diff options
| author | seth <[email protected]> | 2024-01-20 06:20:29 -0500 |
|---|---|---|
| committer | seth <[email protected]> | 2024-01-20 06:41:04 -0500 |
| commit | 1809becbe9e8e4ea065c1490b8d7f566abaf49bd (patch) | |
| tree | e40df9b61bed1a1bfa89405b511db932e6c26ee4 /.github/workflows/build-image.yaml | |
| parent | 290a84e86b2f2c3cb1403f94eff416e74d536abd (diff) | |
ci: reuse image build steps
Diffstat (limited to '.github/workflows/build-image.yaml')
| -rw-r--r-- | .github/workflows/build-image.yaml | 103 |
1 files changed, 103 insertions, 0 deletions
diff --git a/.github/workflows/build-image.yaml b/.github/workflows/build-image.yaml new file mode 100644 index 0000000..4271c37 --- /dev/null +++ b/.github/workflows/build-image.yaml @@ -0,0 +1,103 @@ +on: + workflow_call: + inputs: + image_name: + required: true + type: string + containerfile: + description: containerfile to build + required: true + type: string + context: + required: true + type: string + extra_tags: + description: extra tags to apply to image + required: true + type: string + build_args: + required: true + type: string + secrets: + akmods_key: + description: private akmods key for signing + required: false + +env: + REGISTRY: ghcr.io/${{ github.repository_owner }} + +jobs: + build: + name: Build and Publish + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - name: Extract metadata + id: metadata + uses: docker/metadata-action@v5 + with: + images: | + ${{ env.IMAGE_NAME }} + tags: | + type=sha + type=ref,event=branch + type=ref,event=pr + type=schedule,pattern={{date 'YYYYMMDD'}} + + - name: Get akmods signing key + if: github.event_name != 'pull_request' + env: + AKMODS_KEY: ${{ secrets.akmods_key }} + run: | + echo "$AKMODS_KEY" > akmods/certs/private_key.priv + + - name: Build image + id: build + uses: redhat-actions/buildah-build@v2 + with: + containerfiles: | + ${{ inputs.containerfile }} + image: ${{ inputs.image_name }} + context: ${{ inputs.context }} + tags: | + ${{ steps.metadata.outputs.tags }} + ${{ inputs.extra_tags }} + labels: ${{ steps.metadata.outputs.labels }} + build-args: ${{ inputs.build_args }} + + - name: Login to registry + if: github.event_name != 'pull_request' + uses: redhat-actions/podman-login@v1 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ github.token }} + + - name: Push to registry + id: push + if: github.event_name != 'pull_request' + uses: redhat-actions/push-to-registry@v2 + with: + image: ${{ steps.build.outputs.image }} + tags: ${{ steps.build.outputs.tags }} + registry: ${{ env.REGISTRY }} + extra-args: | + --disable-content-trust + + - name: Install cosign + if: github.event_name != 'pull_request' + uses: sigstore/cosign-installer@v3 + + - name: Sign image + if: github.event_name != 'pull_request' + env: + DIGEST: ${{ steps.push.outputs.digest }} + TAGS: ${{ steps.build.outputs.tags }} + run: | + images=() + for tag in ${TAGS}; do + images+=("${tag}@${DIGEST}") + done + cosign sign --yes "${images[@]}" |