Skip to content

build-custom-silverblue #135

build-custom-silverblue

build-custom-silverblue #135

Workflow file for this run

name: build-custom-silverblue
on:
pull_request:
merge_group:
schedule:
- cron: '5 3 * * *' # 3am-ish UTC everyday (timed against official fedora container pushes)
workflow_dispatch:
env:
REGISTRY: ghcr.io
jobs:
build-custom-silverblue:
name: Build, sign, then push
runs-on: ubuntu-24.04
permissions:
attestations: write
contents: read
id-token: write
packages: write
steps:
- name: Checkout
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Build image
id: build
uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 # v2.13
with:
containerfiles: |
./Containerfile
image: custom-silverblue
tags: |
${{ github.sha }}
40
- name: Log in to GitHub Container Registry
uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1.7
if: ${{ github.event_name != 'pull_request' }}
with:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}/${{ github.repository_owner }}
- name: Push to GitHub Container Registry
uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2.8
id: push
if: ${{ github.event_name != 'pull_request' }}
with:
image: ${{ steps.build.outputs.image }}
tags: ${{ steps.build.outputs.tags }}
registry: ${{ env.REGISTRY }}/${{ github.repository_owner }}
- name: Generate artifact attestation
uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3
if: ${{ github.event_name != 'pull_request' }}
with:
subject-name: ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ steps.build.outputs.image }}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true
- name: Echo outputs for auditing
if: github.event_name != 'pull_request'
run: |
echo "${{ toJSON(steps.push.outputs) }}"