Init Repository #38
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - '*' | |
| tags-ignore: | |
| - '*' | |
| paths-ignore: | |
| - 'demo/**' | |
| - 'docs/**' | |
| - 'LICENSE' | |
| - 'README.md' | |
| workflow_dispatch: | |
| env: | |
| DAGGER_VERSION: "0.14.0" | |
| DOCKER_REGISTRY: ${{ vars.DOCKER_REGISTRY }} | |
| DOCKER_REPOSITORY: ${{ vars.DOCKER_REPOSITORY }} | |
| DOCKER_REGISTRY_USERNAME: ${{ vars.DOCKER_REGISTRY_USERNAME }} | |
| DOCKER_REGISTRY_PASSWORD: ${{ secrets.DOCKER_REGISTRY_PASSWORD }} | |
| GH_DOCKER_REPOSITORY: ${{ vars.GH_DOCKER_REPOSITORY }} | |
| GH_HELM_REPOSITORY: ${{ vars.GH_HELM_REPOSITORY }} | |
| jobs: | |
| docker-unstable: | |
| if: github.ref == 'refs/heads/init' && github.event_name == 'push' | |
| name: Push Docker image | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| target: ["debug", "prod"] | |
| permissions: | |
| contents: read | |
| packages: write | |
| attestations: write | |
| id-token: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set short SHA | |
| id: sha | |
| run: echo "short_sha=${GITHUB_SHA::7}" >> $GITHUB_ENV | |
| - name: Set image tag | |
| id: tag | |
| run: | | |
| if [ "${{ github.ref }}" == "refs/heads/init" ]; then | |
| if [[ "${{ matrix.target }}" == "debug" ]]; then | |
| echo "tag=unstable-debug" >> $GITHUB_ENV | |
| else | |
| echo "tag=unstable" >> $GITHUB_ENV | |
| fi | |
| else | |
| if [[ "${{ matrix.target }}" == "debug" ]]; then | |
| echo "tag=build-${{ env.short_sha }}-debug" >> $GITHUB_ENV | |
| else | |
| echo "tag=build-${{ env.short_sha }}" >> $GITHUB_ENV | |
| fi | |
| fi | |
| - name: Publish Docker image to Github | |
| uses: dagger/dagger-for-github@v6.14.0 | |
| env: | |
| GH_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| version: ${{ env.DAGGER_VERSION }} | |
| engine-stop: false | |
| module: github.com/opopops/daggerverse/docker@v1.0.0 | |
| verb: call | |
| args: | | |
| --registry=ghcr.io \ | |
| --username=${{ github.actor }} \ | |
| --password=env:GH_REGISTRY_PASSWORD \ | |
| build \ | |
| --context=. \ | |
| --target=${{ matrix.target }} \ | |
| --platform=linux/amd64,linux/arm64 \ | |
| publish \ | |
| --image=ghcr.io/${GH_DOCKER_REPOSITORY}:${{ env.tag }} \ | |
| ref \ | |
| - name: Copy Docker image to Docker Hub | |
| uses: dagger/dagger-for-github@v6.14.0 | |
| env: | |
| COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | |
| COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} | |
| DOCKER_REGISTRY_PASSWORD: ${{ secrets.DOCKER_REGISTRY_PASSWORD }} | |
| GH_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| version: ${{ env.DAGGER_VERSION }} | |
| engine-stop: false | |
| module: github.com/opopops/daggerverse/crane@v1.0.0 | |
| verb: call | |
| args: | | |
| with-registry-auth \ | |
| --address=ghcr.io \ | |
| --username=${{ github.actor }} \ | |
| --secret=env:GH_REGISTRY_PASSWORD \ | |
| with-registry-auth \ | |
| --address=$DOCKER_REGISTRY \ | |
| --username=$DOCKER_REGISTRY_USERNAME \ | |
| --secret=env:DOCKER_REGISTRY_PASSWORD \ | |
| copy \ | |
| --source=ghcr.io/${GH_DOCKER_REPOSITORY}:${{ env.tag }} \ | |
| --target=${DOCKER_REGISTRY}/${DOCKER_REPOSITORY}:${{ env.tag }} \ | |
| - name: Scan Docker image | |
| uses: dagger/dagger-for-github@v6.14.0 | |
| env: | |
| GH_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| version: ${{ env.DAGGER_VERSION }} | |
| module: github.com/opopops/daggerverse/grype@v1.0.0 | |
| verb: call | |
| args: | | |
| with-registry-auth \ | |
| --address=ghcr.io \ | |
| --username=${{ github.actor }} \ | |
| --secret=env:GH_REGISTRY_PASSWORD \ | |
| scan \ | |
| --source=ghcr.io/${GH_DOCKER_REPOSITORY}:${{ env.tag }} \ | |
| helm-unstable: | |
| if: github.ref == 'refs/heads/init' && github.event_name == 'push' | |
| name: Push Helm Chart | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| attestations: write | |
| id-token: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Lint | |
| uses: dagger/dagger-for-github@v6.14.0 | |
| with: | |
| version: ${{ env.DAGGER_VERSION }} | |
| engine-stop: false | |
| module: github.com/opopops/daggerverse/helm@add-helm-module | |
| verb: call | |
| args: | | |
| lint \ | |
| --path chart \ | |
| --strict \ | |
| - name: Publish Helm chart | |
| uses: dagger/dagger-for-github@v6.14.0 | |
| env: | |
| GH_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| version: ${{ env.DAGGER_VERSION }} | |
| module: github.com/opopops/daggerverse/helm@add-helm-module | |
| verb: call | |
| args: | | |
| package-push \ | |
| --path chart \ | |
| --version="0.0.0" \ | |
| --app-version="unstable" \ | |
| --registry=ghcr.io/${GH_HELM_REPOSITORY} \ | |
| --username=${{ github.actor }} \ | |
| --password=env:GH_REGISTRY_PASSWORD \ |