mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-07 00:17:13 +00:00
Code Activity
kyverno/.github/workflows/image.yaml
Naman Lakhwani 8350aadc58
Fix: CI job to release images (#2929) 
* making required changes in images workflow

Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>

* making required changes in release workflow

Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>

Co-authored-by: shuting <shutting06@gmail.com>
2022-01-10 14:10:44 +00:00

160 lines
4.1 KiB
YAML
Raw Blame History

name: image
on:
push:
branches:
- 'main'
jobs:
push-init-kyverno:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Unshallow
run: git fetch --prune --unshallow
- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.16
- name: Install Cosign
uses: sigstore/cosign-installer@main
with:
cosign-release: 'v1.4.1'
- name: login to GitHub Container Registry
run: echo ${{ secrets.CR_PAT }} | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
id: buildx
with:
install: true
- name: docker images publish
run: |
make docker-publish-sigs
make docker-publish-initContainer-dev
- name: get digest
id: get-step
run: |
echo "::set-output name=digest::$(make docker-get-initContainer-dev-digest)"
- name: Sign image
env:
COSIGN_EXPERIMENTAL: "true"
run: |
cosign sign \
-a "repo=${{ github.repository }}" \
-a "workflow=${{ github.workflow }}" \
-a "ref=${{ github.sha }}" \
ghcr.io/kyverno/kyvernopre@sha256:${{ steps.get-step.outputs.digest }}
push-kyverno:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Unshallow
run: git fetch --prune --unshallow
- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.16
- name: Install Cosign
uses: sigstore/cosign-installer@main
with:
cosign-release: 'v1.4.1'
- name: login to GitHub Container Registry
run: echo ${{ secrets.CR_PAT }} | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
id: buildx
with:
install: true
- name: docker images publish
run: |
make docker-publish-kyverno-dev
- name: get digest
id: get-step
run: |
echo "::set-output name=digest::$(make docker-get-kyverno-dev-digest)"
- name: Sign image
env:
COSIGN_EXPERIMENTAL: "true"
run: |
cosign sign \
-a "repo=${{ github.repository }}" \
-a "workflow=${{ github.workflow }}" \
-a "ref=${{ github.sha }}" \
ghcr.io/kyverno/kyverno@sha256:${{ steps.get-step.outputs.digest }}
push-kyverno-cli:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Unshallow
run: git fetch --prune --unshallow
- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.16
- name: Install Cosign
uses: sigstore/cosign-installer@main
with:
cosign-release: 'v1.4.1'
- name: login to GitHub Container Registry
run: echo ${{ secrets.CR_PAT }} | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
id: buildx
with:
install: true
- name: docker images publish
run: |
make docker-publish-cli-dev
- name: get digest
id: get-step
run: |
echo "::set-output name=digest::$(make docker-get-cli-dev-digest)"
- name: Sign image
env:
COSIGN_EXPERIMENTAL: "true"
run: |
cosign sign \
-a "repo=${{ github.repository }}" \
-a "workflow=${{ github.workflow }}" \
-a "ref=${{ github.sha }}" \
ghcr.io/kyverno/kyverno-cli@sha256:${{ steps.get-step.outputs.digest }}
View git blame Copy permalink