Skip to content
build-verify-package

chore(deps): bump docker/build-push-action from 6.15.0 to 6.16.0 #128

Sign in to view logs

chore(deps): bump docker/build-push-action from 6.15.0 to 6.16.0

chore(deps): bump docker/build-push-action from 6.15.0 to 6.16.0 #128

Workflow file for this run

.github/workflows/build-verify.yml at 90c378e
name: build-verify-package
on:
push:
paths-ignore:
#- '.github/**'
- '.gitignore'
- 'LICENSE'
- '*.md'
pull_request:
paths-ignore:
- '.github/**'
- '.gitignore'
- 'LICENSE'
- '*.md'
permissions:
contents: read
id-token: write # needed for signing the images with GitHub OIDC Token
jobs:
build-verify-package:
runs-on: ubuntu-latest
environment: Build
steps:
- name: Get current date
id: date
#run: echo "::set-output name=date::$(date +'%Y-%m-%dT%H:%M:%S')"
run: echo "date=$(date +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
- name: Checkout Code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4
- name: Setup Go
uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b #v5.4.0
with:
go-version-file: ./go.mod
cache-dependency-path: ./go.sum
- name: Build Go packages
run: |
./build-binaries.sh github.com/microcks/microcks-cli
- name: Set environment for branch
run: |
set -x
if [[ $GITHUB_REF == 'refs/heads/master' ]]; then
echo "IMAGE_TAG=nightly" >> "$GITHUB_ENV"
echo "PACKAGE_IMAGE=true" >> "$GITHUB_ENV"
elif [[ $GITHUB_REF == "refs/tags/$GITHUB_REF_NAME" ]]; then
echo "IMAGE_TAG=$GITHUB_REF_NAME" >> "$GITHUB_ENV"
echo "PACKAGE_IMAGE=true" >> "$GITHUB_ENV"
else
echo "PACKAGE_IMAGE=false" >> "$GITHUB_ENV"
fi
- name: Install Cosign
if: github.repository_owner == 'microcks' && env.PACKAGE_IMAGE == 'true'
uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1
- name: Set up QEMU
if: github.repository_owner == 'microcks' && env.PACKAGE_IMAGE == 'true'
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
- name: Set up Docker Buildx
if: github.repository_owner == 'microcks' && env.PACKAGE_IMAGE == 'true'
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
- name: Login to Quay.io and Docker Hub registries and setup multi-arch builder
if: github.repository_owner == 'microcks' && env.PACKAGE_IMAGE == 'true'
run: |
echo ${{ secrets.QUAY_PASSWORD }} | docker login -u ${{ secrets.QUAY_USERNAME }} --password-stdin quay.io
echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin docker.io
BUILDER=buildx-multi-arch
docker buildx inspect $BUILDER || docker buildx create --name=$BUILDER --driver=docker-container --driver-opt=network=host
- name: Build and push container image for cli
id: build-and-push
uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
if: github.repository_owner == 'microcks' && env.PACKAGE_IMAGE == 'true'
with:
context: .
sbom: true
push: true
provenance: mode=max
platforms: linux/amd64,linux/arm64
builder: buildx-multi-arch
file: build/Dockerfile
labels: |
org.opencontainers.image.revision=${GITHUB_SHA}
org.opencontainers.image.created=${{ steps.date.outputs.date }}
tags: quay.io/microcks/microcks-cli:${{env.IMAGE_TAG}},docker.io/microcks/microcks-cli:${{env.IMAGE_TAG}}
- name: Sign the image with GitHub OIDC Token
if: github.repository_owner == 'microcks' && env.PACKAGE_IMAGE == 'true'
env:
DIGEST: ${{ steps.build-and-push.outputs.digest }}
TAGS: quay.io/microcks/microcks-cli:${{env.IMAGE_TAG}} docker.io/microcks/microcks-cli:${{env.IMAGE_TAG}}
COSIGN_EXPERIMENTAL: "true"
run: |
images=""
for tag in ${TAGS}; do
images+="${tag}@${DIGEST} "
done
cosign sign --yes ${images}