Skip to content
This repository has been archived by the owner on Sep 21, 2024. It is now read-only.

feat: Roll noosphere-ucan-key-support into noosphere-ucan, replace ed25519-zebra with ed25519-dalek. #1747

feat: Roll noosphere-ucan-key-support into noosphere-ucan, replace ed25519-zebra with ed25519-dalek.

feat: Roll noosphere-ucan-key-support into noosphere-ucan, replace ed25519-zebra with ed25519-dalek. #1747

on:
pull_request:
push:
branches:
- main
workflow_call:
inputs:
image-tag:
type: string
workflow_dispatch:
inputs:
image-tag:
type: string
name: 'Container images'
jobs:
build-and-push:
name: 'Build and push'
if: ${{ github.actor != 'dependabot[bot]' }}
runs-on: ubuntu-latest
# It would be ideal to run container build jobs sequentially, but the
# current behavior of Github Workflow "concurrency" prevents this from
# being viable because it cancels any pending jobs instead of queuing
# them. An outstanding feature request to fix this can be found here:
# https://github.com/orgs/community/discussions/5435
#
# Ultimately this is a build speed optimization for us, so not a deal
# breaker to comment out for now.
#
# concurrency:
# group: ${{ needs.determine-image-tags.outputs.concurrency }}
# cancel-in-progress: false
permissions:
contents: 'read'
id-token: 'write'
packages: write
strategy:
matrix:
image:
- name: 'orb'
file: 'images/orb/Dockerfile'
- name: 'orb-ns'
file: 'images/orb-ns/Dockerfile'
steps:
- uses: actions/checkout@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- id: 'authenticate'
name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@v1'
with:
token_format: 'access_token'
workload_identity_provider: 'projects/${{ secrets.GCP_PROJECT_NUMBER }}/locations/global/workloadIdentityPools/base-default/providers/github-provider'
service_account: 'artifact-writer@${{ secrets.GCP_PROJECT_ID }}.iam.gserviceaccount.com'
- name: 'Set up Google Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v1'
with:
version: '>= 413.0.0'
- name: 'Set up Google Cloud Docker auth helper'
run: gcloud auth configure-docker us-central1-docker.pkg.dev
- name: 'Log Docker in to Google Artifact Registry'
uses: 'docker/[email protected]'
with:
registry: 'us-central1-docker.pkg.dev'
username: 'oauth2accesstoken'
password: '${{ steps.authenticate.outputs.access_token }}'
- name: 'Log Docker in to GitHub Container Registry'
uses: 'docker/[email protected]'
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Docker Metadata
id: meta
uses: docker/metadata-action@v4
with:
images: |
us-central1-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/subconscious/${{ matrix.image.name }}
ghcr.io/${{ github.repository_owner }}/${{ matrix.image.name }}
tags: |
type=ref,event=pr
type=sha
type=raw,value=latest,enable={{is_default_branch}}
- name: Build and push container images
uses: docker/build-push-action@v4
with:
file: ${{ matrix.image.file }}
context: .
cache-from: type=gha
cache-to: type=gha,mode=max
push: true
tags: ${{ steps.meta.outputs.tags }}