Skip to content

Build echo-server

Build echo-server #5

name: Build echo-server
on:
workflow_dispatch:
permissions: read-all
defaults:
run:
shell: bash
env:
IMAGE_REGISTRY: docker.io
IMAGE_NAME: ${{ github.event.repository.name }}-echo-server
REGISTRY_USERNAME: laurentsimon
jobs:
build:
outputs:
image: ${{ steps.image.outputs.image }}
digest: ${{ steps.build.outputs.digest }}
permissions:
packages: write # for uploading attestations.
contents: read
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2.3.4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@dc7b9719a96d48369863986a06765841d7ea23f6 # v2.0.0
- name: Authenticate Docker
uses: docker/login-action@49ed152c8eca782a232dede0303416e8f356c37b # v2.0.0
with:
# Use docker to simpliy local testing.
registry: ${{ env.IMAGE_REGISTRY }}
username: ${{ env.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
# username: ${{ github.actor }}
# password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@69f6fc9d46f2f8bf0d5491e4aabe0bb8c6a4678a # v4.0.1
with:
images: ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Build and push Docker image
uses: docker/build-push-action@e551b19e49efd4e98792db7592c17c09b89db8d8 # v3.0.0
id: build
with:
push: true
context: "{{defaultContext}}:images/echo-server"
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Output image
id: image
run: |
image_name="${IMAGE_REGISTRY}/${IMAGE_NAME}"
echo "image=$image_name" >> "$GITHUB_OUTPUT"
provenance:
needs: [build]
permissions:
actions: read # for detecting the Github Actions environment.
id-token: write # for creating OIDC tokens for signing.
packages: write # for uploading attestations.
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
with:
image: ${{ needs.build.outputs.image }}
digest: ${{ needs.build.outputs.digest }}
# Use name rather than env variable because env are not available for reusable workflows.
registry-username: laurentsimon
#registry-username: ${{ github.actor }}
secrets:
registry-password: ${{ secrets.REGISTRY_PASSWORD }}
#registry-password: ${{ secrets.GITHUB_TOKEN }}
run:
needs: [build, provenance]
runs-on: ubuntu-latest
steps:
- name: Authenticate Docker
uses: docker/login-action@49ed152c8eca782a232dede0303416e8f356c37b # v2.0.0
with:
# Use docker to simpliy local testing.
registry: ${{ env.IMAGE_REGISTRY }}
username: ${{ env.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
# username: ${{ github.actor }}
# password: ${{ secrets.GITHUB_TOKEN }}
- name: Run it
env:
IMAGE: ${{ needs.build.outputs.image }}
DIGEST: ${{ needs.build.outputs.digest }}
run: |
docker pull "${IMAGE}@${DIGEST}"
# See https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions for log types.
echo "::warning ${IMAGE}@${DIGEST}"