forked from TrueCloudLab/distribution
0e18af15f8
GitHub Workflows security hardening
134 lines
3.4 KiB
YAML
134 lines
3.4 KiB
YAML
name: build
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- 'main'
|
|
- 'release/*'
|
|
tags:
|
|
- 'v*'
|
|
pull_request:
|
|
|
|
env:
|
|
DOCKERHUB_SLUG: distribution/distribution
|
|
|
|
permissions:
|
|
contents: read # to fetch code (actions/checkout)
|
|
|
|
jobs:
|
|
test:
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
go:
|
|
- 1.18
|
|
- 1.19.10
|
|
steps:
|
|
-
|
|
name: Checkout
|
|
uses: actions/checkout@v3
|
|
-
|
|
name: Set up Go
|
|
uses: actions/setup-go@v3
|
|
with:
|
|
go-version: ${{ matrix.go }}
|
|
-
|
|
name: Test
|
|
run: |
|
|
make coverage
|
|
-
|
|
name: Codecov
|
|
uses: codecov/codecov-action@v3
|
|
with:
|
|
directory: ./
|
|
|
|
build:
|
|
permissions:
|
|
contents: write # to create GitHub release (softprops/action-gh-release)
|
|
|
|
runs-on: ubuntu-latest
|
|
needs:
|
|
- test
|
|
steps:
|
|
-
|
|
name: Checkout
|
|
uses: actions/checkout@v3
|
|
with:
|
|
fetch-depth: 0
|
|
-
|
|
name: Docker meta
|
|
id: meta
|
|
uses: docker/metadata-action@v4
|
|
with:
|
|
images: |
|
|
${{ env.DOCKERHUB_SLUG }}
|
|
### versioning strategy
|
|
### push semver tag v3.2.1 on main (default branch)
|
|
# distribution/distribution:3.2.1
|
|
# distribution/distribution:3.2
|
|
# distribution/distribution:3
|
|
# distribution/distribution:latest
|
|
### push semver prelease tag v3.0.0-beta.1 on main (default branch)
|
|
# distribution/distribution:3.0.0-beta.1
|
|
### push on main
|
|
# distribution/distribution:edge
|
|
tags: |
|
|
type=semver,pattern={{version}}
|
|
type=semver,pattern={{major}}.{{minor}}
|
|
type=semver,pattern={{major}}
|
|
type=ref,event=pr
|
|
type=edge
|
|
labels: |
|
|
org.opencontainers.image.title=Distribution
|
|
org.opencontainers.image.description=The toolkit to pack, ship, store, and deliver container content
|
|
-
|
|
name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v2
|
|
-
|
|
name: Login to DockerHub
|
|
if: github.event_name != 'pull_request'
|
|
uses: docker/login-action@v2
|
|
with:
|
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
-
|
|
name: Build artifacts
|
|
uses: docker/bake-action@v2
|
|
with:
|
|
targets: artifact-all
|
|
-
|
|
name: Move artifacts
|
|
run: |
|
|
mv ./bin/**/* ./bin/
|
|
-
|
|
name: Upload artifacts
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: registry
|
|
path: ./bin/*
|
|
if-no-files-found: error
|
|
-
|
|
name: Build image
|
|
uses: docker/bake-action@v2
|
|
with:
|
|
files: |
|
|
./docker-bake.hcl
|
|
${{ steps.meta.outputs.bake-file }}
|
|
targets: image-all
|
|
push: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') }}
|
|
-
|
|
name: GitHub Release
|
|
uses: softprops/action-gh-release@v1
|
|
if: startsWith(github.ref, 'refs/tags/')
|
|
with:
|
|
draft: true
|
|
files: |
|
|
bin/*.tar.gz
|
|
bin/*.sha256
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|