ansible-silverblue-oci #640

Workflow file for this run

	---

	name: ansible-silverblue-oci
	on:
	pull_request:
	branches:
	- main
	schedule:
	- cron: '20 20 * * *' # 8:20pm everyday
	push:
	branches:
	- main
	env:
	IMAGE_NAME: ansible-silverblue-oci
	IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}

	jobs:
	push-ghcr:
	name: Build and push image
	runs-on: ubuntu-22.04
	strategy:
	fail-fast: false
	matrix:
	major_version: [40]
	include:
	- major_version: 40
	is_latest: true
	is_stable: true
	steps:
	# Checkout push-to-registry action GitHub repository
	- name: Checkout Push to Registry action
	uses: actions/checkout@v3

	- name: Generate tags
	id: generate-tags
	shell: bash
	run: \|
	echo "date=$(date +%Y%m%d)" >> $GITHUB_OUTPUT
	echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT

	alias_tags=()
	if [[ "${{ matrix.is_latest }}" == "true" ]]; then
	alias_tags+=("latest")
	fi
	if [[ "${{ matrix.is_stable }}" == "true" ]]; then
	alias_tags+=("stable")
	fi
	echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT

	# Build image using Buildah action
	- name: Build Image
	id: build_image
	uses: redhat-actions/buildah-build@v2
	with:
	containerfiles: \|
	./Containerfile
	image: ${{ env.IMAGE_NAME }}
	tags: \|
	${{ steps.generate-tags.outputs.alias_tags }}
	${{ steps.generate-tags.outputs.date }}
	${{ steps.generate-tags.outputs.sha_short }}
	${{ matrix.major_version }}
	build-args: \|
	FEDORA_MAJOR_VERSION=${{ matrix.major_version }}
	oci: true

	# Workaround bug for capital letters in your GitHub username.
	# https://github.com/macbre/push-to-ghcr/issues/12
	- name: Lowercase Registry
	id: registry_case
	uses: ASzc/change-string-case-action@v5
	with:
	string: ${{ env.IMAGE_REGISTRY }}

	# Push the image to GHCR (Image Registry)
	- name: Push To GHCR
	uses: redhat-actions/push-to-registry@v2
	id: push
	env:
	REGISTRY_USER: ${{ github.actor }}
	REGISTRY_PASSWORD: ${{ github.token }}
	with:
	image: ${{ steps.build_image.outputs.image }}
	tags: ${{ steps.build_image.outputs.tags }}
	registry: ${{ steps.registry_case.outputs.lowercase }}
	username: ${{ env.REGISTRY_USER }}
	password: ${{ env.REGISTRY_PASSWORD }}
	extra-args: \|
	--disable-content-trust

	# Sign container
	- uses: sigstore/cosign-installer@main

	# Only needed when running `cosign sign` using a key
	- name: Write signing key to disk
	run: \|
	echo "${{ env.COSIGN_KEY }}" > cosign.key
	# DEBUG: get character count of key
	# wc -c cosign.key
	env:
	COSIGN_KEY: ${{ secrets.COSIGN_KEY }}

	- name: Login to GitHub Container Registry
	uses: docker/login-action@v2
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Sign container image
	run: \|
	cosign sign -y --key cosign.key ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}@${TAGS}
	env:
	TAGS: ${{ steps.push.outputs.digest }}
	COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
	COSIGN_EXPERIMENTAL: false

	- name: Echo outputs
	run: \|
	echo "${{ toJSON(steps.push.outputs) }}"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ansible-silverblue-oci #640

Workflow file

ansible-silverblue-oci #640

Jobs

Run details

Workflow file for this run