Build echo-server #5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build echo-server | |
on: | |
workflow_dispatch: | |
permissions: read-all | |
defaults: | |
run: | |
shell: bash | |
env: | |
IMAGE_REGISTRY: docker.io | |
IMAGE_NAME: ${{ github.event.repository.name }}-echo-server | |
REGISTRY_USERNAME: laurentsimon | |
jobs: | |
build: | |
outputs: | |
image: ${{ steps.image.outputs.image }} | |
digest: ${{ steps.build.outputs.digest }} | |
permissions: | |
packages: write # for uploading attestations. | |
contents: read | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout the repository | |
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2.3.4 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@dc7b9719a96d48369863986a06765841d7ea23f6 # v2.0.0 | |
- name: Authenticate Docker | |
uses: docker/login-action@49ed152c8eca782a232dede0303416e8f356c37b # v2.0.0 | |
with: | |
# Use docker to simpliy local testing. | |
registry: ${{ env.IMAGE_REGISTRY }} | |
username: ${{ env.REGISTRY_USERNAME }} | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
# username: ${{ github.actor }} | |
# password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Extract metadata (tags, labels) for Docker | |
id: meta | |
uses: docker/metadata-action@69f6fc9d46f2f8bf0d5491e4aabe0bb8c6a4678a # v4.0.1 | |
with: | |
images: ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }} | |
- name: Build and push Docker image | |
uses: docker/build-push-action@e551b19e49efd4e98792db7592c17c09b89db8d8 # v3.0.0 | |
id: build | |
with: | |
push: true | |
context: "{{defaultContext}}:images/echo-server" | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
- name: Output image | |
id: image | |
run: | | |
image_name="${IMAGE_REGISTRY}/${IMAGE_NAME}" | |
echo "image=$image_name" >> "$GITHUB_OUTPUT" | |
provenance: | |
needs: [build] | |
permissions: | |
actions: read # for detecting the Github Actions environment. | |
id-token: write # for creating OIDC tokens for signing. | |
packages: write # for uploading attestations. | |
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected] | |
with: | |
image: ${{ needs.build.outputs.image }} | |
digest: ${{ needs.build.outputs.digest }} | |
# Use name rather than env variable because env are not available for reusable workflows. | |
registry-username: laurentsimon | |
#registry-username: ${{ github.actor }} | |
secrets: | |
registry-password: ${{ secrets.REGISTRY_PASSWORD }} | |
#registry-password: ${{ secrets.GITHUB_TOKEN }} | |
run: | |
needs: [build, provenance] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Authenticate Docker | |
uses: docker/login-action@49ed152c8eca782a232dede0303416e8f356c37b # v2.0.0 | |
with: | |
# Use docker to simpliy local testing. | |
registry: ${{ env.IMAGE_REGISTRY }} | |
username: ${{ env.REGISTRY_USERNAME }} | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
# username: ${{ github.actor }} | |
# password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Run it | |
env: | |
IMAGE: ${{ needs.build.outputs.image }} | |
DIGEST: ${{ needs.build.outputs.digest }} | |
run: | | |
docker pull "${IMAGE}@${DIGEST}" | |
# See https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions for log types. | |
echo "::warning ${IMAGE}@${DIGEST}" |