diff --git a/.github/workflows/publish-dev-docker-image.yml b/.github/workflows/publish-dev-docker-image.yml new file mode 100644 index 0000000..8fae55c --- /dev/null +++ b/.github/workflows/publish-dev-docker-image.yml @@ -0,0 +1,56 @@ +name: Publish Dev Docker Image + +on: + push: + branches: + - main + workflow_dispatch: + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +jobs: + build-and-push-image: + runs-on: ubuntu-latest + + permissions: + contents: read + packages: write + attestations: write + id-token: write + + environment: ghcr:leanix-github-agent + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Log in to the Container registry + uses: docker/login-action@v3.2.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5.5.1 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + - name: Build and push Docker image + id: push + uses: docker/build-push-action@v5.3.0 + with: + context: . + push: true + tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:dev + labels: ${{ steps.meta.outputs.labels }} + + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v1 + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true diff --git a/.github/workflows/publish-package-to-ghcr.yml b/.github/workflows/publish-package-to-ghcr.yml new file mode 100644 index 0000000..637d388 --- /dev/null +++ b/.github/workflows/publish-package-to-ghcr.yml @@ -0,0 +1,55 @@ +name: Publish Package to ghcr.io + +on: + release: + types: [published] + workflow_dispatch: + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +jobs: + build-and-push-image: + runs-on: ubuntu-latest + + permissions: + contents: read + packages: write + attestations: write + id-token: write + + environment: ghcr:leanix-github-agent + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Log in to the Container registry + uses: docker/login-action@v3.2.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5.5.1 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + - name: Build and push Docker image + id: push + uses: docker/build-push-action@v5.3.0 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v1 + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true diff --git a/.github/workflows/release-dev-docker-image.yml b/.github/workflows/release-dev-docker-image.yml deleted file mode 100644 index c2c8925..0000000 --- a/.github/workflows/release-dev-docker-image.yml +++ /dev/null @@ -1,48 +0,0 @@ -name: Release Dev Docker Image - -on: - push: - branches: - - main - workflow_dispatch: - -jobs: - build: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Setup Java - uses: actions/setup-java@v3 - with: - distribution: 'temurin' - java-version: '21' - - - name: Build with Gradle - uses: gradle/gradle-build-action@v2 - continue-on-error: false - with: - arguments: build - - - name: Login to Azure registry - uses: azure/docker-login@v1 - with: - login-server: ${{ secrets.ACR_PUBLIC_LOGIN }} - username: ${{ secrets.ACR_PUBLIC_USERNAME }} - password: ${{ secrets.ACR_PUBLIC_PASSWORD }} - - - name: Setup ssh - uses: webfactory/ssh-agent@v0.4.1 - with: - ssh-private-key: ${{ secrets.CI_GITHUB_SSH_PRIVATE_KEY }} - ssh-auth-sock: ${{ env.SSH_AUTH_SOCK }} - - - name: Build and push image to Azure public registry - uses: docker/build-push-action@v2 - with: - context: ./ - file: Dockerfile - tags: ${{ secrets.ACR_PUBLIC_LOGIN }}/leanix-github-agent:dev - push: true - ssh: default=${{ env.SSH_AUTH_SOCK }} diff --git a/.github/workflows/release-docker-image.yml b/.github/workflows/release-docker-image.yml deleted file mode 100644 index c0f19c4..0000000 --- a/.github/workflows/release-docker-image.yml +++ /dev/null @@ -1,99 +0,0 @@ -name: Release Docker Image - -on: - pull_request: - types: [closed] - workflow_dispatch: - -jobs: - release_draft: - permissions: - contents: write - pull-requests: write - runs-on: ubuntu-latest - steps: - - uses: release-drafter/release-drafter@v5 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - build: - runs-on: ubuntu-latest - - if: github.event.pull_request.merged - - steps: - - name: Tag next version - id: tag-action - uses: K-Phoen/semver-release-action@master - with: - release_branch: main - release_strategy: tag - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Publish Release Draft - uses: actions/github-script@v6.4.1 - if: (steps.tag-action.outputs.tag != '') - with: - github-token: ${{secrets.GITHUB_TOKEN}} - script: | - const tag = "${{ steps.tag-action.outputs.tag }}"; - const { data: releases } = await github.rest.repos.listReleases({ - owner: context.repo.owner, - repo: context.repo.repo - }); - const draftRelease = releases.find(release => release.tag_name === tag && release.draft === true); - if (!draftRelease) { - console.log(`No draft release found for tag ${tag}`); - return; - } - await github.rest.repos.updateRelease({ - owner: context.repo.owner, - repo: context.repo.repo, - release_id: draftRelease.id, - draft: false - }); - console.log(`Published draft release for tag ${tag}`); - - - name: Checkout - uses: actions/checkout@v3 - if: (steps.tag-action.outputs.tag != '') - - - name: Setup Java - uses: actions/setup-java@v3 - if: (steps.tag-action.outputs.tag != '') - with: - distribution: 'temurin' - java-version: '21' - - - name: Build with Gradle - uses: gradle/gradle-build-action@v2 - if: (steps.tag-action.outputs.tag != '') - continue-on-error: false - with: - arguments: build - - - name: Login to Azure registry - uses: azure/docker-login@v1 - if: (steps.tag-action.outputs.tag != '') - with: - login-server: ${{ secrets.ACR_PUBLIC_LOGIN }} - username: ${{ secrets.ACR_PUBLIC_USERNAME }} - password: ${{ secrets.ACR_PUBLIC_PASSWORD }} - - - name: Setup ssh - uses: webfactory/ssh-agent@v0.4.1 - if: (steps.tag-action.outputs.tag != '') - with: - ssh-private-key: ${{ secrets.CI_GITHUB_SSH_PRIVATE_KEY }} - ssh-auth-sock: ${{ env.SSH_AUTH_SOCK }} - - - name: Build and push image to Azure public registry - if: (steps.tag-action.outputs.tag != '') - uses: docker/build-push-action@v2 - with: - context: ./ - file: Dockerfile - tags: ${{ secrets.ACR_PUBLIC_LOGIN }}/leanix-github-agent:${{ steps.tag-action.outputs.tag }}, ${{ secrets.ACR_PUBLIC_LOGIN }}/leanix-github-agent:latest - push: true - ssh: default=${{ env.SSH_AUTH_SOCK }}