8000 Merge pull request #68 from coreruleset/fix-int-overflow · coreruleset/albedo@b0a0f45 · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
release

Merge pull request #68 from coreruleset/fix-int-overflow #20

Sign in to view logs

Merge pull request #68 from coreruleset/fix-int-overflow

Merge pull request #68 from coreruleset/fix-int-overflow #20

Workflow file for this run

.github/workflows/release.yml at b0a0f45
name: release
on:
push:
tags:
- '*'
# Declare default permissions as read only.
permissions: read-all
env:
REPO: ghcr.io/coreruleset/albedo
jobs:
goreleaser:
runs-on: ubuntu-latest
permissions:
# https://goreleaser.com/ci/actions/#token-permissions
contents: write
packages: write
steps:
-
name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
-
name: Set up QEMU
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
-
name: Set up Go
uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
with:
go-version: ^1.22
cache: true
-
name: Login to GitHub Container Registry
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
-
name: Run GoReleaser
uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # v6.3.0
if: startsWith(github.ref, 'refs/tags/')
with:
version: latest
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
publish-images:
name: Build images
runs-on: ubuntu-latest
needs:
- goreleaser
permissions:
contents: read
packages: write
id-token: write # needed for signing the images with GitHub OIDC Token
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
fetch-depth: 1
- name: Install Cosign
uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2
# https://github.com/docker/setup-qemu-action
- name: Set up QEMU
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
# https://github.com/docker/setup-buildx-action
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
with:
driver-opts: image=moby/buildkit:master
- name: Login to GitHub Container Registry
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build images
id: build-and-push
env:
GIT_TAG: ${{ github.ref_name }}
uses: docker/bake-action@76f9fa3a758507623da19f6092dc4089a7e61592 # v6.6.0
with:
source: .
files: |
./docker-bake.hcl
targets: default
push: true
provenance: true
sbom: true
- name: Sign the images with GitHub OIDC Token
env:
METADATA: ${{ steps.build-and-push.outputs.metadata }}
run: |
DIGEST=$(echo ${METADATA} | jq -r '.default."containerimage.digest"')
TAGS=$(echo ${METADATA} | jq -r '.default."image.name" | tostring' | tr ',' '\n')
images=""
for tag in ${TAGS}; do
images+="${tag}@${DIGEST} "
done
cosign sign --yes ${images}
verify-images:
name: Verify images
runs-on: ubuntu-latest
needs:
- publish-images
steps:
- name: Run container
run: |
tag="$(sed 's/^v//' <<<"${{ github.ref_name }}")"
image_ref="${REPO}:${tag}"
echo "Pulling ${image_ref} ..."
docker pull "${image_ref}"
echo "Starting container ${image_ref} ..."
docker run --pull "never" -d --name albedo-test "${image_ref}"
sleep 10
docker logs albedo-test
- name: Verify container
run: |
[ $(docker inspect albedo-test --format='{{.State.Running}}') = 'true' ]
0