forked from chgl/.github
-
Notifications
You must be signed in to change notification settings - Fork 0
143 lines (128 loc) · 4.01 KB
/
ci.yaml
File metadata and controls
143 lines (128 loc) · 4.01 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
name: ci
on:
push:
branches: [master]
release:
types: [created]
pull_request:
branches: [master]
permissions:
contents: read
jobs:
build:
uses: ./.github/workflows/standard-build.yaml
permissions:
contents: write
id-token: write
packages: write
pull-requests: write
actions: read
security-events: write
with:
# can't use the default "ghcr.io/${{ github.repository }}" since
# "ghcr.io/chgl/.github:pr-1": invalid reference format"
image: ghcr.io/chgl/github-reusable-workflow
enable-build-test-layer: true
enable-upload-test-image: true
platforms: linux/amd64,linux/arm64
secrets:
github-token: ${{ secrets.GITHUB_TOKEN }}
build-without-test-image:
uses: ./.github/workflows/standard-build.yaml
permissions:
contents: write
id-token: write
packages: write
pull-requests: write
actions: read
security-events: write
with:
image: ghcr.io/chgl/github-reusable-workflow-without-test-image
enable-build-test-layer: false
enable-upload-test-image: false
secrets:
github-token: ${{ secrets.GITHUB_TOKEN }}
build-with-fixed-image-tags:
uses: ./.github/workflows/standard-build.yaml
permissions:
contents: write
id-token: write
packages: write
pull-requests: write
actions: read
security-events: write
with:
image: ghcr.io/chgl/github-reusable-workflow-with-fixed-image-tags
enable-build-test-layer: true
enable-upload-test-image: true
image-tags: |
type=semver,pattern={{raw}},value=v1.2.3-beta.123
secrets:
github-token: ${{ secrets.GITHUB_TOKEN }}
lint:
uses: ./.github/workflows/standard-lint.yaml
permissions:
contents: read
pull-requests: write
issues: write
security-events: write
actions: read
with:
codeql-languages: '["python"]'
enable-codeql: true
enable-validate-gradle-wrapper: false
enable-verify-base-image-signature: false
secrets:
github-token: ${{ secrets.GITHUB_TOKEN }}
test:
runs-on: ubuntu-24.04
needs:
- build
steps:
# <https://docs.docker.com/storage/containerd/>
# via <https://github.com/docker/setup-buildx-action/issues/257>
- name: Set up containerd image store
shell: bash
run: |
[ -f /etc/docker/daemon.json ] || echo "{}" | sudo tee /etc/docker/daemon.json
jq '. | .+{"features": {"containerd-snapshotter": true}}' /etc/docker/daemon.json > /tmp/docker-daemon-with-containerd.json
sudo mv /tmp/docker-daemon-with-containerd.json /etc/docker/daemon.json
cat /etc/docker/daemon.json
sudo systemctl restart docker
docker info -f '{{ .DriverStatus }}'
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
- name: Download build image
uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
if: ${{ github.event_name == 'pull_request' }}
with:
name: ${{ needs.build.outputs.image-slug }}
path: /tmp
- name: Download test image
uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
if: ${{ github.event_name == 'pull_request' }}
with:
name: ${{ needs.build.outputs.image-slug }}-test
path: /tmp
- name: ls
run: |
ls -lsa /tmp
- name: load image
if: ${{ github.event_name == 'pull_request' }}
run: |
docker load --input /tmp/image.tar
docker load --input /tmp/image-test.tar
- name: list images
run: |
docker image ls
release:
uses: ./.github/workflows/standard-release.yaml
needs:
- build
- test
permissions:
contents: write
pull-requests: write
issues: write
secrets:
semantic-release-token: ${{ secrets.GITHUB_TOKEN }}