version 0.104.0 with cue 0.12.0 #26

Summary
Jobs
- buildx
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/container.yaml at f7e0470

	name: Container

	# Only allow actors with write permission to the repository to trigger this
	# workflow.
	permissions:
	contents: write

	on:
	push:
	tags:
	- 'v*'
	workflow_dispatch:
	inputs:
	git_ref:
	description: 'Git ref to build (e.g., refs/tags/v1.2.3, refs/heads/main)'
	required: true
	type: string

	jobs:
	buildx:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	packages: write
	attestations: write
	id-token: write
	steps:
	- name: Set tag from trigger event
	id: opts
	run: \|
	if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
	echo "ref=${{ inputs.git_ref }}" >> $GITHUB_OUTPUT
	else
	echo "ref=${GITHUB_REF}" >> $GITHUB_OUTPUT
	fi
	- name: Checkout
	uses: actions/checkout@v4
	with:
	ref: ${{ steps.opts.outputs.ref }}
	- name: SHA
	id: sha
	run: echo "sha=$(/usr/bin/git log -1 --format='%H')" >> $GITHUB_OUTPUT

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3
	- name: Fetch tags
	run: git fetch --prune --unshallow --tags
	- name: Set Tags
	id: tags
	run: \|
	echo "detail=$(/usr/bin/git describe --tags HEAD)" >> $GITHUB_OUTPUT
	echo "suffix=$(test -n "$(git status --porcelain)" && echo '-dirty' \|\| echo '')" >> $GITHUB_OUTPUT
	echo "tag=$(/usr/bin/git describe --tags HEAD)$(test -n "$(git status --porcelain)" && echo '-dirty' \|\| echo '')" >> $GITHUB_OUTPUT

	- name: Login to ghcr.io
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}
	- name: Build and push container images
	id: build-and-push
	uses: docker/build-push-action@v6
	with:
	context: .
	platforms: linux/amd64,linux/arm64
	push: true
	tags: \|
	ghcr.io/holos-run/holos:${{ steps.tags.outputs.tag }}
	ghcr.io/holos-run/holos:${{ steps.sha.outputs.sha }}${{ steps.tags.outputs.suffix }}
	- name: Setup Cosign to sign container images
	uses: sigstore/[email protected]
	- name: Sign with GitHub OIDC Token
	env:
	DIGEST: ${{ steps.build-and-push.outputs.digest }}
	run: \|
	cosign sign --yes ghcr.io/holos-run/holos:${{ steps.tags.outputs.tag }}@${DIGEST}
	cosign sign --yes ghcr.io/holos-run/holos:${{ steps.sha.outputs.sha }}${{ steps.tags.outputs.suffix }}@${DIGEST}

	- uses: actions/create-github-app-token@v1
	id: app-token
	with:
	owner: ${{ github.repository_owner }}
	app-id: ${{ vars.GORELEASER_APP_ID }}
	private-key: ${{ secrets.GORELEASER_APP_PRIVATE_KEY }}
	- name: Get GitHub App User ID
	id: get-user-id
	run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
	env:
	GH_TOKEN: ${{ steps.app-token.outputs.token }}
	- run: \|
	git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]'
	git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com'
	- name: Update holos-run/holos-action
	env:
	IMAGE: ghcr.io/holos-run/holos:v0.102.1
	VERSION: ${{ steps.tags.outputs.tag }}
	USER_ID: ${{ steps.get-user-id.outputs.user-id }}
	TOKEN: ${{ steps.app-token.outputs.token }}
	run: \|
	set -euo pipefail
	git clone "https://github.com/holos-run/holos-action"
	cd holos-action
	git remote set-url origin https://${USER_ID}:${TOKEN}@github.com/holos-run/holos-action
	docker pull --quiet "${IMAGE}"
	docker run -v $(pwd):/app --workdir /app --rm "${IMAGE}" \
	holos cue export --out yaml action.cue -t "version=${VERSION}" > action.yml
	git add action.yml
	git commit -m "ci: update holos to ${VERSION} - https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}" \|\| (echo "No changes to commit"; exit 0)
	git push origin HEAD:main HEAD:v0 HEAD:v1

	- name: Login to quay.io
	uses: docker/login-action@v3
	with:
	registry: quay.io
	username: ${{ secrets.QUAY_USER }}
	password: ${{ secrets.QUAY_TOKEN }}
	- name: Push to quay.io
	env:
	DIGEST: ${{ steps.build-and-push.outputs.digest }}
	run: \|
	# docker push quay.io/holos-run/holos:${{ steps.tags.outputs.tag }}
	docker pull --quiet ghcr.io/holos-run/holos:${{ steps.tags.outputs.tag }}@${DIGEST}
	docker tag ghcr.io/holos-run/holos:${{ steps.tags.outputs.tag }}@${DIGEST} \
	quay.io/holos-run/holos:${{ steps.tags.outputs.tag }}
	docker push quay.io/holos-run/holos:${{ steps.tags.outputs.tag }}

	docker pull --quiet ghcr.io/holos-run/holos:${{ steps.sha.outputs.sha }}${{ steps.tags.outputs.suffix }}@${DIGEST}
	docker tag ghcr.io/holos-run/holos:${{ steps.sha.outputs.sha }}${{ steps.tags.outputs.suffix }}@${DIGEST} \
	quay.io/holos-run/holos:${{ steps.sha.outputs.sha }}${{ steps.tags.outputs.suffix }}
	docker push quay.io/holos-run/holos:${{ steps.sha.outputs.sha }}${{ steps.tags.outputs.suffix }}
	- name: Sign quay.io image
	env:
	DIGEST: ${{ steps.build-and-push.outputs.digest }}
	run: \|
	cosign sign --yes quay.io/holos-run/holos:${{ steps.tags.outputs.tag }}@${DIGEST}
	cosign sign --yes quay.io/holos-run/holos:${{ steps.sha.outputs.sha }}${{ steps.tags.outputs.suffix }}@${DIGEST}

	outputs:
	tag: ${{ steps.tags.outputs.tag }}
	detail: ${{ steps.tags.outputs.detail }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

version 0.104.0 with cue 0.12.0 #26

Workflow file

version 0.104.0 with cue 0.12.0 #26

Jobs

Run details

Workflow file for this run