Skip to content

Commit

Permalink
Merge remote-tracking branch 'origin/master' into flyio
Browse files Browse the repository at this point in the history
  • Loading branch information
@andros21
andros21 committed Dec 1, 2023
2 parents 1e15f7b + d0daf67 commit 814d861
Show file tree
Hide file tree
Showing 5 changed files with 124 additions and 110 deletions.
26 changes: 18 additions & 8 deletions .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,18 +15,18 @@ name: build rwalk
- .github/workflows/digesta.yml
- .github/dependabot.yml

permissions:
contents: read
id-token: write
packages: write

env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}

jobs:
build:
name: build rwalk
permissions:
contents: read
packages: write
outputs:
digest: ${{ steps.docker.outputs.digest }}
runs-on: ubuntu-latest
steps:
- name: checkout project
Expand All @@ -43,7 +43,7 @@ jobs:
run: |
poetry export -o requirements.txt
- name: install cosign
uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19
uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8
- name: verify base images
run: |
cosign dockerfile verify \
Expand All @@ -67,7 +67,7 @@ jobs:
images: ${{ env.IMAGE_NAME }}
- name: build rwalk (devel)
id: docker
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56
with:
context: .
push: true
Expand All @@ -85,9 +85,19 @@ jobs:
curl -X GET http://localhost:8080 || (docker logs smoke_rwalk && exit 1)
docker logs smoke_rwalk
docker stop smoke_rwalk
cosign:
name: cosign rwalk
runs-on: ubuntu-latest
permissions:
id-token: write
packages: write
needs: build
steps:
- name: install cosign
uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19
- name: cosign rwalk
run: |
cosign sign -y "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.docker.outputs.digest }}"
cosign sign -y "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ needs.build.outputs.digest }}"
- name: install crane
uses: imjasonh/setup-crane@00c9e93efa4e1138c9a7a5c594acd6c75a2fbf0c
- name: tag rwalk (latest)
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/deploy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ jobs:
- name: checkout project
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- name: install cosign
uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19
uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8
- name: verify rwalk image
run: |
cosign verify \
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ RUN [".venv/bin/python3", "rwalker.py"]
# * Copy venv from st stage
# * Copy simulation data results from nd stage
#
FROM cgr.dev/chainguard/python:latest@sha256:b8ae05271a3ac82634033e938cac688a92952119197056865ffb76e8edf1c008
FROM cgr.dev/chainguard/python:latest@sha256:ded184cec247b6d6e4dcd202442cee861691c0943f3df47eb92a3ef9fe98875e
WORKDIR /home/nonroot
COPY . .
COPY --from=venv /home/nonroot/.venv .venv
Expand Down
Loading

0 comments on commit 814d861

Please sign in to comment.