git-launcher: scrub checkout before launch #3

Workflow file for this run

.github/workflows/git-launcher-release.yml at df7060e

	name: git-launcher Release
	on:
	workflow_dispatch: {}
	push:
	tags:
	- 'git-launcher-v*'

	permissions:
	contents: write
	packages: write
	attestations: write
	id-token: write

	jobs:
	build-and-attest:
	runs-on: ubuntu-latest
	env:
	IMAGE_REGISTRY: docker.io
	IMAGE_REPOSITORY: ${{ vars.DOCKERHUB_ORG }}/git-launcher
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Parse version from tag
	run: \|
	VERSION=${GITHUB_REF#refs/tags/git-launcher-v}
	if [ -z "${VERSION}" ]; then
	echo "Unable to parse version from ref: ${GITHUB_REF}" >&2
	exit 1
	fi
	echo "VERSION=${VERSION}" >> "$GITHUB_ENV"
	echo "IMAGE_REFERENCE=${IMAGE_REGISTRY}/${IMAGE_REPOSITORY}:${VERSION}" >> "$GITHUB_ENV"
	echo "Parsed version: ${VERSION}"

	- name: Run launcher tests
	working-directory: git-launcher
	run: ./tests/run-tests.sh

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Log in to Docker registry
	uses: docker/login-action@v3
	with:
	registry: ${{ env.IMAGE_REGISTRY }}
	username: ${{ vars.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Build and push Docker image
	id: build-and-push
	uses: docker/build-push-action@v5
	with:
	context: git-launcher
	file: git-launcher/docker/Dockerfile
	push: true
	tags: docker.io/${{ vars.DOCKERHUB_ORG }}/git-launcher:${{ env.VERSION }}
	platforms: linux/amd64
	labels: \|
	org.opencontainers.image.title=git-launcher
	org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}
	org.opencontainers.image.revision=${{ github.sha }}
	org.opencontainers.image.version=${{ env.VERSION }}

	- name: Generate artifact attestation
	uses: actions/attest-build-provenance@v1
	with:
	subject-name: docker.io/${{ vars.DOCKERHUB_ORG }}/git-launcher
	subject-digest: ${{ steps.build-and-push.outputs.digest }}
	push-to-registry: true

	- name: Publish summary
	env:
	IMAGE_REFERENCE: ${{ env.IMAGE_REFERENCE }}
	IMAGE_DIGEST: ${{ steps.build-and-push.outputs.digest }}
	run: \|
	{
	echo "## git-launcher image"
	echo ""
	echo "- Tag: \`${IMAGE_REFERENCE}\`"
	echo "- Digest: \`${IMAGE_DIGEST}\`"
	echo "- Sigstore: https://search.sigstore.dev/?hash=${IMAGE_DIGEST}"
	} >> "$GITHUB_STEP_SUMMARY"

	- name: Release
	uses: softprops/action-gh-release@v1
	with:
	body: \|
	## git-launcher image (SHA256)

	- Image: `${{ env.IMAGE_REFERENCE }}`
	- Digest: `${{ steps.build-and-push.outputs.digest }}`
	- Verification: https://search.sigstore.dev/?hash=${{ steps.build-and-push.outputs.digest }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

git-launcher: scrub checkout before launch #3

Workflow file

git-launcher: scrub checkout before launch #3

Uh oh!

Workflow file for this run