diff --git a/.github/actions/before-publish/action.yaml b/.github/actions/before-publish/action.yaml new file mode 100644 index 0000000..29087f5 --- /dev/null +++ b/.github/actions/before-publish/action.yaml @@ -0,0 +1,26 @@ +# yamllint disable rule:line-length +--- +name: setup environment + +description: load values from 1password vault + +inputs: + + instance: + description: input value that can be used to control which actions are run + required: false + default: "" + +runs: + using: "composite" + + steps: + + - name: load values from 1password vault + uses: 1password/load-secrets-action@v2 + with: + export-env: true + env: + DOCKER_LOGIN: op://empc-lab/svc-dockerhub/username + DOCKER_PASSWORD: op://empc-lab/svc-dockerhub/password + SNYK_TOKEN: op://empc-lab/svc-snyk/api-token diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml new file mode 100644 index 0000000..cc1e5d7 --- /dev/null +++ b/.github/workflows/publish.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:line-length +# yamllint disable rule:truthy +--- +run-name: publish job container + +on: + push: + branches: + - "!*" + tags: + - "*" + +jobs: + + publish: + name: publish image + uses: ThoughtWorks-DPS/gha-tools-action/.github/workflows/publish-container.yaml@main + secrets: + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + with: + image: twdps/gha-container-base-image + op-version: 2.28.0 + cosign-version: 2.2.4 + syft-version: 1.4.1 + oras-version: 1.1.0 + sign-image: true + sbom: true + gren: true + before-publish: true