1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
external-secrets/.github/workflows/rebuild-image.yml
dependabot[bot] 5f3a048700
chore(deps): bump actions/checkout from 4.1.4 to 4.1.5 (#3487)
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.4 to 4.1.5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](0ad4b8fada...44c2b7a8a4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-13 13:40:37 -03:00

70 lines
2.2 KiB
YAML

name: Rebuild
on:
workflow_dispatch:
inputs:
ref:
description: 'ref to rebuild, can be a tag, branch or commit sha.'
required: true
default: 'v0.6.1'
permissions:
contents: read
jobs:
checkout:
name: Checkout repo
runs-on: ubuntu-latest
outputs:
timestamp: ${{ steps.timestamp.outputs.timestamp }}
steps:
- name: Checkout
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
with:
fetch-depth: 0
ref: ${{ github.event.inputs.ref }}
- name: set timestamp output
id: timestamp
run: |
echo "timestamp=$(date +%s)" >> $GITHUB_OUTPUT
# this rebuilds the image and creates a new tag with a timestamp suffix
# e.g. v0.6.1-1669145271 and v0.6.1-ubi-1669145271
publish-artifacts:
uses: ./.github/workflows/publish.yml
needs: checkout
permissions:
id-token: write
contents: read
strategy:
matrix:
include:
- dockerfile: "Dockerfile"
build-args: "CGO_ENABLED=0"
build-arch: "amd64 arm64"
build-platform: "linux/amd64,linux/arm64"
tag-suffix: "-${{ needs.checkout.outputs.timestamp }}" # distroless
- dockerfile: "Dockerfile.ubi"
build-args: "CGO_ENABLED=0"
build-arch: "amd64 arm64"
build-platform: "linux/amd64,linux/arm64"
tag-suffix: "-ubi-${{ needs.checkout.outputs.timestamp }}" # ubi
- dockerfile: "Dockerfile.ubi"
build-args: "CGO_ENABLED=0 GOEXPERIMENT=boringcrypto" # fips
build-arch: "amd64"
build-platform: "linux/amd64"
tag-suffix: "-ubi-boringssl-${{ needs.checkout.outputs.timestamp }}"
with:
dockerfile: ${{ matrix.dockerfile }}
tag-suffix: ${{ matrix.tag-suffix }}
image-name: ghcr.io/${{ github.repository }}
build-platform: ${{ matrix.build-platform }}
build-args: ${{ matrix.build-args }}
build-arch: ${{ matrix.build-arch }}
ref: ${{ github.event.inputs.ref }}
image-tag: ${{ github.event.inputs.ref }}
secrets:
GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }}
GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }}