Skip to content

Add workflow for building image #20

Add workflow for building image

Add workflow for building image #20

Workflow file for this run

# https://docs.github.com/en/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions#upgrading-a-workflow-that-accesses-a-registry-using-a-personal-access-token
name: Build Image
on:
push:
branches:
- main
tags:
- image/v*
pull_request:
env:
REGISTRY: ghcr.io
SCOPED_NAME: ${{ github.repository_owner }}/checkton
IMAGE: ghcr.io/${{ github.repository_owner }}/checkton
jobs:
build:
runs-on: ubuntu-latest
permissions:
id-token: write
attestations: write
packages: write
contents: read
outputs:
versioned_image: ${{ steps.tag.outputs.versioned_image }}
digest: ${{ steps.push.outputs.digest }}
steps:
- uses: actions/checkout@v4
- name: Build image
uses: redhat-actions/buildah-build@v2
with:
containerfiles: Dockerfile
image: ${{ env.IMAGE }}
tags: |
${{ github.sha }}
- name: Generate SBOM
uses: anchore/sbom-action@v0
with:
image: ${{ env.IMAGE }}:${{ github.sha }}
format: cyclonedx-json
output-file: .sbom.json
upload-artifact: false
upload-release-assets: false
- name: Login to registry
uses: redhat-actions/podman-login@v1
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Push image
id: push
uses: redhat-actions/push-to-registry@v2
with:
registry: ${{ env.REGISTRY }}
image: ${{ env.SCOPED_NAME }}
tags: |
${{ github.sha }}
- name: Generate image attestation
uses: actions/attest-build-provenance@v1
with:
subject-name: ${{ env.IMAGE }}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true
- name: Generate SBOM attestation
uses: actions/attest-sbom@v1
with:
subject-name: ${{ env.IMAGE }}
subject-digest: ${{ steps.push.outputs.digest }}
sbom-path: .sbom.json
push-to-registry: true
- name: Tag with release version
if: ${{ startsWith(github.ref, 'refs/tags/image/v') || true }}
id: tag
run: |
#!/bin/bash
set -e
version='test'
skopeo copy "docker://$IMAGE:$GITHUB_SHA" "docker://$IMAGE:$version"
echo "versioned_image=$IMAGE:$version" >> "$GITHUB_OUTPUT"
bump-image:
if: ${{ startsWith(github.ref, 'refs/tags/image/v') || true }}

Check failure on line 92 in .github/workflows/push-image.yaml

View workflow run for this annotation

GitHub Actions / Build Image

Invalid workflow file

The workflow is not valid. .github/workflows/push-image.yaml (Line: 92, Col: 5): Required property is missing: runs-on
needs: [build]
steps:
- uses: actions/checkout@v4
- name: Bump image ref in action.yaml
env:
VERSIONED_IMAGE: ${{ needs.build.outputs.versioned_image }}
DIGEST: ${{ needs.build.outputs.digest }}
run: |
#!/bin/bash
set -e
sed -E "s;(\s*)image: .*;\1image: ${VERSIONED_IMAGE}@${DIGEST};" -i action.yaml
if [[ -z "$(git diff)" ]]; then
exit
fi
git checkout -b "selfupdate/$version"
version=${VERSIONED_IMAGE##*:} # extract the tag
git add action.yaml
git commit \
--author "Checkton Bot <[email protected]>" \
-m "action.yaml: update to $version"
git push --set-upstream origin "selfupdate/$version"
gh pr create --fill