ci: rebuild CI base image daily and on push
This commit is contained in:
parent
5d40db23b2
commit
2a31153618
SSH key fingerprint:
SHA256:wyRyyv28jBYw8Yp/oABNPUYvbGd6hyZj23XVXEm5G/U
2 changed files with 54 additions and 23 deletions
54
.github/workflows/docker.yaml
vendored
Normal file
54
.github/workflows/docker.yaml
vendored
Normal file
|
|
@ -0,0 +1,54 @@
|
|||
name: "Docker"
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- "main"
|
||||
schedule:
|
||||
# https://crontab.guru/#@daily
|
||||
- cron: "0 0 * * *"
|
||||
|
||||
jobs:
|
||||
updater-base-image:
|
||||
runs-on: ubuntu-24.04
|
||||
permissions:
|
||||
id-token: write
|
||||
packages: write
|
||||
contents: read
|
||||
attestations: write
|
||||
env:
|
||||
REGISTRY: ghcr.io
|
||||
IMAGE_NAME: jaredallard/overlay
|
||||
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v3
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
- name: Login to GitHub Container Registry
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: ${{ env.REGISTRY }}
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
- run: echo "TIMESTAMP=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV
|
||||
- name: Build and push image
|
||||
uses: docker/build-push-action@v5
|
||||
id: push
|
||||
env:
|
||||
SOURCE_DATE_EPOCH: ${{ env.TIMESTAMP }}
|
||||
with:
|
||||
context: .
|
||||
push: true
|
||||
sbom: true
|
||||
platforms: linux/amd64,linux/arm64
|
||||
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:updater
|
||||
- name: Attest
|
||||
uses: actions/attest-build-provenance@v1
|
||||
id: attest
|
||||
with:
|
||||
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
|
||||
subject-digest: ${{ steps.push.outputs.digest }}
|
||||
push-to-registry: true
|
||||
|
|
@ -1,23 +0,0 @@
|
|||
#!/usr/bin/env bash
|
||||
# Rebuilds the base image used by the tools in this repository and
|
||||
# pushes it upstream.
|
||||
set -euo pipefail
|
||||
|
||||
# PUSH determines if we should push the image to the remote or not.
|
||||
PUSH=false
|
||||
if [[ "${1:-}" == "--push" ]]; then
|
||||
PUSH=true
|
||||
fi
|
||||
|
||||
args=(
|
||||
"--tag" "ghcr.io/jaredallard/overlay:updater"
|
||||
"$(pwd)"
|
||||
)
|
||||
|
||||
if [[ "$PUSH" == "true" ]]; then
|
||||
args+=("--platform" "linux/amd64,linux/arm64" "--push")
|
||||
else
|
||||
args+=("--load")
|
||||
fi
|
||||
|
||||
exec docker buildx build "${args[@]}"
|
||||
Loading…
Add table
Reference in a new issue