-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Bruno Bressi <[email protected]>
- Loading branch information
Showing
2 changed files
with
77 additions
and
38 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,56 +1,64 @@ | ||
| name: Build Image & Chart | ||
| name: Build Image | ||
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| - main | ||
| tags: | ||
| - '*' | ||
|
|
||
| jobs: | ||
| build: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout Repo | ||
| uses: actions/checkout@v2 | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| - name: Docker meta | ||
| id: meta | ||
| uses: docker/metadata-action@v5 | ||
| with: | ||
| images: | | ||
| mtr.devops.telekom.de/caas/cosignwebhook | ||
| ghcr.io/eumel8/cosignwebhook/cosignwebhook | ||
| tags: | | ||
| type=ref,event=tag | ||
| type=ref,event=branch | ||
| type=ref,event=pr | ||
| type=raw,value=latest | ||
| - name: Install Cosign | ||
| uses: sigstore/cosign-installer@main | ||
| with: | ||
| cosign-release: 'v2.2.0' | ||
| - name: Login Build Sign Push | ||
| - name: Set up QEMU | ||
| uses: docker/setup-qemu-action@v3 | ||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
| - name: Login to MTR | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| registry: mtr.devops.telekom.de | ||
| username: ${{ secrets.DOCKER_USERNAME }} | ||
| password: ${{ secrets.DOCKER_PASSWORD }} | ||
| - name: Login to GitHub Container Registry | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| registry: ghcr.io | ||
| username: ${{ github.repository_owner }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: Build and push | ||
| uses: docker/build-push-action@v5 | ||
| id: build-push | ||
| with: | ||
| context: . | ||
| platforms: linux/amd64,linux/arm64 | ||
| push: true | ||
| tags: | | ||
| mtr.devops.telekom.de/caas/cosignwebhook:latest | ||
| ghcr.io/eumel8/cosignwebhook/cosignwebhook:latest | ||
| ${{ steps.meta.outputs.tags }} | ||
| - name: Sign Push | ||
| run: | | ||
| echo "${{ secrets.GITHUB_TOKEN }}" | docker login ${GHR} -u ${{ github.actor }} --password-stdin | ||
| docker login -u="${DOCKER_USERNAME}" -p="${DOCKER_PASSWORD}" ${MTR} | ||
| VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') | ||
| export DOCKER_BUILDKIT=1 | ||
| docker build -f Dockerfile -t ${MTR}/${REPO}/${IMAGE}:${VERSION} . | ||
| docker tag ${MTR}/${REPO}/${IMAGE}:${VERSION} ${GHR}/${{ github.repository_owner }}/${IMAGE}/${IMAGE}:${VERSION} | ||
| docker push ${MTR}/${REPO}/${IMAGE}:${VERSION} | ||
| docker push ghcr.io/${{ github.repository_owner }}/${IMAGE}/${IMAGE}:${VERSION} | ||
| cosign sign --key env://COSIGN_KEY --tlog-upload=false ${MTR}/${REPO}/${IMAGE}:${VERSION} | ||
| cosign sign --key env://COSIGN_KEY --tlog-upload=false ${GHR}/${{ github.repository_owner }}/${IMAGE}/${IMAGE}:${VERSION} | ||
| cosign sign --key env://COSIGN_KEY --tlog-upload=false ghcr.io/eumel8/cosignwebhook/cosignwebhook@${{ steps.build-push.outputs.digest }} | ||
| cosign sign --key env://COSIGN_KEY --tlog-upload=false mtr.devops.telekom.de/caas/cosignwebhook@${{ steps.build-push.outputs.digest }} | ||
| env: | ||
| DOCKER_USERNAME: ${{secrets.DOCKER_USERNAME}} | ||
| DOCKER_PASSWORD: ${{secrets.DOCKER_PASSWORD}} | ||
| GHR: ghcr.io | ||
| MTR: mtr.devops.telekom.de | ||
| REPO: caas | ||
| IMAGE: cosignwebhook | ||
| COSIGN_KEY: ${{secrets.COSIGN_KEY}} | ||
| COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}} | ||
| - name: Helm lint & package & push | ||
| run: | | ||
| curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash | ||
| helm version | ||
| HELM_EXPERIMENTAL_OCI=1 helm registry login ${GHR} -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} | ||
| HELM_EXPERIMENTAL_OCI=1 helm registry login ${MTR} -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD} | ||
| helm lint chart | ||
| helm package chart | ||
| HELM_EXPERIMENTAL_OCI=1 helm push $(ls *.tgz| head -1) oci://${GHR}/${{ github.actor }}/charts | ||
| HELM_EXPERIMENTAL_OCI=1 helm push $(ls *.tgz| head -1) oci://${MTR}/${REPO}/charts | ||
| env: | ||
| DOCKER_USERNAME: ${{secrets.DOCKER_USERNAME}} | ||
| DOCKER_PASSWORD: ${{secrets.DOCKER_PASSWORD}} | ||
| GHR: ghcr.io | ||
| MTR: mtr.devops.telekom.de | ||
| REPO: caas |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| name: Build Chart | ||
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| - main | ||
| tags: | ||
| - '*' | ||
|
|
||
| jobs: | ||
| build: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout Repo | ||
| uses: actions/checkout@v2 | ||
| - name: Helm lint & package & push | ||
| run: | | ||
| curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash | ||
| helm version | ||
| helm registry login ${GHR} -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} | ||
| helm registry login ${MTR} -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD} | ||
| helm lint chart | ||
| helm package chart | ||
| helm push $(ls *.tgz| head -1) oci://${GHR}/${{ github.actor }}/charts | ||
| helm push $(ls *.tgz| head -1) oci://${MTR}/${REPO}/charts | ||
| env: | ||
| DOCKER_USERNAME: ${{secrets.DOCKER_USERNAME}} | ||
| DOCKER_PASSWORD: ${{secrets.DOCKER_PASSWORD}} | ||
| GHR: ghcr.io | ||
| MTR: mtr.devops.telekom.de | ||
| REPO: caas |