Create, publish, sign and verify container image

chore: update changelog for v0.1.6 release (#89) #85

Workflow file for this run

.github/workflows/release.yml at fb6632a

	name: Create, publish, sign and verify container image

	on:
	push:
	tags: [ 'v..*' ]

	env:
	REGISTRY: docker.io
	IMAGE_NAME: paralusio/relay

	jobs:

	build-push-sign-verify:
	strategy:
	matrix:
	os: [ubuntu-latest]
	runs-on: ${{ matrix.os }}

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Set up Go
	uses: actions/setup-go@v4
	with:
	# Getting go version from the go.mod file
	go-version-file: 'go.mod'

	- run: go version

	# Sanity check before publishing
	- name: Test all
	run: go test -v ./...

	# Add support for more platforms with QEMU
	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Log into registry ${{ env.REGISTRY }}
	uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ secrets.REGISTRY_USERNAME }}
	password: ${{ secrets.REGISTRY_PASSWORD }}

	- name: Extract metadata (tags, labels) for Docker
	id: meta
	uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175
	with:
	images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}

	- name: Build and push Docker image
	id: build
	uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09
	with:
	context: .
	platforms: linux/amd64,linux/arm64
	push: true
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}

	- name: Install Cosign
	uses: sigstore/[email protected]

	- name: Check Cosign
	run: cosign version

	- name: Sign Published Docker image using Cosign
	run: \|
	cosign sign -y --key env://COSIGN_PRIVATE_KEY \
	${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build.outputs.digest }}
	env:
	COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
	COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}

	- name: Verify Cosign Signature
	run: \|
	cosign verify --key env://COSIGN_PUBLIC_KEY \
	${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}
	env:
	COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: update changelog for v0.1.6 release (#89) #85

Workflow file

chore: update changelog for v0.1.6 release (#89) #85

Jobs

Run details

Workflow file for this run