distribution/.github/workflows/build.yml
CrazyMax f09bf31f3e
ci: handle provenance for built artifacts
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2024-01-12 12:35:51 +01:00

161 lines
4.2 KiB
YAML

name: build
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
push:
branches:
- 'main'
- 'release/*'
tags:
- 'v*'
pull_request:
env:
DOCKERHUB_SLUG: distribution/distribution
GHCR_SLUG: ghcr.io/${{ github.repository }}
permissions:
contents: read # to fetch code (actions/checkout)
jobs:
test:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
go:
- 1.20.12
- 1.21.5
target:
- test-coverage
- test-cloud-storage
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ matrix.go }}
-
name: Test
run: |
make ${{ matrix.target }}
-
name: Codecov
uses: codecov/codecov-action@v3
with:
directory: ./
build:
permissions:
contents: write # to create GitHub release (softprops/action-gh-release)
packages: write # so we can push the image to GHCR
runs-on: ubuntu-latest
needs:
- test
steps:
-
name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
-
name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ env.DOCKERHUB_SLUG }}
${{ env.GHCR_SLUG }}
### versioning strategy
### push semver tag v3.2.1 on main (default branch)
# distribution/distribution:3.2.1
# distribution/distribution:3.2
# distribution/distribution:3
# distribution/distribution:latest
### push semver prelease tag v3.0.0-beta.1 on main (default branch)
# distribution/distribution:3.0.0-beta.1
### push on main
# distribution/distribution:edge
tags: |
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=ref,event=pr
type=edge
labels: |
org.opencontainers.image.title=Distribution
org.opencontainers.image.description=The toolkit to pack, ship, store, and distribute container content
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Login to DockerHub
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Log in to GitHub Container registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
-
name: Build artifacts
uses: docker/bake-action@v4
with:
targets: artifact-all
-
name: Rename provenance
run: |
for pdir in ./bin/*/; do
(
cd "$pdir"
binname=$(find . -name '*.tar.gz')
filename=$(basename "${binname%.tar.gz}")
mv "provenance.json" "${filename}.provenance.json"
)
done
-
name: Move and list artifacts
run: |
mv ./bin/**/* ./bin/
tree -nh ./bin
-
name: Upload artifacts
uses: actions/upload-artifact@v3
with:
name: registry
path: ./bin/*
if-no-files-found: error
-
name: Build image
uses: docker/bake-action@v4
with:
files: |
./docker-bake.hcl
${{ steps.meta.outputs.bake-file }}
targets: image-all
push: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') }}
-
name: GitHub Release
uses: softprops/action-gh-release@v1
if: startsWith(github.ref, 'refs/tags/')
with:
draft: true
files: |
bin/*.tar.gz
bin/*.provenance.json
bin/*.sha256
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}