Skip to content

Commit 756cadd

Browse files
1y58671y5867
committed
fix: workflow
Signed-off-by: Lin Yang <ericlin0625@me.com>
1 parent 38b450e commit 756cadd

1 file changed

Lines changed: 9 additions & 68 deletions

File tree

.github/workflows/build_latest_release_multi.yml

Lines changed: 9 additions & 68 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,13 @@
11
name: build_latest_release_multi_images
22
on:
33
push:
4+
branches:
5+
- main
46
tags:
57
- '*'
6-
env:
7-
REGISTRY_USER: ${{ github.actor }}
8-
REGISTRY_PASSWORD: ${{ github.token }}
9-
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
8+
schedule:
9+
- cron: '30 2 * * *'
10+
workflow_dispatch:
1011

1112
jobs:
1213
build_multi_latest_release_tag:
@@ -24,12 +25,6 @@ jobs:
2425
uses: actions/checkout@v3
2526
with:
2627
tag_name: ${{ github.ref }}
27-
- name: Log in to ghcr.io
28-
uses: redhat-actions/podman-login@v1
29-
with:
30-
username: ${{ env.REGISTRY_USER }}
31-
password: ${{ env.REGISTRY_PASSWORD }}
32-
registry: ${{ env.IMAGE_REGISTRY }}
3328
- name: "login docker hub"
3429
run: |
3530
podman login -u ${{secrets.DOCKER_HUB_USER}} -p ${{secrets.DOCKER_HUB_TOKEN}} docker.io
@@ -52,63 +47,9 @@ jobs:
5247
name: 'test image'
5348
- run: make image_name=localhost/curl-multi:${REL} scan
5449
name: 'security scan image'
55-
- run: |
56-
buildah manifest push --format v2s2 --all curl-multi:$REL "docker://ghcr.io/curl/curl-container/curl-multi:${REL}"
57-
buildah manifest push --format v2s2 --all curl-base-multi:$REL "docker://ghcr.io/curl/curl-container/curl-base-multi:${REL}"
58-
name: 'push images to github registry'
59-
- name: Install Cosign
60-
uses: sigstore/cosign-installer@main
61-
- name: Write signing key to disk (only needed for `cosign sign --key`)
62-
run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key
63-
- name: Sign images with sigstore key
64-
run: |
65-
cosign sign -y --key cosign.key ghcr.io/curl/curl-container/curl-multi:$REL
66-
cosign sign -y --key cosign.key ghcr.io/curl/curl-container/curl-base-multi:$REL
67-
env:
68-
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
69-
- name: Write public key to disk
70-
run: echo "${{ secrets.COSIGN_PUBLIC_KEY }}" > cosign.pub
71-
- name: Verify image with public key
72-
run: |
73-
cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-multi:$REL
74-
cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-base-multi:$REL
7550
- name: 'push release to docker hub'
7651
run: |
77-
buildah manifest push --format v2s2 --all localhost/curl-multi:$REL "docker://docker.io/curlimages/curl:${REL}"
78-
buildah manifest push --format v2s2 --all localhost/curl-multi:$REL "docker://docker.io/curlimages/curl:latest"
79-
buildah manifest push --format v2s2 --all localhost/curl-base-multi:$REL "docker://docker.io/curlimages/curl-base:${REL}"
80-
buildah manifest push --format v2s2 --all localhost/curl-base-multi:$REL "docker://docker.io/curlimages/curl-base:latest"
81-
- name: Sign images with a sigstore key
82-
run: |
83-
cosign sign -y --key cosign.key docker.io/curlimages/curl:$REL
84-
cosign sign -y --key cosign.key docker.io/curlimages/curl:latest
85-
cosign sign -y --key cosign.key docker.io/curlimages/curl-base:$REL
86-
cosign sign -y --key cosign.key docker.io/curlimages/curl-base:latest
87-
env:
88-
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
89-
- name: Verify image
90-
run: |
91-
cosign verify --key cosign.pub docker.io/curlimages/curl:$REL
92-
cosign verify --key cosign.pub docker.io/curlimages/curl:latest
93-
cosign verify --key cosign.pub docker.io/curlimages/curl-base:$REL
94-
cosign verify --key cosign.pub docker.io/curlimages/curl-base:latest
95-
- name: 'push release to quay.io'
96-
run: |
97-
buildah manifest push --format v2s2 --all localhost/curl-multi:$REL "docker://quay.io/curl/curl:${REL}"
98-
buildah manifest push --format v2s2 --all localhost/curl-multi:$REL "docker://quay.io/curl/curl:latest"
99-
buildah manifest push --format v2s2 --all localhost/curl-base-multi:$REL "docker://quay.io/curl/curl-base:${REL}"
100-
buildah manifest push --format v2s2 --all localhost/curl-base-multi:$REL "docker://quay.io/curl/curl-base:latest"
101-
- name: Sign images with a sigstore key
102-
run: |
103-
cosign sign -y --key cosign.key quay.io/curl/curl:$REL
104-
cosign sign -y --key cosign.key quay.io/curl/curl:latest
105-
cosign sign -y --key cosign.key quay.io/curl/curl-base:$REL
106-
cosign sign -y --key cosign.key quay.io/curl/curl-base:latest
107-
env:
108-
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
109-
- name: Verify image
110-
run: |
111-
cosign verify --key cosign.pub quay.io/curl/curl:$REL
112-
cosign verify --key cosign.pub quay.io/curl/curl:latest
113-
cosign verify --key cosign.pub quay.io/curl/curl-base:$REL
114-
cosign verify --key cosign.pub quay.io/curl/curl-base:latest
52+
buildah manifest push --format v2s2 --all localhost/curl-multi:$REL "docker://docker.io/flomesh/curl:${REL}"
53+
buildah manifest push --format v2s2 --all localhost/curl-multi:$REL "docker://docker.io/flomesh/curl:latest"
54+
buildah manifest push --format v2s2 --all localhost/curl-base-multi:$REL "docker://docker.io/flomesh/curl-base:${REL}"
55+
buildah manifest push --format v2s2 --all localhost/curl-base-multi:$REL "docker://docker.io/flomesh/curl-base:latest"

0 commit comments

Comments
 (0)