From 640afd9eeadf52da891b2a9bcd81adb38b1b047c Mon Sep 17 00:00:00 2001 From: vokomarov Date: Fri, 15 Nov 2024 16:46:35 +0200 Subject: [PATCH 1/2] Upgrade kubectl, github actions --- .github/workflows/build.yml | 2 +- .github/workflows/deploy.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7d58b77..a93b7e9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -52,7 +52,7 @@ jobs: # Build and push Docker image with Build (don't push on PR) # https://github.com/docker/build-push-action - name: Build and push - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: . push: ${{ github.event_name != 'pull_request' }} diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 840a12b..d1daec3 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -13,7 +13,7 @@ env: INFRA_REPO_REF: main CLUSTER: k8s-cash-track NAMESPACE: cash-track - KUBECTL_BIN: https://storage.googleapis.com/kubernetes-release/release/v1.24.4/bin/linux/amd64/kubectl + KUBECTL_BIN: https://storage.googleapis.com/kubernetes-release/release/v1.31.0/bin/linux/amd64/kubectl jobs: deploy: From 757119c7380209af20393e82802d9f35942bc8f4 Mon Sep 17 00:00:00 2001 From: vokomarov Date: Fri, 15 Nov 2024 17:22:32 +0200 Subject: [PATCH 2/2] Add attestation --- .github/workflows/build.yml | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a93b7e9..84f217f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -6,6 +6,7 @@ on: types: [ published ] env: + REGISTRY: docker.io REPO: cashtrack/website jobs: @@ -14,6 +15,8 @@ jobs: permissions: contents: read packages: write + id-token: write + attestations: write steps: - name: Checkout repository @@ -41,8 +44,8 @@ jobs: type=sha type=semver,pattern={{version}} - # Setup BuildX - # https://github.com/docker/setup-buildx-action + # Setup BuildX + # https://github.com/docker/setup-buildx-action - name: Setup BuildX uses: docker/setup-buildx-action@v3 id: buildx @@ -53,8 +56,17 @@ jobs: # https://github.com/docker/build-push-action - name: Build and push uses: docker/build-push-action@v6 + id: push with: context: . push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} + + - name: Attest + uses: actions/attest-build-provenance@v1 + id: attest + with: + subject-name: ${{ env.REGISTRY }}/${{ env.REPO }} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true