fix image refs #50
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow uses actions that are not certified by GitHub. | |
| # They are provided by a third-party and are governed by | |
| # separate terms of service, privacy policy, and support | |
| # documentation. | |
| name: Create and publish a Docker image | |
| on: | |
| push: | |
| tags: | |
| - '*' | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| VALKEY_VERSION: 8.0.2 | |
| RELEASE_VERSION: ${{ github.ref_name }} | |
| jobs: | |
| build-and-push-image: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read # for trivy scan upload | |
| packages: write | |
| id-token: write | |
| security-events: write | |
| attestations: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata (Controller tags, labels) for Docker | |
| id: meta_controller | |
| uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.RELEASE_VERSION }} | |
| - name: Extract metadata (Sidecar tags, labels) for Docker | |
| id: meta_sidecar | |
| uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 | |
| with: | |
| images: ${{ env.REGISTRY }}/hyperspike/valkey-sidecar:${{ env.RELEASE_VERSION }} | |
| - name: Extract metadata (Valkey tags, labels) for Docker | |
| id: meta_valkey | |
| uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 | |
| with: | |
| images: ${{ env.REGISTRY }}/hyperspike/valkey:${{ env.VALKEY_VERSION }} | |
| - name: Setup Go ${{ matrix.go-version }} | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: 1.23 | |
| # You can test your matrix by printing the current Go version | |
| - name: Display Go version | |
| run: go version | |
| - name: Build it | |
| id: go_build | |
| run: make V=1 | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc | |
| id: docker_build_controller | |
| with: | |
| file: Dockerfile.controller | |
| context: . | |
| push: true | |
| visibility: public | |
| tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.RELEASE_VERSION }} | |
| labels: ${{ steps.meta_manager.outputs.labels }} | |
| - name: Build and push Sidecar image | |
| uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc | |
| id: docker_build_sidecar | |
| with: | |
| file: Dockerfile.sidecar | |
| context: . | |
| push: true | |
| visibility: public | |
| tags: ${{ env.REGISTRY }}/hyperspike/valkey-sidecar:${{ env.RELEASE_VERSION }} | |
| labels: ${{ steps.meta_sidecar.outputs.labels }} | |
| - name: Build and push Valkey image | |
| uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc | |
| id: docker_build_valkey | |
| with: | |
| file: Dockerfile.valkey | |
| context: . | |
| push: true | |
| visibility: public | |
| tags: ${{ env.REGISTRY }}/hyperspike/valkey:${{ env.VALKEY_VERSION }} | |
| labels: ${{ steps.meta_valkey.outputs.labels }} | |
| - name: Set up Cosign | |
| uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 | |
| - name: Sign Controller image with GitHub OIDC Token | |
| run: | | |
| cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.RELEASE_VERSION }}@${{ steps.docker_build_controller.outputs.digest }} | |
| - name: Sign Sidecar image with GitHub OIDC Token | |
| run: | | |
| cosign sign --yes ${{ env.REGISTRY }}/hyperspike/valkey-sidecar:${{ env.RELEASE_VERSION }}@${{ steps.docker_build_sidecar.outputs.digest }} | |
| - name: Sign Valkey image with GitHub OIDC Token | |
| run: | | |
| cosign sign --yes ${{ env.REGISTRY }}/hyperspike/valkey:${{ env.VALKEY_VERSION }}@${{ steps.docker_build_valkey.outputs.digest }} | |
| - name: Attest the Controller image | |
| uses: actions/attest-build-provenance@v2 | |
| id: attest_controller | |
| with: | |
| subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| subject-digest: ${{ steps.docker_build_controller.outputs.digest }} | |
| push-to-registry: true | |
| - name: Attest the Sidecar image | |
| uses: actions/attest-build-provenance@v2 | |
| id: attest_sidecar | |
| with: | |
| subject-name: ${{ env.REGISTRY }}/hyperspike/valkey-sidecar | |
| subject-digest: ${{ steps.docker_build_sidecar.outputs.digest }} | |
| push-to-registry: true | |
| - name: Attest the Valkey image | |
| uses: actions/attest-build-provenance@v2 | |
| id: attest_valkey | |
| with: | |
| subject-name: ${{ env.REGISTRY }}/hyperspike/valkey | |
| subject-digest: ${{ steps.docker_build_valkey.outputs.digest }} | |
| push-to-registry: true | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.RELEASE_VERSION }}' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v3 | |
| if: always() | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| #env: | |
| # GITHUB_TOKEN: ${{ secrets.TOKEN }} |