-
Notifications
You must be signed in to change notification settings - Fork 1
132 lines (118 loc) · 4.31 KB
/
autobuildall.yml
File metadata and controls
132 lines (118 loc) · 4.31 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
name: AutoBuildAll
on:
workflow_dispatch:
push:
branches:
- trunk
paths:
- 'at-buildimage/Dockerfile'
permissions: # added using https://github.com/step-security/secure-workflows
contents: read
jobs:
get_stable_version:
runs-on: ubuntu-latest
outputs:
dartversion: ${{ steps.dartversion.outputs.dartversion }}
steps:
- id: dartversion
name: Get stable version
run: |
DDURL="https://raw.githubusercontent.com/dart-lang/dart-docker/main/versions.json"
DART_VERSION=$(curl -s $DDURL | jq -r .stable.version)
echo "dartversion=${DART_VERSION}" >> $GITHUB_OUTPUT
build_multi_arch_images:
needs: [get_stable_version]
env:
DART_VERSION: ${{ needs.get_stable_version.outputs.dartversion }}
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write # for creating OIDC tokens for signing.
steps:
- name: Install cosign
uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
- name: Set up QEMU
uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
- name: Login to DockerHub
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Metadata (tags, labels) for buildimage
id: meta
uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
with:
tags: |
type=raw,value=automated
type=raw,value=${{ env.DART_VERSION }}
type=raw,value=GHA_${{ github.run_number }}
images: |
atsigncompany/buildimage
labels: |
org.opencontainers.image.description=Dart Build Image
- name: Build and push Multi Arch buildimage
id: docker_build
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
with:
file: ./at-buildimage/Dockerfile
push: true
provenance: false
tags: ${{ steps.meta.outputs.tags }}
platforms: |
linux/amd64
linux/arm64/v8
linux/arm/v7
linux/riscv64
- name: Sign buildimage images with GitHub OIDC Token
env:
DIGEST: ${{ steps.docker_build.outputs.digest }}
TAGS: ${{ steps.meta.outputs.tags }}
run: |
images=""
for tag in ${TAGS}; do
images+="${tag}@${DIGEST} "
done
cosign sign --yes ${images}
- name: Metadata (tags, labels) for dartshowplatform
id: meta_sp
uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
with:
tags: |
type=raw,value=automated
type=raw,value=${{ env.DART_VERSION }}
type=raw,value=GHA_${{ github.run_number }}
images: |
atsigncompany/dartshowplatform
labels: |
org.opencontainers.image.description=Dart Show Platform application
- name: Build and push dartshowplatform
id: docker_build_sp
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
with:
file: ./dartshowplatform/Dockerfile
push: true
provenance: false
tags: ${{ steps.meta_sp.outputs.tags }}
platforms: |
linux/amd64
linux/arm64/v8
linux/arm/v7
linux/riscv64
- name: Sign showplatform images with GitHub OIDC Token
env:
DIGEST: ${{ steps.docker_build_sp.outputs.digest }}
TAGS: ${{ steps.meta_sp.outputs.tags }}
run: |
images=""
for tag in ${TAGS}; do
images+="${tag}@${DIGEST} "
done
cosign sign --yes ${images}
- name: Google Chat Notification
uses: Co-qn/google-chat-notification@3691ccf4763537d6e544bc6cdcccc1965799d056 # releases/v1
with:
name: New images build for Dart SDK ${{ env.DART_VERSION }}
url: ${{ secrets.GOOGLE_CHAT_WEBHOOK }}
status: ${{ job.status }}