mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-07 00:17:13 +00:00
48ebe0f4c6
Use concurrency to ensure that only a single job or workflow using the same concurrency group will run at a time. A concurrency group can be any string or expression. Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
91 lines
2.9 KiB
YAML
91 lines
2.9 KiB
YAML
name: image
|
|
on:
|
|
push:
|
|
branches:
|
|
- 'main'
|
|
- 'release*'
|
|
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
id-token: write
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
push-init-kyverno:
|
|
uses: ./.github/workflows/reuse.yaml
|
|
with:
|
|
publish_command: ko-publish-kyvernopre
|
|
image_name: kyvernopre
|
|
tag: image
|
|
secrets:
|
|
registry_username: ${{ github.actor }}
|
|
registry_password: ${{ secrets.CR_PAT }}
|
|
|
|
push-kyverno:
|
|
uses: ./.github/workflows/reuse.yaml
|
|
with:
|
|
publish_command: ko-publish-kyverno
|
|
image_name: kyverno
|
|
tag: image
|
|
secrets:
|
|
registry_username: ${{ github.actor }}
|
|
registry_password: ${{ secrets.CR_PAT }}
|
|
|
|
push-kyverno-cli:
|
|
uses: ./.github/workflows/reuse.yaml
|
|
with:
|
|
publish_command: ko-publish-cli
|
|
image_name: kyverno-cli
|
|
tag: image
|
|
secrets:
|
|
registry_username: ${{ github.actor }}
|
|
registry_password: ${{ secrets.CR_PAT }}
|
|
|
|
generate-init-kyverno-provenance:
|
|
needs: push-init-kyverno
|
|
permissions:
|
|
id-token: write # To sign the provenance.
|
|
packages: write # To upload assets to release.
|
|
actions: read #To read the workflow path.
|
|
# NOTE: The container generator workflow is not officially released as GA.
|
|
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.3.0
|
|
with:
|
|
image: ghcr.io/${{ github.repository_owner }}/kyvernopre
|
|
digest: "${{ needs.push-init-kyverno.outputs.init-container-digest }}"
|
|
registry-username: ${{ github.actor }}
|
|
secrets:
|
|
registry-password: ${{ secrets.CR_PAT }}
|
|
|
|
generate-kyverno-provenance:
|
|
needs: push-kyverno
|
|
permissions:
|
|
id-token: write # To sign the provenance.
|
|
packages: write # To upload assets to release.
|
|
actions: read #To read the workflow path.
|
|
# NOTE: The container generator workflow is not officially released as GA.
|
|
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.3.0
|
|
with:
|
|
image: ghcr.io/${{ github.repository_owner }}/kyverno
|
|
digest: "${{ needs.push-kyverno.outputs.kyverno-digest }}"
|
|
registry-username: ${{ github.actor }}
|
|
secrets:
|
|
registry-password: ${{ secrets.CR_PAT }}
|
|
|
|
generate-kyverno-cli-provenance:
|
|
needs: push-kyverno-cli
|
|
permissions:
|
|
id-token: write # To sign the provenance.
|
|
packages: write # To upload assets to release.
|
|
actions: read #To read the workflow path.
|
|
# NOTE: The container generator workflow is not officially released as GA.
|
|
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.3.0
|
|
with:
|
|
image: ghcr.io/${{ github.repository_owner }}/kyverno-cli
|
|
digest: "${{ needs.push-kyverno-cli.outputs.cli-digest }}"
|
|
registry-username: ${{ github.actor }}
|
|
secrets:
|
|
registry-password: ${{ secrets.CR_PAT }}
|