Skip to content

Build and push container image #68

Build and push container image

Build and push container image #68

Workflow file for this run

name: "Build and push container image"
env:
NAME: "podman-action"
REGISTRY: "quay.io/travier"
on:
pull_request:
branches:
- main
paths:
- 'podman-action/**'
- '.github/workflows/container.yml'
push:
branches:
- main
paths:
- 'podman-action/**'
- '.github/workflows/container.yml'
schedule:
- cron: '0 0 * * MON'
permissions: read-all
# Prevent multiple workflow runs from racing to ensure that pushes are made
# sequentialy for the main branch. Also cancel in progress workflow runs for
# pull requests only.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
jobs:
build-push-image:
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v4
- name: Setup QEMU for multi-arch builds
shell: bash
run: |
sudo apt update
sudo apt install qemu-user-static
- name: Build container image
uses: redhat-actions/buildah-build@v2
with:
# platforms: linux/amd64, linux/arm64, linux/ppc64le, linux/s390x
platforms: linux/amd64, linux/arm64
context: ${{ env.NAME }}
image: ${{ env.NAME }}
tags: latest
containerfiles: ${{ env.NAME }}/Containerfile
layers: false
oci: true
- name: Push to Container Registry
uses: redhat-actions/push-to-registry@v2
id: push
if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main'
with:
username: ${{ secrets.BOT_USERNAME }}
password: ${{ secrets.BOT_SECRET }}
image: ${{ env.NAME }}
registry: ${{ env.REGISTRY }}
tags: latest
- name: Login to Container Registry
uses: redhat-actions/podman-login@v1
if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main'
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.BOT_USERNAME }}
password: ${{ secrets.BOT_SECRET }}
- uses: sigstore/[email protected]
if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main'
- name: Sign container image
if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main'
run: |
cosign sign -y --recursive --key env://COSIGN_PRIVATE_KEY ${{ env.REGISTRY }}/${{ env.NAME }}@${{ steps.push.outputs.digest }}
env:
COSIGN_EXPERIMENTAL: false
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}