-
-
Notifications
You must be signed in to change notification settings - Fork 104
61 lines (61 loc) · 2.01 KB
/
tester_image_builder.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
name: tester_image_builder
on:
push:
branches: [develop]
paths: [images/playwright/**, .github/workflows/image-tester.yml]
pull_request:
paths: [images/playwright/**, .github/workflows/image-tester.yml]
permissions:
contents: read
pull-requests: read
packages: write
env:
GITHUB_REGISTRY: ghcr.io
TESTER_IMAGE_NAME: dyrector-io/dyrectorio/playwright
jobs:
build:
runs-on: ubuntu-22.04
container:
image: ghcr.io/dyrector-io/dyrectorio/builder-images/protobuf:1
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Docker build
run: docker build -t ${GITHUB_REGISTRY}/${TESTER_IMAGE_NAME}:latest ./images/playwright
- name: Docker save
run: docker save ${GITHUB_REGISTRY}/${TESTER_IMAGE_NAME}:latest | gzip -f > tester.zstd
- name: Artifact upload
uses: actions/upload-artifact@v3
with:
name: tester
path: ./tester.zstd
push:
runs-on: ubuntu-22.04
needs: build
container:
image: ghcr.io/dyrector-io/dyrectorio/builder-images/signer:2
if: github.ref_name == 'develop'
environment: Workflow - Protected
steps:
- name: Artifact download
uses: actions/download-artifact@v3
with:
name: tester
path: artifacts
- name: Docker load
run: zcat artifacts/tester.zstd | docker load
- name: Login to GHCR
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GHCR_PAT }}
- name: Docker push
run: docker push ${GITHUB_REGISTRY}/${TESTER_IMAGE_NAME}:latest
- name: Write signing key to disk
run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key
- name: Sign container image
run: |
cosign sign --yes --key cosign.key $(docker inspect --format='{{index .RepoDigests 0}}' ${GITHUB_REGISTRY}/${TESTER_IMAGE_NAME}:latest )
env:
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}