build

feat(preferences): ♻️ use koanf for agent preferences #167

Workflow file for this run

	# Copyright (c) 2023 Joshua Rich <[email protected]>
	#
	# This software is released under the MIT License.
	# https://opensource.org/licenses/MIT

	name: build

	env:
	REGISTRY: ghcr.io
	IMAGE: ${{ github.repository }}
	COSIGN_VERSION: "v2.2.4"
	MAGEARGS: -d build/magefiles -w .

	on:
	push:
	branches:
	- main
	workflow_dispatch:

	permissions:
	contents: read

	jobs:
	check_release:
	runs-on: ubuntu-20.04
	permissions:
	contents: write
	pull-requests: write
	outputs:
	release_created: ${{ steps.release_please.outputs.release_created }}
	release_tag: ${{ steps.release_please.outputs.tag_name }}
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
	with:
	disable-sudo: true
	egress-policy: block
	allowed-endpoints: >
	api.github.com:443
	- name: Run release please
	id: release_please
	uses: googleapis/release-please-action@7987652d64b4581673a76e33ad5e98e3dd56832f
	with:
	token: ${{ secrets.GITHUB_TOKEN }}
	build_container:
	needs: check_release
	permissions:
	contents: write
	packages: write
	runs-on: ubuntu-20.04
	strategy:
	matrix:
	platform:
	- linux/amd64
	- linux/arm/v6
	- linux/arm/v7
	- linux/arm64
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
	with:
	disable-sudo: true
	egress-policy: block
	allowed-endpoints: >
	api.github.com:443
	auth.docker.io:443
	dl-cdn.alpinelinux.org:443
	ghcr.io:443
	github.com:443
	golang.org:443
	objects.githubusercontent.com:443
	production.cloudflare.docker.com:443
	proxy.golang.org:443
	raw.githubusercontent.com:443
	registry-1.docker.io:443
	storage.googleapis.com:443
	sum.golang.org:443
	- name: Checkout repo
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
	with:
	fetch-depth: 0
	- name: Set up environment
	run: \|
	echo "APPVERSION=$(git describe --tags --always --dirty)" >> $GITHUB_ENV
	platform=${{ matrix.platform }}
	echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
	- name: Set app version for release
	if: ${{ needs.check_release.outputs.release_created }}
	run: echo "APPVERSION=${{ needs.check_release.outputs.release_tag }}" >> $GITHUB_ENV
	- name: Get Docker metadata
	id: docker_metadata
	uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5
	with:
	images: \|
	${{ env.REGISTRY }}/${{ env.IMAGE }}
	tags: \|
	type=ref,event=branch
	type=ref,event=pr
	type=semver,pattern={{version}}
	type=semver,pattern={{major}}.{{minor}}
	type=raw,value=${{ env.APPVERSION }}
	- name: Set up QEMU
	uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3
	- name: Log in to the Container registry
	id: registry_login
	uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}
	- name: Build container image
	id: build_image
	uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v5
	with:
	context: .
	labels: ${{ steps.docker_metadata.outputs.labels }}
	platforms: ${{ matrix.platform }}
	outputs: type=image,name=${{ env.REGISTRY }}/${{ env.IMAGE }},push-by-digest=true,name-canonical=true,push=true
	- name: Export digest
	run: \|
	mkdir -p /tmp/digests
	digest="${{ steps.build_image.outputs.digest }}"
	touch "/tmp/digests/${digest#sha256:}"
	- name: Upload digest
	uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4
	with:
	name: digests-${{ env.PLATFORM_PAIR }}
	path: /tmp/digests/*
	if-no-files-found: error
	retention-days: 1

	merge:
	runs-on: ubuntu-latest
	needs:
	- check_release
	- build_container
	permissions:
	contents: write
	packages: write
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
	with:
	disable-sudo: true
	egress-policy: block
	allowed-endpoints: >
	api.github.com:443
	auth.docker.io:443
	ghcr.io:443
	github.com:443
	objects.githubusercontent.com:443
	pkg-containers.githubusercontent.com:443
	production.cloudflare.docker.com:443
	raw.githubusercontent.com:443
	registry-1.docker.io:443
	rekor.sigstore.dev:443
	- name: Checkout repo
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
	with:
	fetch-depth: 0
	- name: Set up environment
	run: \|
	echo "APPVERSION=$(git describe --tags --always --dirty)" >> $GITHUB_ENV
	- name: Set app version for release
	if: ${{ needs.check_release.outputs.release_created }}
	run: echo "APPVERSION=${{ needs.check_release.outputs.release_tag }}" >> $GITHUB_ENV
	- name: Download digests
	uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4
	with:
	path: /tmp/digests
	pattern: digests-*
	merge-multiple: true
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3
	- name: Get Docker metadata
	id: docker_metadata
	uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5
	with:
	images: \|
	${{ env.REGISTRY }}/${{ env.IMAGE }}
	tags: \|
	type=ref,event=branch
	type=ref,event=pr
	type=semver,pattern={{version}}
	type=semver,pattern={{major}}.{{minor}}
	type=raw,value=${{ env.APPVERSION }}
	- name: Log in to the Container registry
	id: registry_login
	uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}
	- name: Create manifest list and push
	working-directory: /tmp/digests
	run: \|
	docker buildx imagetools create $(jq -cr '.tags \| map("-t " + .) \| join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
	$(printf '${{ env.REGISTRY }}/${{ env.IMAGE }}@sha256:%s ' *)
	- name: Inspect image
	run: \|
	docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ steps.docker_metadata.outputs.version }}
	- name: Check and install cosign
	uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3
	with:
	cosign-release: ${{ env.COSIGN_VERSION }}
	- name: Sign image with a key
	env:
	TAGS: ${{ steps.docker_metadata.outputs.tags }}
	COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }}
	run: \|
	images=""
	for digest in /tmp/digests/*; do
	for tag in ${TAGS}; do
	images+="${tag}@sha256:$(basename $digest) "
	done
	done
	cosign --verbose=true sign --yes --key cosign.key \
	-a "repo=${{ github.repository }}" \
	-a "ref=${{ github.ref }}" \
	${images}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(preferences): ♻️ use koanf for agent preferences #167

Workflow file

feat(preferences): ♻️ use koanf for agent preferences #167

Jobs

Run details

Workflow file for this run