Skip to content

Commit

Permalink
disable stuff
Browse files Browse the repository at this point in the history
Signed-off-by: Tuomas Katila <[email protected]>
  • Loading branch information
tkatila committed Sep 4, 2024
1 parent 35011b0 commit 3f512a0
Show file tree
Hide file tree
Showing 2 changed files with 62 additions and 62 deletions.
78 changes: 39 additions & 39 deletions .github/workflows/devel.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,50 +9,50 @@ permissions:
pull-requests: read

jobs:
trivy:
permissions:
actions: read
contents: read
security-events: write
uses: "./.github/workflows/lib-trivy.yaml"
with:
upload-to-github-security-tab: true

validate:
uses: "./.github/workflows/lib-validate.yaml"

codeql:
permissions:
actions: read
contents: read
security-events: write
uses: "./.github/workflows/lib-codeql.yaml"

scorecard:
permissions:
contents: read
id-token: write
security-events: write
uses: "./.github/workflows/lib-scorecard.yaml"

build:
needs:
- validate
- trivy
uses: "./.github/workflows/lib-build.yaml"

e2e:
needs:
- build
uses: "./.github/workflows/lib-e2e.yaml"
# trivy:
# permissions:
# actions: read
# contents: read
# security-events: write
# uses: "./.github/workflows/lib-trivy.yaml"
# with:
# upload-to-github-security-tab: true

# validate:
# uses: "./.github/workflows/lib-validate.yaml"

# codeql:
# permissions:
# actions: read
# contents: read
# security-events: write
# uses: "./.github/workflows/lib-codeql.yaml"

# scorecard:
# permissions:
# contents: read
# id-token: write
# security-events: write
# uses: "./.github/workflows/lib-scorecard.yaml"

# build:
# needs:
# - validate
# - trivy
# uses: "./.github/workflows/lib-build.yaml"

# e2e:
# needs:
# - build
# uses: "./.github/workflows/lib-e2e.yaml"

# devel image push
publish:
permissions:
contents: read
id-token: write
needs:
- e2e
- build
# needs:
# - e2e
# - build
uses: "./.github/workflows/lib-publish.yaml"
secrets: inherit
46 changes: 23 additions & 23 deletions .github/workflows/lib-publish.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -103,26 +103,26 @@ jobs:
sudo freshclam
docker save $FULL_IMAGE -o $IMG_FILE
clamscan $IMG_FILE
- name: Test image base layer
# Don't run base layer check for selected images
if: ${{ !contains(fromJson(env.no_base_check), matrix.image) }}
run: IMG=${{ inputs.registry }}/${{ matrix.image }}:${{ inputs.image_tag }} make test-image-base-layer BUILDER=docker
- name: Login
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_PASS }}
- name: Push
run: docker push ${{ inputs.registry }}/${{ matrix.image }}:${{ inputs.image_tag }}
- name: Get image digest
if: ${{ inputs.image_tag != 'devel' }}
id: digest
run: |
echo "image_sha=$(docker inspect --format='{{index .RepoDigests 0}}' ${{ inputs.registry }}/${{ matrix.image }}:${{ inputs.image_tag }})" >> $GITHUB_OUTPUT
- name: Install cosign
if: ${{ inputs.image_tag != 'devel' }}
uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 #v3.6.0
- name: Keyless image sign
if: ${{ inputs.image_tag != 'devel' }}
run: |
cosign sign --yes ${{ steps.digest.outputs.image_sha }}
# - name: Test image base layer
# # Don't run base layer check for selected images
# if: ${{ !contains(fromJson(env.no_base_check), matrix.image) }}
# run: IMG=${{ inputs.registry }}/${{ matrix.image }}:${{ inputs.image_tag }} make test-image-base-layer BUILDER=docker
# - name: Login
# uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
# with:
# username: ${{ secrets.DOCKERHUB_USER }}
# password: ${{ secrets.DOCKERHUB_PASS }}
# - name: Push
# run: docker push ${{ inputs.registry }}/${{ matrix.image }}:${{ inputs.image_tag }}
# - name: Get image digest
# if: ${{ inputs.image_tag != 'devel' }}
# id: digest
# run: |
# echo "image_sha=$(docker inspect --format='{{index .RepoDigests 0}}' ${{ inputs.registry }}/${{ matrix.image }}:${{ inputs.image_tag }})" >> $GITHUB_OUTPUT
# - name: Install cosign
# if: ${{ inputs.image_tag != 'devel' }}
# uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 #v3.6.0
# - name: Keyless image sign
# if: ${{ inputs.image_tag != 'devel' }}
# run: |
# cosign sign --yes ${{ steps.digest.outputs.image_sha }}

0 comments on commit 3f512a0

Please sign in to comment.