-
-
Notifications
You must be signed in to change notification settings - Fork 0
62 lines (59 loc) · 1.95 KB
/
reusable-build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
name: Reusable build
on:
workflow_call:
inputs:
image-name:
description: Name of the image to be built
required: true
type: string
image-tag:
description: Tag of the base image (will be used for the built image)
required: true
type: string
containerfile-path:
description: Path to the Containerfile
required: true
type: string
context-path:
description: Path to the build context
required: true
type: string
env:
REGISTRY: ghcr.io/${{ github.repository }}
jobs:
build:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
# - name: Setup cosign
# uses: sigstore/cosign-installer@v3.3.0
- name: Login to container registry
uses: redhat-actions/podman-login@v1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build image
uses: redhat-actions/buildah-build@v2
id: build
with:
image: ${{ inputs.image-name }}
tags: ${{ inputs.image-tag }} latest
containerfiles: ${{ inputs.containerfile-path }}/Containerfile
context: ${{ inputs.context-path }}
oci: true
build-args: |
IMAGE_TAG=${{ inputs.image-tag }}
- name: Push image
uses: redhat-actions/push-to-registry@v2
id: push
with:
image: ${{ steps.build.outputs.image }}
tags: ${{ steps.build.outputs.tags }}
registry: ${{ env.REGISTRY }}
# - name: Sign image
# run: cosign sign -y --recursive --key env://COSIGN_PRIVATE_KEY ${{ env.REGISTRY }}/${{ github.repository }}/${{ env.IMAGE_NAME }}@${{ steps.push.outputs.digest }}
# env:
# COSIGN_EXPERIMENTAL: false
# COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
# COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}