAGE_NAME }}:${{ github.ref_name }}@${{ steps.build_push.outputs.digest }} | |
| # shell: bash | |
| # env: | |
| # COSIGN_KEY: ${{secrets.COSIGN_KEY}} | |
| # COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}} | |
| # | |
| # - name: Check images | |
| # run: | | |
| # docker buildx imagetools inspect ghcr.io/nhsdigital/${IMAGE_NAME}:${{ github.ref_name }} | |
| # docker pull ghcr.io/nhsdigital/${IMAGE_NAME}:${{ github.ref_name }} | |
| # cosign verify --key cosign.pub ghcr.io/nhsdigital/${IMAGE_NAME}:${{ github.ref_name }} | |
| - uses: anchore/sbom-action@v0 | |
| with: | |
| image: ghcr.io/nhsdigital/${{ env.IMAGE_NAME }}:${{ github.ref_name }} | |
| create-draft-release: | |
| runs-on: ubuntu-latest | |
| needs: build-gradle | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Download distribution | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: distribution | |
| path: build/distributions | |
| - name: Create Release Draft | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| gh release create ${{ github.ref_name }} \ | |
| --draft \ | |
| --title "${{ github.ref_name }}" | |
| - name: Upload Release Assets | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: gh release upload ${{ github.ref_name }} ./build/distributions/* |