ci: move healthcheck image to build with distroless #8

Workflow file for this run

.github/workflows/distroless.yml at 43621ce

	name: Build Ockam Distroless Images

	on:
	workflow_dispatch:
	inputs:
	commit_sha:
	description: Git commit sha, on which, to run this workflow
	push:
	paths:
	- 'tools/docker/wolfi/**'

	permissions:
	contents: read

	defaults:
	run:
	shell: bash

	env:
	ARCH_TO_BUILD_IMAGES: amd64
	ORGANIZATION: ${{ github.repository_owner }}

	jobs:
	build_base_image:
	name: "Build Ockam Distroless Base Image"
	runs-on: ubuntu-20.04
	permissions:
	packages: write
	# environment: release

	steps:
	- name: Checkout
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
	with:
	ref: ${{ github.event.inputs.commit_sha }}

	- name: Generate Signing Key
	run: docker run --rm -v "${PWD}":/work cgr.dev/chainguard/melange keygen

	- name: Build Erlang Image
	run: docker run --rm --privileged -v "${PWD}":/work cgr.dev/chainguard/melange build tools/docker/wolfi/erlang_package.yaml -k melange.rsa.pub --signing-key melange.rsa --arch ${{ env.ARCH_TO_BUILD_IMAGES }}

	- name: Build Elixir Image
	run: docker run --rm --privileged -v "${PWD}":/work cgr.dev/chainguard/melange build tools/docker/wolfi/elixir_package.yaml -k melange.rsa.pub --signing-key melange.rsa --arch ${{ env.ARCH_TO_BUILD_IMAGES }}

	- name: Build Builder Image
	run: docker run --rm -v ${PWD}:/work -w /work cgr.dev/chainguard/apko build tools/docker/wolfi/builder_image.yaml -k melange.rsa.pub ghcr.io/${{ env.ORGANIZATION }}/ockam-elixir-builder:latest builder_image.tar

	- name: Build Base Image
	run: docker run --rm -v ${PWD}:/work -w /work cgr.dev/chainguard/apko build tools/docker/wolfi/base_image.yaml -k melange.rsa.pub ghcr.io/${{ env.ORGANIZATION }}/ockam-elixir-base:latest base_image.tar

	- name: Load Images
	run: \|
	docker load < base_image.tar
	docker load < builder_image.tar

	- uses: docker/login-action@bc135a1993a1d0db3e9debefa0cfcb70443cc94c # v2.1.0
	with:
	registry: ghcr.io
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GITHUB_TOKEN }}


	- name: Push Images
	run: \|
	docker tag ghcr.io/${{ env.ORGANIZATION }}/ockam-elixir-base:latest-${{ env.ARCH_TO_BUILD_IMAGES }} ghcr.io/${{ env.ORGANIZATION }}/ockam-elixir-base:latest
	docker push ghcr.io/${{ env.ORGANIZATION }}/ockam-elixir-base:latest

	docker tag ghcr.io/${{ env.ORGANIZATION }}/ockam-elixir-builder:latest-${{ env.ARCH_TO_BUILD_IMAGES }} ghcr.io/${{ env.ORGANIZATION }}/ockam-elixir-builder:latest
	docker push ghcr.io/${{ env.ORGANIZATION }}/ockam-elixir-builder:latest

	- name: Get Image ref
	id: image_ref
	run: \|
	base=$(docker image inspect ghcr.io/${{ env.ORGANIZATION }}/ockam-elixir-base:latest \| jq -r .[0].Id)
	builder=$(docker image inspect ghcr.io/${{ env.ORGANIZATION }}/ockam-elixir-builder:latest \| jq -r .[0].Id)

	echo "BUILDER=$builder" >> $GITHUB_OUTPUT
	echo "BASE=$base" >> $GITHUB_OUTPUT

	- name: Install Cosign
	uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19
	with:
	cosign-release: 'v2.2.1'

	- uses: build-trust/.github/actions/image_cosign@custom-actions
	with:
	cosign_private_key: '${{ secrets.COSIGN_PRIVATE_KEY }}'
	cosign_password: '${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }}'
	image: 'ghcr.io/${{ env.ORGANIZATION }}/ockam-elixir-base:latest'
	ref: ${{ steps.image_ref.outputs.BASE }}

	- uses: build-trust/.github/actions/image_cosign@custom-actions
	with:
	cosign_private_key: '${{ secrets.COSIGN_PRIVATE_KEY }}'
	cosign_password: '${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }}'
	image: 'ghcr.io/${{ env.ORGANIZATION }}/ockam-elixir-builder:latest'
	ref: ${{ steps.image_ref.outputs.BUILDER }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci: move healthcheck image to build with distroless #8

Workflow file

ci: move healthcheck image to build with distroless #8

Jobs

Run details

Workflow file for this run