ci: fix helm release #5

Workflow file for this run

.github/workflows/release.yaml at 2eafee0

	name: Release

	on:
	push:
	tags:
	- 'v*'

	permissions:
	contents: read
	packages: write
	attestations: write
	id-token: write

	env:
	DAGGER_VERSION: "0.15.1"
	DOCKER_REGISTRY: ${{ vars.DOCKER_REGISTRY }}
	DOCKER_REPOSITORY: ${{ vars.DOCKER_REPOSITORY }}
	DOCKER_REGISTRY_USERNAME: ${{ vars.DOCKER_REGISTRY_USERNAME }}
	GH_DOCKER_REPOSITORY: ${{ vars.GH_DOCKER_REPOSITORY }}
	GH_HELM_REPOSITORY: ${{ vars.GH_HELM_REPOSITORY }}

	jobs:
	docker:
	if: startsWith(github.event.ref, 'refs/tags/v')

	name: Release Docker image
	runs-on: ubuntu-latest

	strategy:
	matrix:
	target: ["shell", "prod"]

	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Set release version
	id: version
	run: \|
	# Extract the tag, remove "v" prefix if it exists
	RAW_VERSION=${GITHUB_REF##*/}
	VERSION=${RAW_VERSION#v}
	echo "RELEASE_VERSION=${VERSION}" >> $GITHUB_ENV

	- name: Set Docker image tag
	id: tag
	run: \|
	if [[ "${{ matrix.target }}" == "shell" ]]; then
	echo "DOCKER_TAG=${{ env.RELEASE_VERSION }}-shell" >> $GITHUB_ENV
	echo "DOCKER_LATEST_TAG=latest-shell" >> $GITHUB_ENV
	else
	echo "DOCKER_TAG=${{ env.RELEASE_VERSION }}" >> $GITHUB_ENV
	echo "DOCKER_LATEST_TAG=latest" >> $GITHUB_ENV
	fi

	- name: Publish Docker image to GitHub
	uses: dagger/dagger-for-github@v7.0.3
	env:
	COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
	COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
	GH_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
	with:
	version: ${{ env.DAGGER_VERSION }}
	engine-stop: false
	module: github.com/opopops/daggerverse/docker@v1.2.1
	verb: call
	args: \|
	--registry=ghcr.io \
	--username=${{ github.actor }} \
	--password=env:GH_REGISTRY_PASSWORD \
	build \
	--context=. \
	--target=${{ matrix.target }} \
	--platform=linux/amd64,linux/arm64 \
	publish \
	--image=ghcr.io/${GH_DOCKER_REPOSITORY}:${{ env.DOCKER_TAG }} \
	with-tag \
	--tag=${{ env.DOCKER_LATEST_TAG }} \
	sign \
	--password=env:COSIGN_PASSWORD \
	--private-key=env:COSIGN_PRIVATE_KEY \

	- name: Copy Docker image to Docker Hub
	uses: dagger/dagger-for-github@v7.0.3
	env:
	DOCKER_REGISTRY_PASSWORD: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
	GH_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
	with:
	version: ${{ env.DAGGER_VERSION }}
	engine-stop: false
	module: github.com/opopops/daggerverse/crane@v1.2.1
	verb: call
	args: \|
	with-registry-auth \
	--address=ghcr.io \
	--username=${{ github.actor }} \
	--secret=env:GH_REGISTRY_PASSWORD \
	with-registry-auth \
	--address=$DOCKER_REGISTRY \
	--username=$DOCKER_REGISTRY_USERNAME \
	--secret=env:DOCKER_REGISTRY_PASSWORD \
	with-copy \
	--source=ghcr.io/${GH_DOCKER_REPOSITORY}:${{ env.DOCKER_TAG }} \
	--target=${DOCKER_REGISTRY}/${DOCKER_REPOSITORY}:${{ env.DOCKER_TAG }} \
	tag \
	--image=${DOCKER_REGISTRY}/${DOCKER_REPOSITORY}:${{ env.DOCKER_TAG }} \
	--tag=${{ env.DOCKER_LATEST_TAG }} \

	- name: Scan Docker image
	uses: dagger/dagger-for-github@v7.0.3
	env:
	GH_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
	with:
	version: ${{ env.DAGGER_VERSION }}
	module: github.com/opopops/daggerverse/grype@v1.2.1
	verb: call
	args: \|
	with-registry-auth \
	--address=ghcr.io \
	--username=${{ github.actor }} \
	--secret=env:GH_REGISTRY_PASSWORD \
	scan \
	--source=ghcr.io/${GH_DOCKER_REPOSITORY}:${{ env.DOCKER_TAG }} \
	--fail-on=high \

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci: fix helm release #5

Workflow file

ci: fix helm release #5

Jobs

Run details

Workflow file for this run