Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
T
tun
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Locked Files
Issues
0
Issues
0
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Security & Compliance
Security & Compliance
Dependency List
License Compliance
Packages
Packages
List
Container Registry
Analytics
Analytics
CI / CD
Code Review
Insights
Issues
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Railgun
tun
Commits
648d0b93
Commit
648d0b93
authored
Jul 01, 2022
by
nanamicat
Browse files
Options
Browse Files
Download
Plain Diff
Merge remote-tracking branch 'origin/master'
parents
3a9cdd90
b383593f
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
93 additions
and
0 deletions
+93
-0
.github/workflows/docker-publish.yml
.github/workflows/docker-publish.yml
+93
-0
No files found.
.github/workflows/docker-publish.yml
0 → 100644
View file @
648d0b93
name
:
Docker
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
on
:
schedule
:
-
cron
:
'
37
14
*
*
*'
push
:
branches
:
[
"
master"
]
# Publish semver tags as releases.
tags
:
[
'
v*.*.*'
]
pull_request
:
branches
:
[
"
master"
]
env
:
# Use docker.io for Docker Hub if empty
REGISTRY
:
ghcr.io
# github.repository as <account>/<repo>
IMAGE_NAME
:
${{ github.repository }}
jobs
:
build
:
runs-on
:
ubuntu-latest
permissions
:
contents
:
read
packages
:
write
# This is used to complete the identity challenge
# with sigstore/fulcio when running outside of PRs.
id-token
:
write
steps
:
-
name
:
Checkout repository
uses
:
actions/checkout@v3
# Install the cosign tool except on PR
# https://github.com/sigstore/cosign-installer
-
name
:
Install cosign
if
:
github.event_name != 'pull_request'
uses
:
sigstore/cosign-installer@7e0881f8fe90b25e305bbf0309761e9314607e25
with
:
cosign-release
:
'
v1.9.0'
# Workaround: https://github.com/docker/build-push-action/issues/461
-
name
:
Setup Docker buildx
uses
:
docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
# Login against a Docker registry except on PR
# https://github.com/docker/login-action
-
name
:
Log into registry ${{ env.REGISTRY }}
if
:
github.event_name != 'pull_request'
uses
:
docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
with
:
registry
:
${{ env.REGISTRY }}
username
:
${{ github.actor }}
password
:
${{ secrets.GITHUB_TOKEN }}
# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
-
name
:
Extract Docker metadata
id
:
meta
uses
:
docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
with
:
images
:
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
-
name
:
Build and push Docker image
id
:
build-and-push
uses
:
docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a
with
:
context
:
.
push
:
${{ github.event_name != 'pull_request' }}
tags
:
${{ steps.meta.outputs.tags }}
labels
:
${{ steps.meta.outputs.labels }}
# Sign the resulting Docker image digest except on PRs.
# This will only write to the public Rekor transparency log when the Docker
# repository is public to avoid leaking data. If you would like to publish
# transparency data even for private images, pass --force to cosign below.
# https://github.com/sigstore/cosign
-
name
:
Sign the published Docker image
if
:
${{ github.event_name != 'pull_request' }}
env
:
COSIGN_EXPERIMENTAL
:
"
true"
# This step uses the identity token to provision an ephemeral certificate
# against the sigstore community Fulcio instance.
run
:
cosign sign ${{ steps.meta.outputs.tags }}@${{ steps.build-and-push.outputs.digest }}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment