images: add debian trixie #1595
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build | |
| on: | |
| push: | |
| tags: | |
| - v* | |
| branches: | |
| - master | |
| - v2 | |
| pull_request: | |
| jobs: | |
| build-and-push: | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| with: | |
| platforms: linux/amd64,linux/arm64 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Set up cosign | |
| if: ${{ github.event_name != 'pull_request' }} | |
| uses: sigstore/cosign-installer@v3 | |
| - name: login to registry | |
| if: ${{ github.event_name != 'pull_request' }} | |
| env: | |
| QUAYIO_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
| QUAYIO_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
| run: | | |
| docker login --username=${QUAYIO_USERNAME} --password-stdin quay.io <<< "${QUAYIO_PASSWORD}" | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| quay.io/piraeusdatastore/piraeus-operator | |
| tags: | | |
| type=sha | |
| type=raw,value=${{ github.ref_name }} | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| - name: Build | |
| uses: docker/build-push-action@v6 | |
| id: build | |
| with: | |
| builder: ${{ steps.buildx.outputs.name }} | |
| platforms: linux/amd64,linux/arm64 | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| no-cache: ${{ github.ref_type == 'tag' }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| build-args: | | |
| VERSION=${{ github.ref_name }}-${{ github.sha }} | |
| - name: Sign images | |
| if: ${{ github.event_name != 'pull_request' }} | |
| # Take the digest we just pushed to the registry and sign the image using "keyless" signing: | |
| # https://docs.sigstore.dev/cosign/signing/overview/ | |
| # With this, users can verify that the image was actually created by this github workflow. | |
| run: | | |
| jq '."containerimage.digest" as $DIGEST | ."image.name" | split(":")[0] | "\(.)@\($DIGEST)"' -r <<<'${{ steps.build.outputs.metadata }}' \ | |
| | xargs --no-run-if-empty cosign sign --yes |