github/paralus
1
0
Fork 0
mirror of https://github.com/paralus/paralus.git synced 2026-02-14 17:49:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
91f29903d6cd00fcedbeafad25dd6ddebe7f5609
paralus/.github/workflows/release.yml
dependabot[bot] 91f29903d6 chore(deps): Bump docker/login-action from 3.4.0 to 3.6.0 
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.4.0 to 3.6.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](74a5d14239...5e57cd1181)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-version: 3.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-10-06 01:04:15 +00:00

122 lines
4.0 KiB
YAML
Raw Blame History

name: Create, publish, sign and verify container image
on:
push:
tags: [ 'v*.*.*' ]
env:
REGISTRY: docker.io
IMAGE_NAME: paralusio/paralus
jobs:
build-push-sign-verify:
strategy:
matrix:
os: [ubuntu-latest]
runs-on: ${{ matrix.os }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
- name: Create k8s Kind Cluster
uses: helm/kind-action@v1.2.0
# Sanity check before publishing
- name: Test all
run: go test -v ./...
- name: Log in to the Container registry
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Build and push Docker image
id: build
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83
with:
context: .
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Extract metadata (tags, labels) for Docker (paralus-init)
id: meta-init
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-init
- name: Build and push Docker image (paralus-init)
id: build-init
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83
with:
context: .
file: ./Dockerfile.initialize
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.meta-init.outputs.tags }}
labels: ${{ steps.meta-init.outputs.labels }}
- name: Extract metadata (tags, labels) for Docker (kratos-sync)
id: meta-sync
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804
with:
images: ${{ env.REGISTRY }}/paralusio/kratos-synchronizer
- name: Build and push Docker image (kratos-sync)
id: build-sync
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83
with:
context: .
file: ./Dockerfile.synchronizer
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.meta-sync.outputs.tags }}
labels: ${{ steps.meta-sync.outputs.labels }}
- name: Install Cosign
uses: sigstore/cosign-installer@v3.8.2
- name: Check Cosign
run: cosign version
- name: Sign Published Docker image using Cosign
run: |
cosign sign -y --key env://COSIGN_PRIVATE_KEY \
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build.outputs.digest }} \
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-init@${{ steps.build-init.outputs.digest }} \
${{ env.REGISTRY }}/paralusio/kratos-synchronizer@${{ steps.build-sync.outputs.digest }}
env:
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
- name: Verify Cosign Signature
run: |
cosign verify --key env://COSIGN_PUBLIC_KEY \
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }} \
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-init:${{ github.ref_name }} \
${{ env.REGISTRY }}/paralusio/kratos-synchronizer:${{ github.ref_name }}
env:
COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}
Reference in New Issue View Git Blame Copy Permalink