Skip to content

Commit

Permalink
[nc] test publish workflow
Browse files Browse the repository at this point in the history
Signed-off-by: Nic Cheneweth <[email protected]>
  • Loading branch information
ncheneweth committed May 15, 2024
1 parent bc74461 commit f11cf71
Show file tree
Hide file tree
Showing 2 changed files with 55 additions and 0 deletions.
26 changes: 26 additions & 0 deletions .github/actions/before-publish/action.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
# yamllint disable rule:line-length
---
name: setup environment

description: load values from 1password vault

inputs:

instance:
description: input value that can be used to control which actions are run
required: false
default: ""

runs:
using: "composite"

steps:

- name: load values from 1password vault
uses: 1password/load-secrets-action@v2
with:
export-env: true
env:
DOCKER_LOGIN: op://empc-lab/svc-dockerhub/username
DOCKER_PASSWORD: op://empc-lab/svc-dockerhub/password
SNYK_TOKEN: op://empc-lab/svc-snyk/api-token
29 changes: 29 additions & 0 deletions .github/workflows/publish.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
# yamllint disable rule:line-length
# yamllint disable rule:truthy
---
run-name: publish job container

on:
push:
branches:
- "!*"
tags:
- "*"

jobs:

publish:
name: publish image
uses: ThoughtWorks-DPS/gha-tools-action/.github/workflows/publish-container.yaml@main
secrets:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
with:
image: twdps/gha-container-base-image
op-version: 2.28.0
cosign-version: 2.2.4
syft-version: 1.4.1
oras-version: 1.1.0
sign-image: true
sbom: true
gren: true
before-publish: true

0 comments on commit f11cf71

Please sign in to comment.