build.yaml

name: build

on: push
    
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Repo
        uses: actions/checkout@v4
      - name: Install Cosign
        uses: sigstore/cosign-installer@main
        with:
          cosign-release: 'v2.2.0'
      - name: Login Build Push
        run: |
          echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
          docker login -u="${DOCKER_USERNAME}" -p="${DOCKER_PASSWORD}" ${MTR}
          VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
          docker build -t ghcr.io/${{ github.repository_owner }}/${IMAGE}/${IMAGE}:${VERSION} .
          docker push ghcr.io/${{ github.repository_owner }}/${IMAGE}/${IMAGE}:${VERSION}
          docker tag ghcr.io/${{ github.repository_owner }}/${IMAGE}/${IMAGE}:${VERSION} ${MTR}/${REPO}:${VERSION}
          docker push ${MTR}/${REPO}:${VERSION}
          cosign sign --key env://COSIGN_KEY --tlog-upload=false ${MTR}/${REPO}:${VERSION}
          cosign sign --key env://COSIGN_KEY --tlog-upload=false ghcr.io/${{ github.repository_owner }}/${IMAGE}/${IMAGE}:${VERSION}
        env:
          COSIGN_KEY: ${{secrets.COSIGN_KEY}}
          DOCKER_USERNAME: ${{secrets.DOCKER_USERNAME}}
          DOCKER_PASSWORD: ${{secrets.DOCKER_PASSWORD}}
          IMAGE: prometheus-auth
          MTR: mtr.devops.telekom.de
          REPO: caas/prometheus-auth