63 lines
1.9 KiB
YAML
63 lines
1.9 KiB
YAML
###############################################################################
|
|
# GitHub Actions equivalent of the Forgejo workflow.
|
|
# Disabled by default - rename to build.yml or remove the `if:` guard below
|
|
# if you decide to mirror to GitHub.
|
|
###############################################################################
|
|
|
|
name: build-image-github
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
# Uncomment when you actually want GitHub to build:
|
|
# push:
|
|
# branches: [main]
|
|
# schedule:
|
|
# - cron: "0 6 * * 1"
|
|
|
|
env:
|
|
IMAGE_NAME: kamos
|
|
IMAGE_TAGS: "stable latest"
|
|
REGISTRY: ghcr.io
|
|
|
|
jobs:
|
|
build:
|
|
runs-on: ubuntu-latest
|
|
if: ${{ false }} # remove this line to enable
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
id-token: write
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Login to GHCR
|
|
uses: redhat-actions/podman-login@v1
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Build
|
|
run: |
|
|
IMAGE_REF="${REGISTRY}/${{ github.repository_owner }}/${IMAGE_NAME}"
|
|
podman build \
|
|
--pull=newer \
|
|
$(for t in $IMAGE_TAGS; do echo --tag "${IMAGE_REF}:${t}"; done) \
|
|
.
|
|
|
|
- name: Push
|
|
run: |
|
|
IMAGE_REF="${REGISTRY}/${{ github.repository_owner }}/${IMAGE_NAME}"
|
|
for t in $IMAGE_TAGS; do podman push "${IMAGE_REF}:${t}"; done
|
|
|
|
- name: Sign
|
|
env:
|
|
COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}
|
|
COSIGN_PASSWORD: ""
|
|
run: |
|
|
IMAGE_REF="${REGISTRY}/${{ github.repository_owner }}/${IMAGE_NAME}"
|
|
for t in $IMAGE_TAGS; do
|
|
DIGEST=$(skopeo inspect --format '{{.Digest}}' "docker://${IMAGE_REF}:${t}")
|
|
cosign sign --yes --key env://COSIGN_PRIVATE_KEY "${IMAGE_REF}@${DIGEST}"
|
|
done
|