Skip to content
This repository has been archived by the owner on Jan 24, 2024. It is now read-only.

chore(deps): update github-actions #40

chore(deps): update github-actions

chore(deps): update github-actions #40

Workflow file for this run

name: ci
on:
pull_request:
branches: [master]
push:
branches: [master]
release:
types: [created]
permissions: read-all
jobs:
build:
name: Build
runs-on: ubuntu-22.04
permissions:
packages: write
id-token: write # for creating OIDC tokens for signing.
strategy:
matrix:
image: ["cricketeerone-kafka-connect"]
env:
IMAGE_NAME: ghcr.io/${{ github.repository }}/${{ matrix.image }}
outputs:
image-tags: ${{ steps.container_meta.outputs.tags }}
image-digest: ${{ steps.build.outputs.digest }}
image-name: ${{ env.IMAGE_NAME }}
steps:
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
- name: Container meta
id: container_meta
uses: docker/metadata-action@31cebacef4805868f9ce9a0cb03ee36c32df2ac4 # v5
with:
images: |
${{ env.IMAGE_NAME }}
- name: Login to GitHub Container Registry
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3
if: ${{ github.event_name != 'pull_request' }}
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
- name: Build and push
id: build
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
with:
cache-from: type=gha
cache-to: type=gha,mode=max
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.container_meta.outputs.tags }}
labels: ${{ steps.container_meta.outputs.labels }}
load: ${{ github.event_name == 'pull_request' }}
file: "${{ matrix.image }}.Dockerfile"
- uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # v3.3.0
- name: Sign image
if: ${{ github.event_name != 'pull_request' }}
env:
IMAGE: "${{ env.IMAGE_NAME }}@${{ steps.build.outputs.digest }}"
run: |
echo "Signing '$IMAGE' using keyless approach"
cosign sign --yes "$IMAGE"
# container-provenance:
# if: ${{ startsWith(github.ref, 'refs/tags/') }}
# needs:
# - build
# permissions:
# actions: read # for detecting the Github Actions environment.
# id-token: write # for creating OIDC tokens for signing.
# packages: write # for uploading attestations.
# uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.5.0
# with:
# image: ${{ needs.build.outputs.image-name }}
# digest: ${{ needs.build.outputs.image-digest }}
# registry-username: ${{ github.actor }}
# # TODO(https://github.com/slsa-framework/slsa-github-generator/issues/492): Remove after GA release.
# compile-generator: true
# secrets:
# registry-password: ${{ secrets.GITHUB_TOKEN }}
release:
needs: build
name: release
runs-on: ubuntu-22.04
if: ${{ github.event_name != 'pull_request' }}
permissions:
contents: write
pull-requests: write
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
with:
fetch-depth: 0
- name: Semantic Release
uses: cycjimmy/semantic-release-action@3b88c82b34098e8b51e401c1082c9170b0a3ec3c # tag=v3
with:
extra_plugins: |
conventional-changelog-conventionalcommits@5.0.0
env:
GITHUB_TOKEN: ${{ secrets.MIRACUM_BOT_SEMANTIC_RELEASE_TOKEN }}