Skip to content

Commit

Permalink
Add GitHub workflow to build and push container image
Browse files Browse the repository at this point in the history
  • Loading branch information
bheisig committed Oct 17, 2023
1 parent 54a87eb commit 0619a08
Showing 1 changed file with 60 additions and 0 deletions.
60 changes: 60 additions & 0 deletions .github/workflows/container.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
---
name: Container

on:
push:
branches:
# - main
- update-toolchain/2023/42

env:
REGISTRY_DOMAIN: ${{ secrets.REGISTRY_DOMAIN }}
REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
CONTAINER_IMAGE: ${{ secrets.REGISTRY_DOMAIN }}/docs/environment
# TAG: ${{ env.GITHUB_REF_NAME }}
TAG: main

jobs:
build:
name: Build and push container image
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/[email protected]
with:
fetch-depth: 1
- name: Set up Docker Buildx
uses: docker/[email protected]
- name: Login into container registry
uses: docker/[email protected]
with:
registry: ${{ secrets.REGISTRY_DOMAIN }}
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Build container image and push it to registry
uses: docker/[email protected]
id: build-and-push
with:
context: .
file: Dockerfile
build-args: |
USER_ID="$(id -u)"
GROUP_ID="$(id -g)"
pull: true
push: true
tags: ${{ env.CONTAINER_IMAGE }}:${{ env.TAG }}
- name: Install Cosign
uses: sigstore/[email protected]
- name: Sign container image
env:
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
DIGEST: ${{ steps.build-and-push.outputs.digest }}
run: >
cosign
sign
--yes
--key env://COSIGN_PRIVATE_KEY
--tlog-upload=false
"${TAG}@${DIGEST}"

0 comments on commit 0619a08

Please sign in to comment.