bigger test

Signed-off-by: Josh Dolitsky <josh@dolit.ski>
wolfi-dev · Jul 17, 2023 · a78f370 · a78f370
1 parent c396d00
commit a78f370
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 14 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -6,18 +6,28 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      id-token: write # needed for GitHub OIDC Token
     steps:
-    - uses: jdolitsky/wolfi-act@main
-      with:
-        packages: grype,crane
-        command: |
-          set -x
-          for img in "cgr.dev/chainguard/nginx" "cgr.dev/chainguard/wolfi-base"; do
-            grype "${img}"
-            crane manifest "${img}"
-          done
-          grype cgr.dev/chainguard/nginx
-          echo "---"
-          grype cgr.dev/chainguard/wolfi-base
-          echo "---"
-          whoami
+      - name: Build, sign, inspect an image using wolfi-act
+        uses: jdolitsky/wolfi-act@main
+        with:
+          packages: curl,apko,cosign,crane,grype,trivy
+          command: |
+            set -x
+
+            curl -L -o maven.apko.yaml \
+              https://raw.githubusercontent.com/chainguard-images/images/main/images/maven/configs/openjdk-17.apko.yaml
+
+            REF="ghcr.io/jdolitsky/wolfi-act/testing/maven:latest"
+            apko publish maven.apko.yaml "${REF}" \
+              --repository-append=https://packages.wolfi.dev/os \
+              --keyring-append=https://packages.wolfi.dev/os/wolfi-signing.rsa.pub \
+              --package-append=wolfi-baselayout \
+              --arch=x86_64,aarch64
+
+            crane manifest "${REF}"
+            grype "${REF}"
+            trivy image "${REF}"
diff --git a/action.yml b/action.yml
@@ -88,19 +88,23 @@ runs:
         fi
         echo "done."
 
+        env > wolfi-act.github.env
+
         echo "[🐙] Running the following command in ephemeral container image:"
         echo '${{ inputs.command }}'
         echo "[🐙] Output:"
         if [[ "${debug}" == "true" ]]; then
           docker run -i --rm --platform linux/amd64 \
               -v ${PWD}:/work \
               -w /work \
+              --env-file wolfi-act.github.env \
               wolfi-act:latest-amd64 \
               bash -exc '${{ inputs.command }}'
         else
           docker run -i --rm --platform linux/amd64 \
               -v ${PWD}:/work \
               -w /work \
+              --env-file wolfi-act.github.env \
               wolfi-act:latest-amd64 \
               bash -ec '${{ inputs.command }}'
         fi