Skip to content

v0.1.0-rc.40

v0.1.0-rc.40 #45

Workflow file for this run

name: Release
on:
release:
types:
- created
jobs:
build-and-push-image:
permissions:
packages: write # Used to push images to ghcr.io
contents: write # Used to upload assets
runs-on: ubuntu-latest
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Install Cosign
uses: sigstore/cosign-installer@v2
- name: Login to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Checkout
uses: actions/checkout@v3
- name: Docker meta
id: meta
uses: docker/metadata-action@v4
with:
images: ghcr.io/akuity/kargo-render
flavor: latest=false
tags: type=semver,pattern={{raw}}
- name: Build and push
uses: docker/build-push-action@v5
with:
platforms: linux/amd64,linux/arm64
build-args: |
VERSION=${{ github.ref_name }}
GIT_COMMIT=${{ github.sha }}
GIT_TREE_STATE=clean
tags: ${{ steps.meta.outputs.tags }}
push: true
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Sign image
env:
TAGS: ${{ steps.meta.outputs.tags }}
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
run: cosign sign --key env://COSIGN_PRIVATE_KEY ${TAGS}
- name: Publish SBOM
uses: anchore/sbom-action@v0
with:
image: ${{ steps.meta.outputs.tags }}