test release worflow #17 #11

Workflow file for this run

.github/workflows/ssh-key-signer-server-docker.yml at f72862f

	name: create and publish docker container

	on:
	push:
	branches: [ main ]
	paths:
	- ssh-key-signer-server/**
	- .github/workflows/ssh-key-signer-server-docker.yml
	workflow_call:
	inputs:
	sha:
	required: false
	type: string
	default: ${{ github.sha }}
	env:
	REGISTRY: docker.io
	IMAGE_NAME: ${{ github.repository }}
	PROJECT: ssh-key-signer-server

	jobs:
	build:
	if: github.actor != 'dependabot[bot]'
	runs-on: ubuntu-latest
	steps:
	- name: "display sha"
	run: \|
	echo "found sha ${{ inputs.sha }}"

	- uses: actions/checkout@v4
	with:
	ref: ${{ inputs.sha }}

	- name: set up jdk
	uses: actions/setup-java@v4
	with:
	java-version: '21'
	distribution: 'temurin'
	cache: maven

	- name: install xmllint
	run: sudo apt install -y libxml2-utils

	- name: build with maven
	run: mvn clean package --projects ${{ env.PROJECT }} --also-make --batch-mode -Pproduction

	- name: extract project version
	id: extract_version
	run: \|
	echo "MAVEN_NAME=$(xmllint --xpath '/[local-name()="project"]/[local-name()="artifactId"]/text()' ${{ env.PROJECT }}/pom.xml)" >> $GITHUB_OUTPUT
	echo "MAVEN_VERSION=$(xmllint --xpath '/[local-name()="project"]/[local-name()="version"]/text()' ${{ env.PROJECT }}/pom.xml)" >> $GITHUB_OUTPUT

	- name: login to docker hub
	uses: docker/login-action@v3
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: extract docker metadata
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: ${{ env.IMAGE_NAME }}
	tags: \|
	# set latest tag for default branch
	type=raw,value=latest,enable={{is_default_branch}}
	type=semver,pattern={{version}}
	type=raw,value=${{ steps.extract_version.outputs.MAVEN_VERSION }}

	- name: build and push
	uses: docker/build-push-action@v6
	with:
	context: ${{ env.PROJECT }}
	push: true
	platforms: linux/amd64
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	build-args: \|
	APP_NAME=${{ steps.extract_version.outputs.MAVEN_NAME }}
	APP_VERSION=${{ steps.extract_version.outputs.MAVEN_VERSION }}

	- name: sign the published docker image
	if: startsWith(github.ref, 'refs/tags/v')
	env:
	TAGS: ${{ steps.meta.outputs.tags }}
	DIGEST: ${{ steps.build-and-push.outputs.digest }}
	# This step uses the identity token to provision an ephemeral certificate
	# against the sigstore community Fulcio instance.
	run: echo "${TAGS}" \| xargs -I {} cosign sign --yes {}@${DIGEST}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

test release worflow #17 #11

Workflow file

test release worflow #17 #11

Uh oh!

Workflow file for this run