mirror of
https://github.com/Frooodle/Stirling-PDF.git
synced 2025-01-14 00:10:40 +01:00
test
This commit is contained in:
Anthony Stirling
parent
f4ae4ac5c4
commit
34ddc298cf
46
.github/workflows/push-docker.yml
vendored
46
.github/workflows/push-docker.yml
vendored
@ -5,7 +5,7 @@ on:
|
|||||||
push:
|
push:
|
||||||
branches:
|
branches:
|
||||||
- master
|
- master
|
||||||
- main
|
- docker-rename
|
||||||
|
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
@ -85,9 +85,9 @@ jobs:
|
|||||||
tags: |
|
tags: |
|
||||||
type=raw,value=${{ steps.versionNumber.outputs.versionNumber }},enable=${{ github.ref == 'refs/heads/master' }}
|
type=raw,value=${{ steps.versionNumber.outputs.versionNumber }},enable=${{ github.ref == 'refs/heads/master' }}
|
||||||
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/master' }}
|
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/master' }}
|
||||||
type=raw,value=alpha,enable=${{ github.ref == 'refs/heads/main' }}
|
type=raw,value=alpha,enable=${{ github.ref == 'refs/heads/docker-rename' }}
|
||||||
|
|
||||||
- name: Build and push main Dockerfile
|
- name: Build and push docker-rename Dockerfile
|
||||||
id: build-push-regular
|
id: build-push-regular
|
||||||
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
|
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
|
||||||
with:
|
with:
|
||||||
@ -108,33 +108,33 @@ jobs:
|
|||||||
env:
|
env:
|
||||||
DIGEST: ${{ steps.build-push-regular.outputs.digest }}
|
DIGEST: ${{ steps.build-push-regular.outputs.digest }}
|
||||||
TAGS: ${{ steps.meta.outputs.tags }}
|
TAGS: ${{ steps.meta.outputs.tags }}
|
||||||
|
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
|
||||||
|
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
|
||||||
run: |
|
run: |
|
||||||
# Always sign images regardless of branch
|
# Always sign images regardless of branch
|
||||||
echo "$TAGS" | tr ',' '\n' | while read -r tag; do
|
echo "$TAGS" | tr ',' '\n' | while read -r tag; do
|
||||||
cosign sign --yes \
|
cosign sign --yes \
|
||||||
--identity-token ${ACTIONS_ID_TOKEN_REQUEST_TOKEN} \
|
--key env://COSIGN_PRIVATE_KEY \
|
||||||
--force \
|
|
||||||
"${tag}@${DIGEST}"
|
"${tag}@${DIGEST}"
|
||||||
done
|
done
|
||||||
|
|
||||||
# For alpha builds specifically
|
# For alpha builds specifically, we want to ensure they're marked as development builds
|
||||||
if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
|
if [[ "${{ github.ref }}" == "refs/heads/docker-rename" ]]; then
|
||||||
echo "Signing alpha build with development attestation"
|
echo "Signing alpha build with development attestation"
|
||||||
echo "$TAGS" | tr ',' '\n' | while read -r tag; do
|
echo "$TAGS" | tr ',' '\n' | while read -r tag; do
|
||||||
if [[ $tag == *":alpha" ]]; then
|
if [[ $tag == *":alpha" ]]; then
|
||||||
cosign attest --yes \
|
cosign attest --key env://COSIGN_PRIVATE_KEY \
|
||||||
--identity-token ${ACTIONS_ID_TOKEN_REQUEST_TOKEN} \
|
|
||||||
--force \
|
|
||||||
--predicate <(echo '{"type":"development"}') \
|
--predicate <(echo '{"type":"development"}') \
|
||||||
"${tag}@${DIGEST}"
|
--yes "${tag}@${DIGEST}"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
- name: Generate tags ultra-lite
|
- name: Generate tags ultra-lite
|
||||||
id: meta2
|
id: meta2
|
||||||
uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
|
uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
|
||||||
if: github.ref != 'refs/heads/main'
|
if: github.ref != 'refs/heads/docker-rename'
|
||||||
with:
|
with:
|
||||||
images: |
|
images: |
|
||||||
${{ secrets.DOCKER_HUB_USERNAME }}/s-pdf
|
${{ secrets.DOCKER_HUB_USERNAME }}/s-pdf
|
||||||
@ -148,7 +148,7 @@ jobs:
|
|||||||
- name: Build and push Dockerfile-ultra-lite
|
- name: Build and push Dockerfile-ultra-lite
|
||||||
id: build-push-lite
|
id: build-push-lite
|
||||||
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
|
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
|
||||||
if: github.ref != 'refs/heads/main'
|
if: github.ref != 'refs/heads/docker-rename'
|
||||||
with:
|
with:
|
||||||
context: .
