Try fix for cosign authN issue #84
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: XEN Orchestra Container | |
on: | |
push: | |
branches: ["main"] | |
pull_request: | |
branches: ["main"] | |
release: | |
types: [published] | |
env: | |
IMAGE_NAME: soubinan/xoa-container | |
TEST_TAG: soubinan/xoa-container:test | |
PROJECT_URL: https://github.com/soubinan/xoa-container | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
platform: | |
- linux/amd64 | |
# - linux/arm64 | |
steps: | |
- name: Get xo-server version | |
id: xo-server | |
run: | | |
echo "XO_SERVER="$(curl -s https://raw.githubusercontent.com/vatesfr/xen-orchestra/master/packages/xo-server/package.json | jq -r ".version") >> $GITHUB_ENV | |
- name: Get xo-web version | |
id: xo-web | |
run: | | |
echo "XO_WEB="$(curl -s https://raw.githubusercontent.com/vatesfr/xen-orchestra/master/packages/xo-web/package.json | jq -r ".version") >> $GITHUB_ENV | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
ghcr.io/${{ env.IMAGE_NAME }} | |
tags: | | |
type=semver,pattern={{version}} | |
type=semver,pattern={{major}}.{{minor}} | |
type=semver,pattern={{major}} | |
type=raw,latest | |
labels: | | |
--label "org.opencontainers.image.source=${{ env.PROJECT_URL }}" | |
--label "org.opencontainers.image.url=${{ env.PROJECT_URL }}" | |
--label "org.opencontainers.image.title=XOA-Container" | |
--label "org.opencontainers.image.description=XEN Orchestra As a Container: Build from XO-Server $XO_SERVER and XO-Web $XO_WEB" | |
--label "org.opencontainers.image.licenses=CC-BY-NC" | |
- name: Install cosign | |
if: github.event_name == 'release' | |
uses: sigstore/cosign-installer@v3 | |
with: | |
cosign-release: 'v2.1.1' | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GHP }} | |
if: github.event_name == 'release' | |
- name: Build and push | |
id: build-and-push | |
uses: docker/build-push-action@v5 | |
with: | |
context: "." | |
platforms: ${{ matrix.platform }} | |
file: "./Containerfile" | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
build-args: | | |
XOWEB=$XO_WEB | |
XOSERVER=$XO_SERVER | |
push: ${{ github.event_name == 'release' }} | |
- name: Sign the published container images | |
if: github.event_name == 'release' | |
run: | | |
cosign sign --yes "${TAGS}@${DIGEST}" | |
env: | |
TAGS: ${{ steps.meta.outputs.tags }} | |
DIGEST: ${{ steps.build-and-push.outputs.digest }} |