90 lines
2.8 KiB
YAML
90 lines
2.8 KiB
YAML
name: os
|
|
|
|
on:
|
|
schedule:
|
|
- cron: '0 5 8,18,28 * *'
|
|
push:
|
|
paths:
|
|
- 'Dockerfile'
|
|
- 'etc/**'
|
|
- 'usr/**'
|
|
- 'repo/**'
|
|
- '.forgejo/workflows/os.yml'
|
|
- 'buildinstallxfce.sh'
|
|
- 'buildinstallxfceaddons.sh'
|
|
workflow_dispatch:
|
|
|
|
env:
|
|
REGISTRY: forge.pc-rytteren.dk
|
|
IMAGE_NAME: ${{ github.repository }}
|
|
|
|
jobs:
|
|
build:
|
|
runs-on: almalinux-10
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
id-token: write # Påkrævet til cosign keyless signering
|
|
|
|
steps:
|
|
|
|
- name: Get current date
|
|
id: date
|
|
run: echo "date=$(date +'%Y%m%d')" >> $FORGEJO_OUTPUT
|
|
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Extract Docker metadata
|
|
id: meta
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
|
|
# Vi konstruerer tags her med branch-navnet som præfiks
|
|
tags: |
|
|
type=ref,event=branch
|
|
type=raw,value=latest,enable={{is_default_branch}}
|
|
type=raw,value=${{ github.ref_name }}-10
|
|
type=raw,value=${{ github.ref_name }}-10.${{ steps.date.outputs.date }}
|
|
|
|
- name: Log into Forgejo Container Registry
|
|
if: github.event_name != 'pull_request'
|
|
run: |
|
|
buildah login -u ${{ github.actor }} -p ${{ secrets.PACKAGE_TOKEN }} ${{ env.REGISTRY }}
|
|
|
|
- name: Build image with Buildah
|
|
id: build-image
|
|
run: |
|
|
# Vi bygger med 'raw-img' lokalt
|
|
buildah bud \
|
|
--label "org.opencontainers.image.source=https://forge.pc-rytteren.dk/${{ github.repository }}" \
|
|
-t raw-img .
|
|
|
|
# Gem det primære tag til signering (vi tager det første fra listen)
|
|
PRIMARY_TAG=$(echo "${{ steps.meta.outputs.tags }}" | head -n 1)
|
|
echo "primary_tag=$PRIMARY_TAG" >> $FORGEJO_OUTPUT
|
|
|
|
- name: Push to Forgejo Container Registry
|
|
if: github.event_name != 'pull_request'
|
|
run: |
|
|
for tag in $(echo "${{ steps.meta.outputs.tags }}"); do
|
|
echo "Tagging and pushing: $tag"
|
|
buildah tag raw-img "$tag"
|
|
buildah push "$tag"
|
|
done
|
|
|
|
- name: Install cosign
|
|
if: github.event_name != 'pull_request'
|
|
uses: sigstore/cosign-installer@v3.3.0
|
|
|
|
- name: Log into Forgejo Container Registry (Cosign)
|
|
if: github.event_name != 'pull_request'
|
|
run: |
|
|
cosign login ${{ env.REGISTRY }} -u ${{ github.actor }} -p ${{ secrets.PACKAGE_TOKEN }}
|
|
|
|
- name: Sign image
|
|
if: github.event_name != 'pull_request'
|
|
run: |
|
|
# Vi signerer det primære tag.
|
|
# Vi bruger --yes til at acceptere betingelserne automatisk.
|
|
cosign sign --yes "${{ steps.build-image.outputs.primary_tag }}"
|