From 1515b9d983db316bfa48c202201f707912b0f6ea Mon Sep 17 00:00:00 2001 From: Shiloh Heurich Date: Thu, 8 Feb 2024 09:24:14 -0500 Subject: [PATCH] manually run makefile.yml only; add manual option for docker-publish.yml --- .github/workflows/docker-publish.yml | 113 ++++++++++++++------------- .github/workflows/makefile.yml | 34 ++++---- 2 files changed, 72 insertions(+), 75 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 223c2e8..fab6a93 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -3,9 +3,10 @@ name: ci on: push: branches: - - "main" + - "main" tags: - - 'v*' + - "v*" + workflow_dispatch: jobs: build-image: @@ -18,66 +19,66 @@ jobs: name: build-image steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 1 + - uses: actions/checkout@v4 + with: + fetch-depth: 1 - - name: Install Cosign - uses: sigstore/cosign-installer@v3 + - name: Install Cosign + uses: sigstore/cosign-installer@v3 - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - - id: docker_meta - uses: docker/metadata-action@v5 - with: - images: ghcr.io/${{ github.repository }} + - id: docker_meta + uses: docker/metadata-action@v5 + with: + images: ghcr.io/${{ github.repository }} - - name: Determine SOURCE_DATE_EPOCH - id: source_date_epoch - run: | - echo "SOURCE_DATE_EPOCH=$(git show -s --format=%ct $GITHUB_SHA)" >> $GITHUB_OUTPUT + - name: Determine SOURCE_DATE_EPOCH + id: source_date_epoch + run: | + echo "SOURCE_DATE_EPOCH=$(git show -s --format=%ct $GITHUB_SHA)" >> $GITHUB_OUTPUT - - name: Build and Push container images - uses: docker/build-push-action@v5 - id: build-and-push - with: - build-args: | - SOURCE_DATE_EPOCH=${{ steps.source_date_epoch.outputs.SOURCE_DATE_EPOCH }} - cache-from: type=gha - cache-to: type=gha,mode=max - context: . - platforms: linux/amd64 - push: true - tags: ${{ steps.docker_meta.outputs.tags }} + - name: Build and Push container images + uses: docker/build-push-action@v5 + id: build-and-push + with: + build-args: | + SOURCE_DATE_EPOCH=${{ steps.source_date_epoch.outputs.SOURCE_DATE_EPOCH }} + cache-from: type=gha + cache-to: type=gha,mode=max + context: . + platforms: linux/amd64 + push: true + tags: ${{ steps.docker_meta.outputs.tags }} - - name: Sign the images with GitHub OIDC Token - env: - DIGEST: ${{ steps.build-and-push.outputs.digest }} - TAGS: ${{ steps.docker_meta.outputs.tags }} - run: | - images="" - for tag in ${TAGS}; do - images+="${tag}@${DIGEST} " - done - cosign sign --yes ${images} + - name: Sign the images with GitHub OIDC Token + env: + DIGEST: ${{ steps.build-and-push.outputs.digest }} + TAGS: ${{ steps.docker_meta.outputs.tags }} + run: | + images="" + for tag in ${TAGS}; do + images+="${tag}@${DIGEST} " + done + cosign sign --yes ${images} - - name: Verify the image - env: - DIGEST: ${{ steps.build-and-push.outputs.digest }} - IMAGE: ghcr.io/${{ github.repository }} - run: | - cosign verify ${IMAGE}@${DIGEST} \ - --certificate-identity https://github.com/sheurich/coen/.github/workflows/docker-publish.yml@refs/heads/main \ - --certificate-oidc-issuer https://token.actions.githubusercontent.com | - jq + - name: Verify the image + env: + DIGEST: ${{ steps.build-and-push.outputs.digest }} + IMAGE: ghcr.io/${{ github.repository }} + run: | + cosign verify ${IMAGE}@${DIGEST} \ + --certificate-identity https://github.com/sheurich/coen/.github/workflows/docker-publish.yml@refs/heads/main \ + --certificate-oidc-issuer https://token.actions.githubusercontent.com | + jq diff --git a/.github/workflows/makefile.yml b/.github/workflows/makefile.yml index e79720c..90b117c 100644 --- a/.github/workflows/makefile.yml +++ b/.github/workflows/makefile.yml @@ -1,32 +1,28 @@ name: Makefile CI on: - push: - branches: ["main"] - pull_request: - branches: ["main"] + workflow_dispatch: jobs: build: - runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v4 - - name: Build a Docker container image using the Dockerfile - run: make build + - name: Build a Docker container image using the Dockerfile + run: make build - - name: Run a Docker container to build the COEN ISO image - shell: 'script -q -e -c "bash --noprofile --norc -eo pipefail {0}"' - run: make run + - name: Run a Docker container to build the COEN ISO image + shell: 'script -q -e -c "bash --noprofile --norc -eo pipefail {0}"' + run: make run - - name: Copy the resultant COEN ISO image from the Docker container into the host directory - run: make copy + - name: Copy the resultant COEN ISO image from the Docker container into the host directory + run: make copy - - name: Store Output - uses: actions/upload-artifact@v4 - with: - name: 'COEN ISO' - overwrite: true - path: coen-*.iso + - name: Store Output + uses: actions/upload-artifact@v4 + with: + name: "COEN ISO" + overwrite: true + path: coen-*.iso