mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-15 17:51:20 +00:00
e3d3f1d0fb
Signed-off-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
87 lines
2.8 KiB
YAML
87 lines
2.8 KiB
YAML
name: image
|
|
on:
|
|
push:
|
|
branches:
|
|
- 'main'
|
|
- 'release*'
|
|
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
id-token: write
|
|
|
|
jobs:
|
|
push-init-kyverno:
|
|
uses: ./.github/workflows/reuse.yaml
|
|
with:
|
|
publish_command: ko-publish-kyvernopre
|
|
image_name: kyvernopre
|
|
tag: image
|
|
secrets:
|
|
registry_username: ${{ github.actor }}
|
|
registry_password: ${{ secrets.CR_PAT }}
|
|
|
|
push-kyverno:
|
|
uses: ./.github/workflows/reuse.yaml
|
|
with:
|
|
publish_command: ko-publish-kyverno
|
|
image_name: kyverno
|
|
tag: image
|
|
secrets:
|
|
registry_username: ${{ github.actor }}
|
|
registry_password: ${{ secrets.CR_PAT }}
|
|
|
|
push-kyverno-cli:
|
|
uses: ./.github/workflows/reuse.yaml
|
|
with:
|
|
publish_command: ko-publish-cli
|
|
image_name: kyverno-cli
|
|
tag: image
|
|
secrets:
|
|
registry_username: ${{ github.actor }}
|
|
registry_password: ${{ secrets.CR_PAT }}
|
|
|
|
generate-init-kyverno-provenance:
|
|
needs: push-init-kyverno
|
|
permissions:
|
|
id-token: write # To sign the provenance.
|
|
packages: write # To upload assets to release.
|
|
actions: read #To read the workflow path.
|
|
# NOTE: The container generator workflow is not officially released as GA.
|
|
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.2.2
|
|
with:
|
|
image: ghcr.io/${{ github.repository_owner }}/kyvernopre
|
|
digest: "${{ needs.push-init-kyverno.outputs.init-container-digest }}"
|
|
registry-username: ${{ github.actor }}
|
|
secrets:
|
|
registry-password: ${{ secrets.CR_PAT }}
|
|
|
|
generate-kyverno-provenance:
|
|
needs: push-kyverno
|
|
permissions:
|
|
id-token: write # To sign the provenance.
|
|
packages: write # To upload assets to release.
|
|
actions: read #To read the workflow path.
|
|
# NOTE: The container generator workflow is not officially released as GA.
|
|
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.2.2
|
|
with:
|
|
image: ghcr.io/${{ github.repository_owner }}/kyverno
|
|
digest: "${{ needs.push-kyverno.outputs.kyverno-digest }}"
|
|
registry-username: ${{ github.actor }}
|
|
secrets:
|
|
registry-password: ${{ secrets.CR_PAT }}
|
|
|
|
generate-kyverno-cli-provenance:
|
|
needs: push-kyverno-cli
|
|
permissions:
|
|
id-token: write # To sign the provenance.
|
|
packages: write # To upload assets to release.
|
|
actions: read #To read the workflow path.
|
|
# NOTE: The container generator workflow is not officially released as GA.
|
|
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.2.2
|
|
with:
|
|
image: ghcr.io/${{ github.repository_owner }}/kyverno-cli
|
|
digest: "${{ needs.push-kyverno-cli.outputs.cli-digest }}"
|
|
registry-username: ${{ github.actor }}
|
|
secrets:
|
|
registry-password: ${{ secrets.CR_PAT }}
|