github/workflows/centos: Also push zstd:chunked compressed images

See: #128 See: https://fedoraproject.org/wiki/Changes/zstd:chunked See: https://docs.podman.io/en/latest/markdown/podman-push.1.html#compression-format-gzip-zstd-zstd-chunked See: coreos/fedora-coreos-tracker#1660
toolbx-images · Jul 10, 2024 · 198c24f · 198c24f
1 parent daae19a
commit 198c24f
Showing 1 changed file with 44 additions and 0 deletions.
diff --git a/.github/workflows/centos.yaml b/.github/workflows/centos.yaml
@@ -84,6 +84,20 @@ jobs:
           registry: ${{ env.registry }}
           tags: ${{ matrix.release }}
 
+      - name: Push to Container Registry (zstd)
+        uses: redhat-actions/push-to-registry@v2
+        id: push-zstd
+        if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main' && env.latest_release != matrix.release
+        with:
+          username: ${{ secrets.BOT_USERNAME }}
+          password: ${{ secrets.BOT_SECRET }}
+          image: ${{ env.distro }}-toolbox
+          registry: ${{ env.registry }}
+          tags: ${{ matrix.release }}-zstd
+          extra-args: |
+            --compression-format=zstd:chunked
+            --compression-level=19
+
       - name: Push to Container Registry (latest tag)
         uses: redhat-actions/push-to-registry@v2
         id: push-latest
@@ -95,6 +109,20 @@ jobs:
           registry: ${{ env.registry }}
           tags: ${{ matrix.release }} latest
 
+      - name: Push to Container Registry (latest tag, zstd)
+        uses: redhat-actions/push-to-registry@v2
+        id: push-latest-zstd
+        if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main' && env.latest_release == matrix.release
+        with:
+          username: ${{ secrets.BOT_USERNAME }}
+          password: ${{ secrets.BOT_SECRET }}
+          image: ${{ env.distro }}-toolbox
+          registry: ${{ env.registry }}
+          tags: ${{ matrix.release }}-zstd latest-zstd
+          extra-args: |
+            --compression-format=zstd:chunked
+            --compression-level=19
+
       - name: Login to Container Registry
         uses: redhat-actions/podman-login@v1
         if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main'
@@ -114,10 +142,26 @@ jobs:
           COSIGN_EXPERIMENTAL: false
           COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
 
+      - name: Sign container image (zstd)
+        if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main' && env.latest_release != matrix.release
+        run: |
+          cosign sign -y --recursive --key env://COSIGN_PRIVATE_KEY ${{ env.registry }}/${{ env.distro }}-toolbox@${{ steps.push-zstd.outputs.digest }}
+        env:
+          COSIGN_EXPERIMENTAL: false
+          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
+
       - name: Sign container image (latest)
         if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main' && env.latest_release == matrix.release
         run: |
           cosign sign -y --recursive --key env://COSIGN_PRIVATE_KEY ${{ env.registry }}/${{ env.distro }}-toolbox@${{ steps.push-latest.outputs.digest }}
         env:
           COSIGN_EXPERIMENTAL: false
           COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
+
+      - name: Sign container image (latest, zstd)
+        if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main' && env.latest_release == matrix.release
+        run: |
+          cosign sign -y --recursive --key env://COSIGN_PRIVATE_KEY ${{ env.registry }}/${{ env.distro }}-toolbox@${{ steps.push-latest-zstd.outputs.digest }}
+        env:
+          COSIGN_EXPERIMENTAL: false
+          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}