chore(deps): bump golang.org/x/crypto from 0.28.0 to 0.30.0 (#3691) #2332
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Docker | |
on: | |
push: | |
branches: | |
- main | |
tags: | |
- v* | |
permissions: | |
contents: read | |
jobs: | |
push_image_to_registry: | |
name: Push Image | |
permissions: write-all | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
module: ["manager", "scheduler", "dfdaemon"] | |
include: | |
- module: manager | |
platforms: linux/amd64,linux/arm64 | |
- module: scheduler | |
platforms: linux/amd64,linux/arm64 | |
- module: dfdaemon | |
platforms: linux/amd64,linux/arm64 | |
timeout-minutes: 120 | |
steps: | |
- name: Check out code | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
with: | |
submodules: recursive | |
- name: Get Version | |
id: get_version | |
run: | | |
VERSION=${GITHUB_REF#refs/tags/} | |
if [[ ${GITHUB_REF} == "refs/heads/main" ]]; then | |
VERSION=latest | |
fi | |
echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT | |
- name: Get Git Revision | |
id: vars | |
shell: bash | |
run: | | |
echo "git_revision=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
- name: PrepareReg Names | |
run: | | |
echo IMAGE_REPOSITORY=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]') >> $GITHUB_ENV | |
- name: Setup QEMU | |
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf | |
- name: Setup Docker Buildx | |
uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db | |
- name: Cache Docker layers | |
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-buildx-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-buildx- | |
- name: Install Cosign | |
uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 | |
- name: Login Docker Hub | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 | |
with: | |
registry: docker.io | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Push to Registry | |
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 | |
with: | |
context: . | |
sbom: true | |
provenance: true | |
platforms: ${{ matrix.platforms }} | |
file: build/images/${{ matrix.module }}/Dockerfile | |
labels: |- | |
org.opencontainers.image.title="dragonfly" | |
org.opencontainers.image.description=${{ github.event.repository.description }} | |
org.opencontainers.image.url=${{ github.event.repository.html_url }} | |
org.opencontainers.image.source=https://github.com/${{ github.repository }} | |
org.opencontainers.image.revision=${{ github.sha }} | |
org.opencontainers.image.version=${{ steps.get_version.outputs.VERSION }} | |
build-args: | | |
GITVERSION=git-${{ steps.vars.outputs.git_revision }} | |
VERSION=${{ steps.get_version.outputs.VERSION }} | |
tags: | | |
dragonflyoss/${{ matrix.module }}:${{ steps.get_version.outputs.VERSION }} | |
ghcr.io/${{ env.IMAGE_REPOSITORY }}/${{ matrix.module }}:${{ steps.get_version.outputs.VERSION }} | |
push: true | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache-new | |
- name: Sign container image | |
run: | | |
cosign sign -y --key env://COSIGN_KEY dragonflyoss/${{ matrix.module }}:${{ steps.get_version.outputs.VERSION }} | |
cosign sign -y --key env://COSIGN_KEY ghcr.io/${{ env.IMAGE_REPOSITORY }}/${{ matrix.module }}:${{ steps.get_version.outputs.VERSION }} | |
env: | |
COSIGN_KEY: ${{secrets.COSIGN_KEY}} | |
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}} | |
- name: Check images | |
run: | | |
docker buildx imagetools inspect dragonflyoss/${{ matrix.module }}:${{ steps.get_version.outputs.VERSION }} | |
docker pull dragonflyoss/${{ matrix.module }}:${{ steps.get_version.outputs.VERSION }} | |
cosign verify --key env://COSIGN_PUBLIC_KEY dragonflyoss/${{ matrix.module }}:${{ steps.get_version.outputs.VERSION }} | |
docker buildx imagetools inspect ghcr.io/${{ env.IMAGE_REPOSITORY }}/${{ matrix.module }}:${{ steps.get_version.outputs.VERSION }} | |
docker pull ghcr.io/${{ env.IMAGE_REPOSITORY }}/${{ matrix.module }}:${{ steps.get_version.outputs.VERSION }} | |
cosign verify --key env://COSIGN_PUBLIC_KEY ghcr.io/${{ env.IMAGE_REPOSITORY }}/${{ matrix.module }}:${{ steps.get_version.outputs.VERSION }} | |
env: | |
COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }} | |
- uses: anchore/sbom-action@v0 | |
with: | |
image: dragonflyoss/${{ matrix.module }}:${{ steps.get_version.outputs.VERSION }} | |
- uses: anchore/sbom-action@v0 | |
with: | |
image: ghcr.io/${{ env.IMAGE_REPOSITORY }}/${{ matrix.module }}:${{ steps.get_version.outputs.VERSION }} | |
- name: Move cache | |
run: | | |
rm -rf /tmp/.buildx-cache | |
mv /tmp/.buildx-cache-new /tmp/.buildx-cache |