Build and Push to GHCR #553
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Push to GHCR | |
| on: | |
| push: | |
| branches: [main] | |
| schedule: | |
| - cron: "0 1 * * *" # Run once every day | |
| jobs: | |
| build_and_push_docker_images: | |
| name: Push Docker image to GHCR | |
| permissions: | |
| packages: write | |
| contents: read | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| version: [current, equuleus] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out the repo | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
| with: | |
| repository: vyos/vyos-build | |
| ref: ${{ matrix.version }} | |
| - name: Get the current date | |
| id: date | |
| run: echo "::set-output name=date::$(date -u +%Y%m%d%H%M%S)" | |
| - name: Build Production Images | |
| if: github.event_name != 'pull_request' | |
| id: build-image | |
| uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2 | |
| with: | |
| image: vyos | |
| tags: ${{ matrix.version }} ${{ matrix.version}}-${{ steps.date.outputs.date }} | |
| build-args: | | |
| VYOS_VERSION=${{ matrix.version }} | |
| DEBIAN_VERSION=buster | |
| containerfiles: | | |
| ./docker-vyos/Dockerfile | |
| # PUSH | |
| - name: Push To GHCR | |
| id: push-to-ghcr | |
| uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2 | |
| with: | |
| username: ${{ github.actor }} | |
| password: ${{ github.token }} | |
| image: ${{ steps.build-image.outputs.image }} | |
| tags: ${{ steps.build-image.outputs.tags }} | |
| registry: ghcr.io/${{ github.repository_owner }} | |
| # SIGN | |
| - uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8 # v3.2.0 | |
| - name: Sign GHCR Image | |
| run: | | |
| cosign login ghcr.io -u ${{ github.actor }} -p ${{ github.token }} | |
| cosign sign -y --key env://COSIGN_PRIVATE_KEY ghcr.io/${{ github.repository_owner }}/${{ steps.build-image.outputs.image }}@${GHCR_TAGS} | |
| env: | |
| COSIGN_EXPERIMENTAL: false | |
| GHCR_TAGS: ${{ steps.push-to-ghcr.outputs.digest }} | |
| COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} | |
| - name: Print image URLs | |
| run: | | |
| echo "Image pushed to ${{ steps.push-to-ghcr.outputs.registry-paths }}" |