testing actions (#1)

* testing actions
Signed-off-by: vsoch <vsoch@users.noreply.github.com>

.github/workflows/test-actions.yaml

@@ -15,7 +15,5 @@ jobs:
           container: library/ubuntu
           squashed: ubuntu:squashed
       - name: View images
-        run: |
-          docker images
-          podman images
+        run: podman images
 

README.md

@@ -8,6 +8,35 @@ everything in the container owned by root! Any other ID would require privileged
 Given a container you have just built, this action will allow you to flatten permissions
 in this manner (and then likely push to a registry for later use).
 
+## Example
+
+Let's say our container is `library/ubuntu` and we want to squash to `ubuntu:squashed`.
+We would generate the action as follows:
+
+```yaml
+name: Squash Image
+on:
+  pull_request: []
+
+jobs:
+  squash-container:
+    name: Squash Ubuntu
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v3
+      - name: Squash Container
+        uses: rse-ops/container-permission-squasher@main
+        with:
+          container: library/ubuntu
+          squashed: ubuntu:squashed
+      - name: View images
+        run: podman images
+```
+
+You can see a full example workflow (building a primary container and adding a squashed tag)
+in [examples](examples/squash-permissions.yaml).
+
 ## License
 
 Copyright (c) 2017-2023, Lawrence Livermore National Security, LLC. 

action.yaml

@@ -15,4 +15,6 @@ runs:
       env:
         action_path: ${{ github.action_path }}
         container: ${{ inputs.container }}
-      run: /bin/bash ${action_path}/squash.sh ${container} ${squashed}
+        squashed: ${{ inputs.squashed }}
+      run: /bin/bash ${action_path}/scripts/squash.sh ${container} ${squashed}
+      shell: bash

examples/squash-permissions.yaml

@@ -0,0 +1,60 @@
+name: Build Deploy Squashed Containers
+
+on:
+
+  # Publish packages on release
+  release:
+    types: [published]
+
+  # Test on pull request
+  pull_request: []
+
+  # On push to main we build and deploy images
+  push:
+    branches:
+    - main
+
+jobs:
+  build:
+    permissions:
+      packages: write
+
+    # This is the container URI without a tag
+    env:
+      container: ghcr.io/vsoch/container
+    runs-on: ubuntu-latest
+    name: Build
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    - name: Build Regular Container
+      run: docker build -t ${{ env.container }}:latest .
+
+    - name: Squash Container
+      uses: rse-ops/container-permission-squasher@main
+      with:
+        container: ${{ env.container }}:latest
+        squashed: ${{ env.container }}:squashed
+
+    - name: GHCR Login
+      if: (github.event_name != 'pull_request')
+      uses: docker/login-action@v2
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Tag and Push Release Image
+      if: (github.event_name == 'release')
+      run: |
+        tag=${GITHUB_REF#refs/tags/}
+        echo "Tagging and releasing ${{ env.container }}:${tag}"
+        docker tag ${{ env.container }}:latest ${{ env.container }}:${tag}
+        docker push ${{ env.container }}:${tag}
+
+    - name: Deploy
+      if: (github.event_name != 'pull_request')
+      run: |
+        docker push ${{ env.container }}:latest
+        podman push ${{ env.container }}:squashed

scripts/squash.sh

@@ -4,10 +4,7 @@ URI=${1}
 SQUASHED=${2}
 
 echo "🎃️ Preparing to squash ${URI} into ${SQUASHED}..."
-
-# export BUILDID=$(uuidgen -r | head -c 8)
-# echo "podman build -t build:$BUILDID . "
-# podman build -t build:$BUILDID .
+export BUILDID=$(uuidgen -r | head -c 8)
 
 export CONTAINERID=$(podman create ${URI}) \
 && ( \