|
context: .
|
||||||
file: ./Dockerfile.ultra-lite
|
file: ./Dockerfile.ultra-lite
|
||||||
@ -163,19 +163,21 @@ jobs:
|
|||||||
sbom: true
|
sbom: true
|
||||||
|
|
||||||
- name: Sign ultra-lite images
|
- name: Sign ultra-lite images
|
||||||
if: github.ref != 'refs/heads/main'
|
if: github.ref != 'refs/heads/docker-rename'
|
||||||
env:
|
env:
|
||||||
DIGEST: ${{ steps.build-push-lite.outputs.digest }}
|
DIGEST: ${{ steps.build-push-lite.outputs.digest }}
|
||||||
TAGS: ${{ steps.meta2.outputs.tags }}
|
TAGS: ${{ steps.meta2.outputs.tags }}
|
||||||
|
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
|
||||||
|
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
|
||||||
run: |
|
run: |
|
||||||
echo "$TAGS" | tr ',' '\n' | while read -r tag; do
|
echo "$TAGS" | tr ',' '\n' | while read -r tag; do
|
||||||
cosign sign --yes "${tag}@${DIGEST}"
|
cosign sign --key env://COSIGN_PRIVATE_KEY --yes "${tag}@${DIGEST}"
|
||||||
done
|
done
|
||||||
|
|
||||||
- name: Generate tags fat
|
- name: Generate tags fat
|
||||||
id: meta3
|
id: meta3
|
||||||
uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
|
uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
|
||||||
if: github.ref != 'refs/heads/main'
|
if: github.ref != 'refs/heads/docker-rename'
|
||||||
with:
|
with:
|
||||||
images: |
|
images: |
|
||||||
${{ secrets.DOCKER_HUB_USERNAME }}/s-pdf
|
${{ secrets.DOCKER_HUB_USERNAME }}/s-pdf
|
||||||
@ -186,10 +188,10 @@ jobs:
|
|||||||
type=raw,value=${{ steps.versionNumber.outputs.versionNumber }}-fat,enable=${{ github.ref == 'refs/heads/master' }}
|
type=raw,value=${{ steps.versionNumber.outputs.versionNumber }}-fat,enable=${{ github.ref == 'refs/heads/master' }}
|
||||||
type=raw,value=latest-fat,enable=${{ github.ref == 'refs/heads/master' }}
|
type=raw,value=latest-fat,enable=${{ github.ref == 'refs/heads/master' }}
|
||||||
|
|
||||||
- name: Build and push main Dockerfile fat
|
- name: Build and push docker-rename Dockerfile fat
|
||||||
id: build-push-fat
|
id: build-push-fat
|
||||||
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
|
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
|
||||||
if: github.ref != 'refs/heads/main'
|
if: github.ref != 'refs/heads/docker-rename'
|
||||||
with:
|
with:
|
||||||
builder: ${{ steps.buildx.outputs.name }}
|
builder: ${{ steps.buildx.outputs.name }}
|
||||||
context: .
|
context: .
|
||||||
@ -205,11 +207,13 @@ jobs:
|
|||||||
sbom: true
|
sbom: true
|
||||||
|
|
||||||
- name: Sign fat images
|
- name: Sign fat images
|
||||||
if: github.ref != 'refs/heads/main'
|
if: github.ref != 'refs/heads/docker-rename'
|
||||||
env:
|
env:
|
||||||
DIGEST: ${{ steps.build-push-fat.outputs.digest }}
|
DIGEST: ${{ steps.build-push-fat.outputs.digest }}
|
||||||
TAGS: ${{ steps.meta3.outputs.tags }}
|
TAGS: ${{ steps.meta3.outputs.tags }}
|
||||||
|
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
|
||||||
|
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
|
||||||
run: |
|
run: |
|
||||||
echo "$TAGS" | tr ',' '\n' | while read -r tag; do
|
echo "$TAGS" | tr ',' '\n' | while read -r tag; do
|
||||||
cosign sign --yes "${tag}@${DIGEST}"
|
cosign sign --key env://COSIGN_PRIVATE_KEY --yes "${tag}@${DIGEST}"
|
||||||
done
|
done
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user