public_git
/
kaniko
mirror of https://github.com/GoogleContainerTools/kaniko
1
0
Fork 0
Code Issues Releases Wiki Activity
kaniko/.github/workflows/images.yaml

112 lines
3.6 KiB
YAML
Raw Blame History

name: Build images
on:
pull_request:
branches: ['master']
push:
branches: ['master']
tags: ['v[0-9]+.[0-9]+.[0-9]+*']
concurrency:
group: release-images-${{ github.head_ref }}
cancel-in-progress: true
jobs:
build-images:
permissions:
contents: read # Read the repo contents.
id-token: write # Produce identity token for keyless signing.
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
image:
- executor
- executor-debug
- executor-slim
- warmer
include:
- image: executor
dockerfile: ./deploy/Dockerfile
platforms: linux/amd64,linux/arm64
image-name: gcr.io/kaniko-project/executor
tag: ${{ github.sha }}
release-tag: latest
- image: executor-debug
dockerfile: ./deploy/Dockerfile_debug
platforms: linux/amd64,linux/arm64
image-name: gcr.io/kaniko-project/executor
tag: ${{ github.sha }}-debug
release_tag: debug
- image: executor-slim
dockerfile: ./deploy/Dockerfile_slim
platforms: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le
image-name: gcr.io/kaniko-project/executor
tag: ${{ github.sha }}-slim
release-tag: slim
- image: warmer
dockerfile: ./deploy/Dockerfile_warmer
platforms: linux/amd64,linux/arm64
image-name: gcr.io/kaniko-project/warmer
tag: ${{ github.sha }}
release-tag: latest
steps:
- uses: actions/checkout@v2
# Setup auth if not a PR.
- if: github.event_name != 'pull_request'
uses: google-github-actions/setup-gcloud@master
with:
service_account_key: ${{ secrets.GCR_DEVOPS_SERVICE_ACCOUNT_KEY }}
project_id: kaniko-project
export_default_credentials: true
- if: github.event_name != 'pull_request'
run: gcloud auth configure-docker
# Build and push with Docker.
- uses: docker/setup-qemu-action@v1
with:
platforms: ${{ matrix.platforms }}
- uses: docker/setup-buildx-action@v1
- uses: docker/build-push-action@v2
id: build-and-push
with:
context: .
file: ${{ matrix.dockerfile }}
platforms: ${{ matrix.platforms }}
push: ${{ github.event_name != 'pull_request' }} # Only push if not a PR.
tags: ${{ matrix.image-name }}:${{ matrix.tag }}
# https://github.com/docker/build-push-action/blob/master/docs/advanced/cache.md#github-cache
cache-from: type=gha
cache-to: type=gha,mode=max
# Sign images if not a PR.
- if: github.event_name != 'pull_request'
uses: sigstore/cosign-installer@main
with:
cosign-release: 'v1.4.1'
- if: github.event_name != 'pull_request'
env:
COSIGN_EXPERIMENTAL: "true"
run: |
cosign sign \
--key gcpkms://projects/kaniko-project/locations/global/keyRings/cosign/cryptoKeys/cosign \
${{ matrix.image-name }}@${{ steps.build-and-push.outputs.digest }}
cosign sign ${{ matrix.image-name }}@${{ steps.build-and-push.outputs.digest }}
# If a tag push, use crane to add more tags.
- if: startsWith(github.ref, 'refs/tags/v')
uses: imjasonh/setup-crane@v0.1
- if: startsWith(github.ref, 'refs/tags/v')
name: Apply release tags
run: |
crane cp ${{ matrix.image-name }}@${{ steps.build-and-push.outputs.digest }} \
${{ matrix.image-name }}:${GITHUB_REF/refs\/tags\//}
crane cp ${{ matrix.image-name }}@${{ steps.build-and-push.outputs.digest }} \
${{ matrix.image-name }}:${{ matrix.release-tag }}
Reference in New Issue View Git Blame Copy Permalink