chore(deps): update dependency pytest to v8.3.3 (#859) #301
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: UBI Builder rebuild | |
| on: | |
| push: | |
| branches: | |
| - main | |
| schedule: | |
| - cron: '30 4 * * *' | |
| workflow_dispatch: | |
| jobs: | |
| build: | |
| permissions: | |
| id-token: write | |
| strategy: | |
| matrix: | |
| runner: ["ubuntu-latest", "ubicloud-standard-8-arm"] | |
| ubi-version: ["ubi8", "ubi9"] | |
| runs-on: ${{ matrix.runner }} | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Login to Stackable Harbor | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: oci.stackable.tech | |
| username: robot$sdp+github-action-build | |
| password: ${{ secrets.HARBOR_ROBOT_SDP_GITHUB_ACTION_BUILD_SECRET }} | |
| - name: Set up Cosign | |
| uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0 | |
| - name: Determine Architecture | |
| run: | | |
| echo "TAG=$(git rev-parse --short HEAD)-$(arch)" >> "$GITHUB_ENV" | |
| - name: Build and push | |
| id: build-and-push | |
| uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0 | |
| with: | |
| context: . | |
| file: ./${{ matrix.ubi-version }}-rust-builder/Dockerfile | |
| push: true | |
| tags: oci.stackable.tech/sdp/${{ matrix.ubi-version }}-rust-builder:${{ env.TAG }} | |
| - name: Sign the published builder image | |
| shell: bash | |
| run: | | |
| # Refer to image via its digest (oci.stackable.tech/sdp/airflow@sha256:0a1b2c...) | |
| # This generates a signature and publishes it to the registry, next to the image | |
| # Uses the keyless signing flow with Github Actions as identity provider | |
| cosign sign -y "oci.stackable.tech/sdp/${{ matrix.ubi-version }}-rust-builder@${{ steps.build-and-push.outputs.digest }}" | |
| create_manifest: | |
| permissions: | |
| id-token: write | |
| strategy: | |
| matrix: | |
| ubi-version: ["ubi8", "ubi9"] | |
| runs-on: ubuntu-latest | |
| needs: ["build"] | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Login to Stackable Harbor | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: oci.stackable.tech | |
| username: robot$sdp+github-action-build | |
| password: ${{ secrets.HARBOR_ROBOT_SDP_GITHUB_ACTION_BUILD_SECRET }} | |
| - name: Set up Cosign | |
| uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0 | |
| - name: Build Manifest List | |
| shell: bash | |
| run: | | |
| COMMIT_ID=$(git rev-parse --short HEAD) | |
| MANIFEST_LIST_NAME=oci.stackable.tech/sdp/${{ matrix.ubi-version }}-rust-builder | |
| docker manifest create "$MANIFEST_LIST_NAME:latest" "$MANIFEST_LIST_NAME:$COMMIT_ID-x86_64" "$MANIFEST_LIST_NAME:$COMMIT_ID-aarch64" | |
| # `docker manifest push` directly returns the digest of the manifest list | |
| # As it is an experimental feature, this might change in the future | |
| # Further reading: https://docs.docker.com/reference/cli/docker/manifest/push/ | |
| DIGEST=$(docker manifest push "$MANIFEST_LIST_NAME:latest") | |
| # Refer to image via its digest (oci.stackable.tech/sdp/airflow@sha256:0a1b2c...) | |
| # This generates a signature and publishes it to the registry, next to the image | |
| # Uses the keyless signing flow with Github Actions as identity provider | |
| cosign sign -y "$MANIFEST_LIST_NAME@$DIGEST" |