v0.4.3 #23

Summary
Jobs
- build
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/release.yaml at ffd70bd

	name: Release

	on:
	release:
	types: [published]

	env:
	REGISTRY: ghcr.io
	IMAGE_NAME: ${{ github.repository }}

	jobs:
	build:
	runs-on: ubuntu-latest

	permissions:
	contents: read
	packages: write

	steps:
	- uses: actions/checkout@v4
	- name: Log in to the Container registry
	uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Install Nix
	uses: DeterminateSystems/nix-installer-action@v13

	- name: Install Cosign
	uses: sigstore/cosign-installer@v3.5.0

	- id: docker_meta
	uses: docker/metadata-action@v5.5.1
	with:
	images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
	tags: type=sha,format=long

	- name: Build Image
	run: docker load --input $(nix build .#image --print-out-paths)

	- name: Push Image
	run: \|
	export NIXTAG="$(docker image ls ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} \| tail -n1 \| awk -F' ' '{print $2}')"
	echo $NIXTAG
	docker tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${NIXTAG} ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}
	docker tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${NIXTAG} ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
	docker push --all-tags ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}

	- name: Sign the images with GitHub OIDC Token
	env:
	DIGEST: ${{ steps.build-and-push.outputs.digest }}
	TAGS: ${{ steps.docker_meta.outputs.tags }}
	run: \|
	images=""
	for tag in ${TAGS}; do
	images+="${tag}@${DIGEST} "
	done
	cosign sign --yes -a GITHUB_SHA="${GITHUB_SHA}" -a GITHUB_RUN_ID="${GITHUB_RUN_ID}" ${images}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

v0.4.3 #23

Workflow file

v0.4.3 #23

Jobs

Run details

Workflow file for this run