generated from ThalesGroup/template-project
-
Notifications
You must be signed in to change notification settings - Fork 1
48 lines (44 loc) · 1.65 KB
/
container-build.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# Using Kaniko: refer to the following documentations:
# * https://github.com/marketplace/actions/kaniko-action
# * https://github.com/int128/kaniko-action#inputs
name: "Build a container that ship with goreleaser, cosign, ko-build, trivy, syft and push to GitHub Container Registry (GHCR)"
on:
pull_request:
branches:
- main
- release/*
push:
branches:
- main
- containerfiles # TODO: remove after testing
# Global KANIKO Variables:
# See: https://github.com/int128/kaniko-action
# - KANIKO_BUILD_CONTEXT is the path to the location of the Containerfile.
# - CONTAINERFILE_NAME is name and location of the Containerfile.
env:
KANIKO_BUILD_CONTEXT: "${{ github.workspace }}"
CONTAINERFILE_NAME: "${{ github.workspace }}/Containerfile.goreleaser-ko-cosign-trivy-syft-x86-arm64-root-usr"
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: docker/metadata-action@v5
id: metadata
with:
images: ghcr.io/${{ github.repository }}
- uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: int128/kaniko-action@v1
with:
push: true
tags: ${{ steps.metadata.outputs.tags }}
labels: ${{ steps.metadata.outputs.labels }}
cache: true
cache-repository: ghcr.io/${{ github.repository }}/cache
file: ${{ env.CONTAINERFILE_NAME }}
context: ${{ env.KANIKO_BUILD_CONTEXT }}
verbosity: "info" # https://github.com/GoogleContainerTools/kaniko#flag---verbosity