Update test-permissions.yml #77
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Next CLI container build | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- main | |
paths-ignore: docs/ | |
env: | |
REGISTRY: ghcr.io | |
IMAGE_NAME: ${{ github.repository }} | |
INIT_IMAGE_NAME: ${{ github.repository }}-init | |
NEXT_TAG: next | |
permissions: | |
id-token: write | |
contents: read | |
attestations: write | |
packages: write | |
jobs: | |
docker-image-build: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 | |
- name: Login to ghcr.io | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Build and push base Kit container | |
id: build-kit-container | |
uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 | |
with: | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
context: . | |
file: build/dockerfiles/Dockerfile | |
build-args: | | |
KIT_VERSION=${{ github.ref_name }} | |
tags: | | |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.NEXT_TAG }} | |
annotations: | | |
index:org.opencontainers.image.description=Kit CLI container built from source | |
index:org.opencontainers.image.source=https://github.com/jozu-ai/kitops | |
index:org.opencontainers.image.licenses=Apache-2.0 | |
- name: Build and push Kit init container | |
id: build-kit-init-container | |
uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 | |
with: | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
context: build/dockerfiles/init | |
file: build/dockerfiles/init/Dockerfile | |
build-args: | | |
KIT_BASE_IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-kit-container.outputs.digest }} | |
tags: | | |
${{ env.REGISTRY }}/${{ env.INIT_IMAGE_NAME }}:${{ env.NEXT_TAG }} | |
annotations: | | |
index:org.opencontainers.image.description=Kit CLI init container | |
index:org.opencontainers.image.source=https://github.com/jozu-ai/kitops | |
index:org.opencontainers.image.licenses=Apache-2.0 | |
# - name: Generate artifact attestation for base container | |
# uses: actions/attest-build-provenance@6149ea5740be74af77f260b9db67e633f6b0a9a1 # v1.4.2 | |
# with: | |
# subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
# subject-digest: ${{ steps.build-kit-container.outputs.digest }} | |
# push-to-registry: true | |
# - name: Generate artifact attestation for base container | |
# uses: actions/attest-build-provenance@6149ea5740be74af77f260b9db67e633f6b0a9a1 # v1.4.2 | |
# with: | |
# subject-name: ${{ env.REGISTRY }}/${{ env.INIT_IMAGE_NAME }} | |
# subject-digest: ${{ steps.build-kit-init-container.outputs.digest }} | |
# push-to-registry: true |