|
10 | 10 | IMAGE_NAME: ${{ github.repository }} |
11 | 11 |
|
12 | 12 | jobs: |
13 | | - build-and-push-image: |
14 | | - uses: advanced-security/reusable-workflows/.github/workflows/container.yml@main |
| 13 | + set-version: |
| 14 | + runs-on: ubuntu-latest |
| 15 | + outputs: |
| 16 | + release: ${{ steps.set-version.outputs.release }} |
| 17 | + version: ${{ steps.set-version.outputs.version }} |
| 18 | + |
| 19 | + steps: |
| 20 | + - name: "Checkout" |
| 21 | + uses: actions/checkout@v4 |
| 22 | + - name: "Get and Set version" |
| 23 | + id: set-version |
| 24 | + run: | |
| 25 | + set -e |
| 26 | +
|
| 27 | + if [[ -f .release.yml ]]; then |
| 28 | + pip install yq |
| 29 | + current_version=$(yq -r ".version" .release.yml) |
| 30 | + echo "Current Version :: $current_version" |
| 31 | +
|
| 32 | + echo "version=$current_version" >> $GITHUB_OUTPUT |
| 33 | + else |
| 34 | + echo "Failed to find version..." |
| 35 | + exit 1 |
| 36 | + fi |
| 37 | +
|
| 38 | + released_version=$(gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" /repos/:owner/:repo/releases/latest | jq -r ".tag_name") |
| 39 | +
|
| 40 | + if [[ "$current_version" == "NA" || "$current_version" == "$released_version" ]]; then |
| 41 | + echo "No new release found" |
| 42 | + echo "release=false" >> "$GITHUB_OUTPUT" |
| 43 | + else |
| 44 | + echo "New release found" |
| 45 | + echo "version=$current_version" >> "$GITHUB_OUTPUT" |
| 46 | + echo "release=true" >> "$GITHUB_OUTPUT" |
| 47 | + fi |
| 48 | +
|
| 49 | + publish-image: |
| 50 | + uses: advanced-security/reusable-workflows/.github/workflows/container-publish.yml@main |
| 51 | + needs: [ set-version ] |
| 52 | + if: ${{ needs.set-version.outputs.release == 'true' }} |
15 | 53 | secrets: inherit |
16 | 54 | permissions: |
17 | | - id-token: write |
18 | | - contents: write |
| 55 | + contents: read |
19 | 56 | packages: write |
| 57 | + actions: read |
20 | 58 | attestations: write |
21 | | - security-events: write |
| 59 | + with: |
| 60 | + version: ${{ needs.set-version.outputs.version }} |
| 61 | + container-name: ${{ env.IMAGE_NAME }} |
| 62 | + sbom: true |
| 63 | + signing: true |
| 64 | + |
| 65 | + |
| 66 | + github-release: |
| 67 | + uses: advanced-security/reusable-workflows/.github/workflows/release.yml@main |
| 68 | + needs: [ publish-image ] |
| 69 | + secrets: inherit |
| 70 | + with: |
| 71 | + version: ${{ needs.set-version.outputs.version }} |
| 72 | + |
22 | 73 |
|
0 commit comments