Merge pull request #958 from kubewarden/renovate/all-minor-patch #449
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build container image, sign it, and generate SBOMs | |
| on: | |
| workflow_call: | |
| outputs: | |
| digest: | |
| description: "Container image digest" | |
| value: ${{jobs.build.outputs.digest}} | |
| push: | |
| branches: | |
| - "main" | |
| - "feat-**" | |
| jobs: | |
| build: | |
| name: Build container image | |
| permissions: | |
| packages: write | |
| id-token: write # to mint the OIDC token for Sigstore signatures | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Install cosign | |
| uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Retrieve tag name (main branch) | |
| if: ${{ startsWith(github.ref, 'refs/heads/main') }} | |
| run: | | |
| echo TAG_NAME=latest >> $GITHUB_ENV | |
| - name: Retrieve tag name (feat branch) | |
| if: ${{ startsWith(github.ref, 'refs/heads/feat') }} | |
| run: | | |
| echo "TAG_NAME=latest-$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV | |
| - name: Retrieve tag name (tag) | |
| if: ${{ startsWith(github.ref, 'refs/tags/') }} | |
| run: | | |
| echo TAG_NAME=$(echo $GITHUB_REF | sed -e "s|refs/tags/||") >> $GITHUB_ENV | |
| - name: Build and push container image | |
| id: build-image | |
| uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| platforms: linux/amd64, linux/arm64 | |
| push: true | |
| sbom: true | |
| provenance: mode=max | |
| tags: | | |
| ghcr.io/${{github.repository_owner}}/kubewarden-controller:${{ env.TAG_NAME }} |