Skip to content

Don't do a chart install due to lack of credentials #124

Don't do a chart install due to lack of credentials

Don't do a chart install due to lack of credentials #124

Workflow file for this run

name: Publish
on:
push:
# Publish `v*` tags as releases.
tags:
- v*
pull_request:
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Set up Go 1.x
uses: actions/setup-go@v4
with:
go-version: ^1.21
id: go
- name: Check out code into the Go module directory
uses: actions/checkout@v4
- name: Build
run: go build -v .
- name: Test
run: go test -v .
publish:
runs-on: ubuntu-latest
if: github.event_name == 'push'
# Ensure test job passes before pushing image.
needs: test
permissions:
contents: read
packages: write
# This is used to complete the identity challenge
# with sigstore/fulcio when running outside of PRs.
id-token: write
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Docker meta
id: docker_meta
uses: docker/metadata-action@v5
with:
images: ${{ secrets.DOCKER_HUB_USERNAME }}/k8s-pvc-tagger,ghcr.io/${{ github.repository_owner }}/k8s-pvc-tagger
-
name: Set up QEMU
uses: docker/setup-qemu-action@v3
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Login to DockerHub
uses: docker/login-action@v3
if: github.event_name != 'pull_request'
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_TOKEN }}
-
name: Login to GitHub Container Registry
uses: docker/login-action@v3
if: github.event_name != 'pull_request'
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GHCR_PAT }}
-
name: Build and push
id: docker_build
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile
build-args: VERSION=${{ steps.docker_meta.outputs.version }}
platforms: linux/amd64,linux/arm64
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.docker_meta.outputs.tags }}
labels: ${{ steps.docker_meta.outputs.labels }}
- uses: sigstore/cosign-installer@main
# This will only write to the public Rekor transparency log when the Docker
# repository is public to avoid leaking data. https://github.com/sigstore/cosign
- name: Sign the published Dockerhub image
if: ${{ github.event_name != 'pull_request' }}
# This step uses the identity token to provision an ephemeral certificate
# against the sigstore community Fulcio instance.
run: cosign sign --yes -a "repo=${{ github.repository }}" -r ${{ secrets.DOCKER_HUB_USERNAME }}/k8s-pvc-tagger@${{ steps.docker_build.outputs.digest }}
- name: Sign the published GitHub image
if: ${{ github.event_name != 'pull_request' }}
# This step uses the identity token to provision an ephemeral certificate
# against the sigstore community Fulcio instance.
run: cosign sign --yes -a "repo=${{ github.repository }}" -r ghcr.io/${{ github.repository_owner }}/k8s-pvc-tagger@${{ steps.docker_build.outputs.digest }}